Slashdot Mirror
NSA Director Wants Legal Right To Snoop On Encrypted Data
jfruh writes: This may not come as a huge shock, but the director of the NSA doesn't believe that you have the right to encrypt your data in a way that the government can't access it. At a cybersecurity policy event, Michael Rogers said that the U.S. should be able to craft a policy that allows the NSA and law enforcement agencies to read encrypted data when they need to.
Go fuck yourself.
That is all.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
they'll be moving to places with more sensible security policies
(no text.)
...did having the legal right matter to the NSA? Or recent governments, for that matter...
--- Pork is not a verb.
Does anyone have some insight of how this might be done? If they could read it, wouldn't that mean that anyone could read it? Are there multiple-key type systems? If there are, is it all thrown out once the master key gets leaked/brute forced with all of Chinas CPUs?
Okay, if we receive the legal right to snoop on the NSA. Fair trade.
The day cybernetic implants become feasible, the US will demand access to your thoughts.
I mean, there are going to be some areas where we’re going to have different perspectives. That doesn’t bother me at all. One of the reasons why, quite frankly, I believe in doing things like this is that when I do that, I say, “Look, there are no restrictions on questions. You can ask me anything.”
Welcome to the new Amerika. Your possessions and money may be seized at any time via civil asset forfeiture, your communications are under constant surveillance, and now they want to make sure absolutely nothing can be kept private.
But, hey, so long as we're having "dialogue" (you'll do what you want anyways) and we have your permission to ask questions then it's all good.
Who really won the cold war?
It's called a subpoena.
What you want is a system that allows it, and if you have a backdoor, they have it too. Snowden's leaks didn't convince me that you were the all powerful octopus, it convinced me that you were the Keystone Cops of the Information Superhighway. I don't distrust you because of your bad intent. I don't trust you because of your incompetence.
just like you had a reason to look at stuff, ya goofballs
if this is supposed to be a new economy, how come they still want my old fashioned money?
Get a warrant and demand the keys. Or brute force it. Same as a locked box. I know the legal system is such a pain in the ass for making you do your God damned jobs the proper way.
I think Director Rogers has a valid point. We need to be able to catch perverts and terrorists. If your encrypted data is not associated with criminal activity, what do you have to worry about? What's wrong with the government being able to sort through everything to catch bad people? Isn't that what they're supposed to do?
Ok, lets assume they are right and the government **should** be allowed to access encrypted data (not that I agree with this).
Its going to be an absolutely impossible for them to implement technically it without significantly increasing the risk an unauthorized 3rd party can.
The non-technical way (give me your password) has constitutional issues.
This falls into two categories.
1.) Lawful investigation (warrant and all). In this case, encryption has been regarded as a 'locked box' they can seize and search your gun safe but they can not ask you to give up the combination. If they get past that, there are other legal hurdles....The Government cannot compel you to incriminate yourself (give up the key) (5th Amendment).....If that doesn't work, who says you can recall the password or didn't lose the key--This could be fun and I don't know the law.....
2.) We will call it "Creative Surveillance". Well, thats a whole can of 4th amendment.
I was just thinking the rest of the world should have the legal right to kick anybody from the NSA in the nuts.
These people are assholes who don't give a crap about civil liberties and human rights.
Mauled by bears would be too good for them.
Lost at C:>. Found at C.
The transcript is such a piece of weasel shit. It is really embarrassing that greasy evasive double-talking conmen like that are given powerful positions in the U.S.
What he "wants", when US-based companies hold data that still can technically be accessed for legitimate foreign intelligence purposes supported by our system of law, is that a legal framework should allow for it. When it can't be, it's up to NSA to determine other mechanisms to access that data.
If you actually care about our system of government, or that of any Western governments, then you would support that, too.
If, on the other hand, you live in a world where simply crying "Encryption!" is some kind of barrier that magically sanctifies the underlying data, and that it then cannot and should not ever be accessed by anyone other than the data owner...well, then I would ask what you think about the German and Japanese codes in WWII?
Oops...now the the fact is that US adversaries no longer are using their own custom software/hardware/encryption/etc. and now share the same technologies that Americans and the rest of the world use does not magically place these technologies off-limits for exploitation or targeting. It would turn modern intelligence gathering -- yes, of even free nations -- on its head.
The law and Constitution (as interpreted and implemented by our system of government) are the constraints -- not specific technological capability. That these constraints are erroneously believed to not be effective, or that the press and public willfully misunderstand the legal landscape alongside the big picture of SIGINT in the digital age, does not mean the constraints don't exist. The level of constraint on our activities, even activities conducted with respect to non-US Persons exclusively outside the US, rises to a level that I can only compare to a bad joke. An even worse joke is when people believe NSA is operating rouge, with virtually no constraints or oversight (at least any meaningful oversight), juxtaposed with the reality we work in every day.
If we're essentially saying that it was only okay for the US and our allies to, for example, break the German or Japanese codes during WWII simply because Americans weren't also using the same codes, and therefore that is the only reason that the government could be "trusted" to not misbehave or abuse its powers, then we have a serious problem on our hands.
So, take your message content and apply that to yourself. Thanks!
The rest of the world don't want products with official US backdoors though. So you'll have a very hard time selling anything US made abroad and you'd have to ban foreign imports that don't comply with your backdoor policy. Probably also all second hand private imports like eBay. And open source. If the NSA didn't cost the US enough money already, it will after that. I remember a time when you had to fight to get non-crippled crypto out of the US, only 40 bits for us schmucks. I guess now you'll have to fight to get non-crippled crypto back in...
Live today, because you never know what tomorrow brings
Didn't you yanks go to war with the British to stop this sort of warrantless invasion of privacy?
Back in the cold war era so many of our American leaders criticized the totalitarianism and lack of human rights in China and the Soviet bloc nations. Now fifty some years later we are gradually becoming just like them.
The Net Neutrality regs will allow this to become reality under the same title that forces telco to allow FBI phone taps
All enemies, foreign and domestic.
If the NSA can legally read my encrypted messages, it won't be long before that's 1) abused and 2) done by [other] criminals. So what's the point of encrypting?
The ending was perfect:
Okay, nice to meet you. Thanks.
“He’s not deformed, he’s just drunk!”
It's hilarious. For a moment I wondered if the transcript is even real. This makes Eliza look sophisticated.
He seems to believe, "I think we can work through this" is an acceptable answer to a simple yes/no question. The guy doesn't even have a coherent answer to one of the most basic and obvious questions he could possibly be asked. I thought Comey did a poor job of explaining his position but this takes it to a whole other level.
it's called due process. Subpoenas, search warrants, etc.
Use the tools you have and don't invade the privacy and rights of everyone.
The same burblings emerged from our Prime Minister a few weeks ago.
From him, it was potentially forgivable as the technically ignorant ramblings of a politican trying to score some election points.
From the Director of the NSA.... he knows exactly what he's asking for. Compulsory key escrow.
They tried this already with Clipper. They were unanimously told where to shove it. Are we really going to have to fight this battle every 20 years?
Maybe he's just acting out all petulant because their biggest hack, stealing the keys from Gemalto, has come to light and they aren't going to be able to pull that one again in a hurry.
That is all.
Comment removed based on user account deletion
I don't know how someone so ignorant got to be so high in the bureaucracy, but there is a mechanism for this. It's called a warrant. One of the reasons we have this system is as a failsafe precisely in case that someone so ignorant does happen to get so high in the bureaucracy.
To decrypt my hard drive. The old saw.
Good to see it is remembered.
Perhaps he hasn't heard all about the one-time-pad?
Tb shpx lbhefrys.
Gung vf nyy.
Fixed that for you.
I am very small, utmostly microscopic.
they haven't given a shit about doing anything legally so far, who cares if this is illegal too?!
...comes ultimate responsibility. And these guys have done /nothing/ if not prove themselves ultimately responsible.
That said, this is all just PR bluster. They've already backdoored all harddrives by infecting the firmware, compromised Cisco and backdoored all switches, they probably have operatives inside MS who've placed impossible-to-find backdoors in all versions of their OS's, they've stolen millions of SIM card K{i} keys, and their monitoring kit can hoover up any data for later processing that has the mildest whiff of interesting to it--automatically.
They "say" they *want* to sniff all encrypted coms... because they already are. Probably.
Who knows, maybe not, but when secretive agencies make a lot of PR noise, you can be certain it's a distraction.
1. "Secret courts". The Foreign Intelligence Surveillance Court is the very court whose sole purpose is protecting the rights of Americans under the law and the Constitution in the context of foreign intelligence collection. Secrecy is required for the conduct of foreign intelligence, even in free societies. That you may disagree with this does not invalidate this fact. That you may see 3-4 pieces of a 1000 piece puzzle and believe you have the full picture does not invalidate this fact.
2. "Spying on everyone". Not sure what you mean, but if you could possibly be referring to metadata collection, that has been affirmed by a Supreme Court ruling that is 35 years old.
And if even the US Supreme Court ultimately renders the phone metadata collection "unconstitutional", it won't mean that it was unconstitutional, or even is unconstitutional at this very moment. The program, to date, is factually lawful and constitutional as the law and existing case law stand -- even including Judge Leon's ruling, which he himself immediately stayed, and was countered by another federal ruling of the same standing.
What an unconstitutional finding would mean is that things aren't the same as they were in 1979: that, with the rise of digital communications and the ability to track not one, or dozens, but hundreds of millions of call records easily, and because large amounts of metadata can often reveal as much private information about a person as communications content, the balance now runs afoul of the reasonableness doctrine of the Fourth Amendment.
And that would be a perfectly valid finding...which does not in the least impugn NSA's purpose or motives. It is not NSA's job to second-guess the law, case law, both houses of Congress, two Presidents from opposite parties, the Attorneys General of said two Presidents, the courts, and the very court established explicitly to protect the rights of Americans under the law and the Constitution in the context of foreign intelligence collection.
It is NSA's job to conduct its missions as aggressively as possible within the law and its resource limitations. My personal prediction is that, because of the nature of modern digital communications, this kind of mass collection of metadata will be found to be unconstitutional. The interesting thing is that people who think it is "clearly" unconstitutional seem to think things are innately or inherently constitutional or unconstitutional, ignoring incredible and fantastic complexities that already exist in interpretations of the Fourth Amendment, to say nothing of the rest of the Constitution and Bill of Rights.
Things aren't magically constitutional or unconstitutional. They are so based on the application and interpretation of the law and the Constitution by the courts, even in the simplest of circumstances. Certainly basic rules applying to things like, say, vehicle or home searches are well-tested and the officials who implement them (e.g., local LEOs) are well-versed in these topics. But when there is a question, it is the courts that decide -- NOT individual peoples' whims, feelings, or opinions.
The current, indisputable fact is that phone call metadata, as a "business record" provided to a third party, does NOT have an expectation of privacy and is NOT covered by the Fourth Amendment. There is no gray area, and that case law, as embodied by Smith v. Maryland, applies just as easily to one phone call, as to 10, as to millions. Certainly in 1979 SCOTUS never imagined that this principle could be applied in a blanket fashion touching any American with a telephone; conversely, SCOTUS probably also never imagined that terrorists would plot devastating domestic attacks using our own communications systems within our own country.
In any event, it seems likely that bulk metadata collection will no longer be allowed, and NSA and the IC will simply figure out ways to do their jobs within the confines that our system of government prescribes. That's fine, and that is the way our system works. B
What are companies supposed to do when security agencies in other countries want the same access, such as FSB (Russia)? DIRNSA tried to pass that one over, but it is a real concern -- look at what Blackberry went through with India, for example. And how many other countries has Blackberry provided access to?
As they say at the NSA..... If you have Nothing to HIDE, then you have nothing to FEAR........ Riiiiiiiiiight.
The whole thing is bullshit.
He is only trying to mask the fact that they already have broken most if not all encryption.
I am very small, utmostly microscopic.
The encryption drive was caused by the NSA and others not obeying due process when they went after information. They used little legal loopholes or just broke the law outright as it suited them. And of course that being known people are going to take steps to protect themselves.
The damage the NSA has done will take a generation to repair and that would be a generation with the NSA not actively doing damage the entire time. Absent that, we're not going back to the way things were... possibly ever.
And that means the NSA should get used to running into encrypted brick walls. They had all the trust. Companies would openly brag that their security had been vetted by the NSA. Now, no one says that because there is always the fear that the NSA saw a flaw and intentionally kept it secret so they could exploit it or worse they might have even injected a backdoor in themselves.
The trust is gone and they have only themselves to blame.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Everything, including the crackdown on encryption, is indeed happening in 2015: http://ytcracker.bandcamp.com/...
Who's Neals? Or rather, how many Neals are there among us?
FUCK YOU!
I am not much of a programmer (I'm learning math), but if they put code in GPG to give themselves keys, and nobody else in the world would fix it, I'd learn C and do it myself.
1000X FUCK OFF
Mod parent up, please.
I had almost no memories of Eliza.
When governments of countries that claim to be free behave like this (here's looking at you America, UK, Canada, Australia and New Zealand) one can expect just as bad behavior if not worse in most other countries. This brazen grab everything mentality is why we can no longer trust any government when it comes to encryption. Control freaks that virtually all completely lost touch with reality and violate all our human right to privacy.
Thus it is up to the public to take back their privacy through technology and government officals everywhere can go fuck themselves.
1. Client side encryption. Any encryption that works off remote server is cannot be trusted. We already know for a fact government's target servers.
2. All software, including OS, should be open source (not to be confused with necessarily free). Running code without knowing what we are running is like saying to government invest me with backdoors.If even one piece of software isn't, rest assured it will be exploited by Peeping Toms at organizations like NSA.
3, Al firmware should be open source. (Hard drives, GPUs, mobo bios, nics, cpu, etc...) See above.
4. All code should be hashchecked before running (including apps and scripts that run in browser) before it is allowed to run (preferably using some P2P- method like bitcoin rather than remote servers that can easily be tampered with). What's the use of any security if code can be tampered with during updates on a whim. Proton mail is hands down most secure email providere but even it can be tampered with because the client side javascript code that decrypts can be tampered with.
5. Entire WWW needs to be encrypted by default. Also there needs to be new method to retrieve data that allows the benefit of a POST (i..e URL doesn''t guve away what you are looking at with the benefit of a get (ability to bookmark).
6. New suite of network protocols that are designed from the ground up for client side encryption (new IMAP, FTP, etc). Every protocol should be a zero-knowledge protocol.
7. Shaming lists. EFF does great work here but even the EFF needs to up its game. Mega corps whose products aren't open source, don't offer code hash checking, and don't offer zero-knowledge should be considered compromised. Period. Any politicians on public record supporting mass surveillance should be be added to lists labeled "human rights violators".
NSA: we currently have to go through the secret fisa rubber stamp factory to read encrypted data. thats cumbersome, you're a criminal and we just need time to build...er...prove...it.
EFF: ok so you can read crypto...thats new...we're going to educate people on crypto...the strong flavor....
NSA: thats probably evidence of a crime...people shouldnt hide things they dont...
Google: we just upped our ssl cyphers...so...up yours.
NSA: guise...come on...just because we can read SOME crypto doesnt mean all of it...we have to tap googles data centerrrrr-
Google: Oh? Nice. Also all our devices ship with crypto enabled. by default. for, you know. security.
Apple: Ditto....and it just works....
NSA:ok...seriously guise you dont understand...this is different. sometimes we listen to everyones phonecalls and, well sometimes there are terrorists that...
Moxie Marlinspike:sshhhhhhh...redphone....from whispersystems...
NSA: arent you locked up in an airport somewhere? er...no. you still dont understand!! damnit we need LEGAL access to snoop on encrypted data now theres just too much...
Tor: hey.
I2P: hey guise i heard you like crypto
cryptocat: M30w
NSA: wait....just hang on we need to get together and talk about this, its just a big misunderstanding this is about security.
DefCON: is it, NSA senpai? you've changed. I heard Schneier-san thinks youre baka.
NSA:ITS NOT ME ITS SNOWDEN! hes the real traitor and that AARON SCHWARTZ is trying to CHELSEA MANNING the FREEDOM!!
The Community : I'll just...leave this here....
Good people go to bed earlier.
So how long before the NSA requests that you shouldn't be able to have a conversation that it cannot access?
I want my communications to be as secure as technically feasible.
If it's a choice between hobbling my security or hobbling the NSA, I pick hobbling the NSA.
I am sorry, but you are not allowed to have those keys for reasons of national security. No I'm not going to explain it, for reasons of national security.
What? I just play his game!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I believe we should craft a policy where Mike Rogers apologizes for his misdeeds and the misdeeds of the NSA in general, and asks, for the sake of humanity, that the NSA be completely and totally destroyed, ideally releasing info that will lead to the destruction of similar agencies around the world (perhaps some conclusive evidence that spies always do more harm than good). Rogers then jumping off a tall building is highly recommended, but I wouldn't consider it mandatory.
This is my signature. There are many like it, but this one is mine.
So âoebackdoorâ is not the context I would use. When I hear the phrase âoebackdoor,â I think, âoewell, this is kind of shady. Why would you want to go in the backdoor?"
In venues I have read or listened to NSA brass speak they come prepared with exotic definitions of plain language and seek to confuse and manipulate perception by invoking nonsense that would give most lawyers a run for their money.
Completely Ignoring underlying topic when you act like a weasel hard to understand how it is you expect to earn any respect or consideration for your cause.
I want a pony, and a solid 99.99% pure rhodium toilet, and a private moon base.
The problem is I won't get those things but the constitution violating NSA Director Michael Rogers stands a reasonable chance of getting what he wants.
Time to offend someone
just like everyone else.
I too want the legal right to snoop on encrypted data.
Any data, actually.
So, can I have it?
It's that simple, isn't it?
Since when did government change from governing FOR the people, to governing OF the people?
Seems to me the likes of the NSA etc have misunderstood their job descriptions ;)
What a mess. Why do ordinary Americans tolerate these people?
The real issue here seems to be defining proper use of said back doors.
Mr. Rogers, you claim that you need to be able to have access to encrypted data when you "need to".
The problem is you seemingly "need to" have 100% full access, 100% of the time, and you want to capture 100% of the traffic.
Sounds like the only real thing you "need" here is to come up with an excuse to allow your legal transgressions to continue.
Sounds like the only thing the People to do in response to that is to remind you that you're breaking the fucking law.
what we the citizens think. All the Snowden revelations and they have the nerve to even suggest such a thing.
I think it's time for the release of some more damning files from the repository of documented evil. If, for no other reason, to show exactly WHY we need strong crypto in this day and age.
( It needs to be in Comic Sans and giant font with lots of pictures though. The majority aren't getting it )
I find it amusing that the Government argues it must do its job in secret to be effective while, at the same time, no one else is allowed access to any sort of privacy or secrecy at all.
When we inevitable lose the battle (the government does have a tendency to get their way in these things), do we get to reap the benefits of a total information society? I mean, will there be a searchable database where I can find out where I left my keys? That link to that awesome video i saw on sometube.com that i can't remember? If i remembered to feed the cat?
I encrypted it with a one-time pad then I added ROT13 just for good measure.
Then I burned the pad.
That will show them!
Bwuhahahahahaha.
--
For the humor-impaired: As long as we have a constitutionally protected right to not divulge our encryption keys, the use of a one-time pad is mathematically unbeatable as long as it is used correctly and the pad does not fall into the wrong hands. Sometimes destroying the pad is the only way to prevent it from falling into the wrong hands.
--
Spooky "I am not a number, I am a free man"-themed captha: resigns
Present me a bona fide warrant issued by a bona fide seated judge and I will assist you in decrypting it.
That's all.
Once a back door exists, all power hungry countries will find the keys.
I don't see how this is feasible given:
1. encryption algorithms are well known, and being improved as time progresses.
2. people have unfettered access to build programs on their systems today - e.g. C, assembly languages; how would you stop people from writing code?
3. how can anyone effectively police this given maker projects (people building their own circuit boards, computers etc) and the sheer size of the problem set?
The only way to do this effectively would be to break computers, networks, and the economy (by suppressing general innovation). That would cost trillions of dollars to automate and police, and would set back progress decades - all to capture a handful of terrorists that could be more cost effectively investigated using more traditional methods.
Stop being lazy NSA - and do your job legally without destroying that you say you want to protect.
I am Bennett Haselton! I am Bennett Haselton!
Decrypt this, asshole! --> G_ F_ck Y__rs_lf
Copyright (c) 1990 - 2014 Dice. All rights reserved. Use of this comment is subject to certain Terms and Conditions.
The NSA says your photo has a hidden message done by Steganography. You say no and they LOCK YOU UP.
This is a guaranteed way to silence &/or stop anyone in society who the government disagrees with.
how exactly, other than brute force, is the NSA going to get access to the data?
BINGO! Only it will be applied to the person encrypting the data, not the data itself.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
hes trying to hide the fact that hes not looking for a technological solution.. hes looking for a lawfull solution that would have strong reprocussions should you not unlock your hardware for the approperiate LEO. its all just a circus act now.. end lesson: encrypt everything, teach others how to encrypt everything, and never give in to these wackjobs.
its also worth noting that so very few of the people in the top places now a days had little to no tech training and i am willing to bet rarely if ever go for retraining.
Give me the legal right to give the NSA director a colonoscopy with a bottle brush and we'll talk.
If they let me do it, they can do me!
Its already been said here but I'll say it again as added insurance that you get the message:
Go fuck yourself.
You will be mandated to run ROT13 on all your email communications twice. That's double security folks!
Left MS Windows for Linux Mint and never looked back!
Vote for Bernie in 2016!
The US constitution is the document that authorizes our form of government. Even a cursory reading of it reveals that it spends a great deal of time restricting government action. Given that this is the case, it must (and of course does) follow that there was a perceived risk deemed significant enough to guide the construction of the document, that risk being the government acting in such a way as to compromise the citizens.
Further, again without much effort, we can see that the restrictions implemented at times actively disadvantage the government. The 4th amendment is a poster child for this; it would, of course, be much more convenient for law enforcement if searching any venue they wanted, any time they wanted, for anything they might happen to find, was ok. But all three are disallowed: Warrants are required, specifying where to search, what to search for, and the prior existence of a reason (probable cause indicative of wrongdoing) for the search.
This is the source of those "self-styled internet tech-libertarians" ideas that the government should not have everything easy, no matter what justifications they might bring to the table today. The document that served (and serves) as the very foundation of this country does not agree with your "you should support" assertion, and it does agree with those "self-styled internet tech-libertarians."
Indirectly related to all this is the pervasiveness of blatent agitprop put forth by the government regarding the risks of terrorism within our borders (slim... getting hit by lightning is much more likely) and the risks operations like ISIS pose to the US (almost none... certainly nothing that justifies paying them any attention at all, much less getting unconstitutionally invasive within our borders.)
Finally, as US law extends exactly zero distance within the borders of, and the communications mechanisms of, other countries, what the NSA and other TLAs do in those venues is pretty much irrelevant, legally speaking, except when it touches upon a US citizen or breaks a treaty to which we are signatory. There's no need to ask for powers out there; there's no significant limit on such activity that we didn't sign up to on our own. There's no premise that provides for search or seizure of anything within the US without a warrant pendant upon probable cause, supported by oath or affirmation.
It's worth examining the role of the oath there as well. At the time, a person's word was the foundation of their reputation. An oath was something given when even the most awful circumstances would not disrupt the giver's honor. Should someone's oath be found wanting, their reputation was destroyed, and likely, permanently. This is the source of requiring an oath before a warrant could be issued: if the assertion of criminality was found to be incorrect, the oath-giver, a person directly responsible in the chain of warrant issuance, was harmed deeply by the utter destruction of anyone's ability to trust them -- and you could be sure the falsely accused would see that it is so.
So we can see that the government's ability to search and seize was not only restricted by procedure, but also by the willingness of a citizen to destroy themselves should the undertaking prove fruitless. The authors of the constitution really didn't want the government searching and seizing "just because it wanted to." You'll also note there are absolutely no exceptions made for constructions like "national security", "public safety", "the children" or "moral decency." The whole and entire premise that any part or parcel of search and seizure of anything within our borders should be at the government's ultimate discretion is utter claptrap made up by, and for the benefit o
I've fallen off your lawn, and I can't get up.
NSA Director Wants Legal Right To Snoop On Encrypted Data
He already believes he has the (legal) right to snoop on your data, encrypted or otherwise. What he wants is the (legally mandated) ability to decrypt your data.
And in other news the government would like to get rid of cash so that they know everything that you buy and that you pay taxes on everything (except things bought on the internet).
A bureaucrat from an intelligence agency thinks we should all stop making their lives difficult. Due process, phhfftthhpptt!! Oversight, who needs that you Communist/Nazi/Terr'ist! Why don't we just surrender all our rights and just trust in the machine of surveillance and the grand czars who run the system?!
There was just an article in the IT press. The state government of Utah says they have seen a huge spike in hacking attacks against them. The state official involved speculated that they were secondary or even innocent targets of hackers who were actually after the NSA data center in that state.
The hackers will go wherever the targets are. If the NSA has a treasure trove of information and the hackers think they are immune to any reprecussions for their activities, then the hackers will go after the treasure trove. That's always the risk. And the risk appears to be materializing (the NSA will say they are sufficiently protected. However let's be real, if a hack was effective against them, do you think they will disclose that to us, the great unwashed public? Of course not.)
As a company man, Michael Rogers is paid not to understand this, or any other aspect of how bad his company ideas are.
Yea fuck you you bitch!
A new generation of the oh-so-much-more-important-than-us spouting yet another refrain of the Tyrant's Plea.
As always, all IMO. Insert "I think" everywhere grammatically possible.
Overkill it may be, but I've been writing my prototype security code to generate new AES256 keys for each session, using the pre-generated keys only to initialize communications and handshake the generated keys. Even I won't know what keys are in use.
The NSA can kiss my ass. So can CSEC, GCHQ, and everyone else who thinks they have a "right" to spy on me.
Approach the service provider with a properly signed warrant in the appropriate jurisdiction of the server if you want access to my data.
I do not fail; I succeed at finding out what does not work.
There's two very different propositions here, and TFS does a good job of confusing them.
First, "should the NSA be allowed to try to crack our encrypted data?" Answer: well yes, knock yourselves out. And that means, if you develop a technique for cracking an encryption that others think is secure - fair play to you, job well done. I don't see any way you can expect the NSA to do anything useful at all, if it's prevented from making that attempt.
But the second question is very different: "should people be allowed to use a form of encryption that the NSA doesn't know how to crack?" And the answer to that is also "Yes, of course." Because any plausible way of preventing that would be at best blatantly intrusive and a huge infringement on our freedoms. At worst, it would be all of the above plus also self-defeating, as it would ensure that the US rapidly fell behind in the international arms' race of encryption technology.
"Free Western nations"
Please could you expand on what you mean by this phrase.
And I suppose leaving their region alone, not bombing their kids with drones, not locking up innocent members of their community in Gitmo for years, and not demonizing them in the media is all out of the question?
The cat is out of the bag and they keep trying to stuff it back in
The NSA also has two roles: to read communications and to protect US communications from the bad guys. If the NSA can read encrypted data, all other intelligence agencies will make it a priority to get the same capability, and the bad guys read our mail. The NSA really needs to take its role of protecting US communications more seriously.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
It's one thing to encrypt your web traffic to prevent malicious persons with access to it from seeing sensitive information. It is quite another to use it to hide criminal activity.
IMHO, it is cause for the government to suspect criminal activity whenever super-strong encryption is used, or whenever encryption is used in uncommon places and in uncommon ways. Normal, law-abiding citizens who don't have anything to hide, don't expend the effort to hide what they are doing. That's a plain and simple fact.
And, in the end, how many innocent people have really been harmed by government snooping? Name one innocent person who was incarcerated as the result of NSA spying. Just one.
My concern is this-
The NSA decrypts all messages to see if they need to read those messages. Those decrypted messages go into a database which, like the cellphone metadata database, is opened to other agencies (the police) to browse. Pretty soon the only messages the police will need a wiretap to gather are those which are easiest to collect.
With regard to:
"AS: No, I think Bruce Schneier and Ed Felton and all of the best public cryptographers in the world would agree that you can’t really build backdoors in crypto. That it’s like drilling a hole in the windshield.
MR: I’ve got a lot of world-class cryptographers at the National Security Agency.
AS: I’ve talked to some of those folks and some of them agree too, but
MR: Oh, we agree that we don’t accept each others’ premise. [laughing]"
Would these be the same world-class cryptographers at the NSA that created the defective: http://en.wikipedia.org/wiki/Skipjack_%28cipher%29 ?
It's a constant function with the government regardless of had badly an organization has done in the past, regardless of the consistent level of incompetence, abuse and unethical behavior they'll always say trust us, we've got it right this time. The sad part of of course is congress, the president and normally the SCOTUS all just rollover and let them do what they want.
And their fruits are rotten and infested with vermin.
/. If the government wants us to respect the law, it should set a better example.
It's like saying, a penguin isn't a bird because it doesn't fly... then, one day, a computer at the N.S.A. becomes smart enough to realize that, yes, indeed, penguins are classified as birds.
So what do *you* think, are penguins birds?
Terrorist group wants to legitimize their snooping activities.
News at 11
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
Not Eliza -- more like PARRY:
PARRY was written in 1972 by psychiatrist Kenneth Colby, then at Stanford University.[1] While ELIZA was a tongue-in-cheek simulation of a Rogerian therapist, PARRY attempted to simulate a paranoid schizophrenic.
/. If the government wants us to respect the law, it should set a better example.
He does realize this doesn't he? If weak encryption or back doors are put into software that mean eventually these will wind up in the software they use too.
Of course they probably just assume they will roll their own encryption software; well guess what the bad guys will do, steal it and use it!
You want the best security you can have to keep everyone safe, and if that means that you have to do some more leg work to prove criminal activity then so be it. Given the nature of electronic data (which can easily be faked) this information shouldn't be the basis of any criminal investigation anyway.
a country where something like this can even be seriously proposed, or one where terrorism sometimes occurs because it isn't?
The devil in the details, of course, is the definition of terrorism: in this case, you probably don't agree with it, and it's classified anyway. Are we better off with the occasional hijacking or bombing in exchange for freedom from government spying? We have to decide soon. Wait too long and the choice goes away. Apathetic majorities unleash hell on the rest of us.
Did you know anyone can create their own very strong cipher by constructing it with established crypto primitives? Contrary to popular belief "don't roll your own" is NOT good advice. That creates what we real security researchers call a "single point of failure", due to everyone using the same crypto suites.
in this CBC system we use SHA-1 and HMAC to create key expansion with key stretching. Then a random initialization vector is perpended as the first block, and the block is hashed with the SHA-1 then XORed with the next plaintext block. The IV + plaintext block is fed into a SHA-1 hash which then XORs the second block of plaintext. The third block is XORed with the hash( IV + plain1, plain2 ). The fourth block is XORed with the hash( IV + plain1 + plain2 + plain3 ), etc. Though the public version is SHA-1 (which is still fine for this, don't buy the FUD), I can drop in a SHA256, SHA3, or any hashing function to "upgrade" the cipher. The internal hash state is cloned before performing the digest for each block so it can continue to add plaintext and thus runs in O( n ) time not O( n! ) as it seems.
Decryption requires that each prior block's input not be modified. The deciphered block is fed into the hash and its digest decrypts the next block. Thus, turning any "1-way" hash into a 2 way stream cipher, and even if you encrypt the same message with the same key, you never get the same output due to the random init vector (browsers have crap random number generator, so user input & timing is hashed to supply the randomness). A full SHA-1 hash round per block is stronger than most stream ciphers provide today, and still runs very quickly. This also avoids chosen plaintext attacks.
This is a simple form of keyed "authenticated encryption", which is the new hotness in crypto ciphers. Such homebrewed systems were developed over a decade before the mainstream crypto community was even working on such things (the original version used MD5 in 1992). You can construct crypto from any pseudo random number generator, the stronger the better. This is made all the more difficult to crack since there's no dedicated hardware or software created to crack it -- Just being a new configuration means it requires more manpower to develop the cracking tools. Imagine not knowing what cipher it is as being part of the bit-strength of the cipher. Everyone who needs strong crypto should just roll their own, and let the powers that be spin their wheels trying to break crypto with the wrong tools.
Dasvidaniya NSA SJWs.
you don't get the "right" to win at the game you want to play, sorry. It's life, liberty and the PURSUIT of happiness, there are no guarantees. If the other guy is better at encrypting than you are at decrypting, you don't get to change the rules.
Grow a spine, Michael Rogers.
NSA = Nasty Sneaky Americans
I thought the NSA's charter was to spy on our enemies and that they were forbidden by law from spying on US citizens (they pay the Brits to do that for them). Now how are we going to convince Iran, China and other evil governments that they MUST use GovBackDoor.exe for all their encryption needs? OTOH is not the NSA also chartered to secure our data/systems to prevent our enemies from accessing them? Now if they weaken these systems so the Brits can continue spying on US citizens for them, how do they justify when these backdoors get exploited by Iran, China, USSR, ISIS, and all other actual enemies.
Sounds like the NSA is guilty of committing TREASON to me and should be dealt with appropriately through the courts.
http://www.washingtonsblog.com/2014/03/nsa-recorded-every-single-call-one-country-country-america.html
http://www.pbs.org/newshour/bb/government_programs-july-dec13-whistleblowers_08-01/
NSA collects everything, every word. They might not bee able to lisstento it all, but it sis all sstored so analyssts can go bbbacck maybe 30 dayss.
That's whey the Utah Bata Center is sooooo big ! To store everything.
They can read my encrypted stuff anytime they want... all they have to do is get a warrant, serve the warrant on me, and then ask me for the key, and if I don't give it to them then they can try to decrypt it on their own. The law allows them to do all that already... the key part of that is, of course, that they need a warrant based "upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
If not, you can google it. Suffice to say, a message thus encrypted cannot be deciphered. Not even by NSA.
Seriously, this has been tackled and answered. People just don't want to believe it, and of course the same powers pulling the strings own all of the media "average" people consume. Carol Quigley's "Tragedy and Hope" is a comprehensive book covering the whole thing. Nobody wants to read the 1300 pages, because it's hard and quite frankly scary to contemplate. Gary Allen's book was a severely limited rehash of details found in "Tragedy and Hope" attempting to wake people up to what is really happening. He used more recent examples than Carol's stint within the group could use. Mark Dice also have a couple books detailing the same people doing the same things, he also references "Tragedy and Hope" frequently.
The circus show has thus far paid off. Brain washing people to believe "Conspiracy" is an impossible thing that only idiots believe has been well done. Even though people watched a conspiracy unfold on the top rated reality TV show called Survivor on a weekly basis, they can't fathom that a few people that own the majority of the worlds wealth could actually conspire to get more and fuck over.. well, just about everyone except themselves.
There are a couple of distinct issues to overcome. First is to convince people "It can happen here and now", just like tyrannical horrors have occurred throughout history. Nobody wants to believe it, and the bought and paid for media simply keeps pushing this narrative. Second, is to challenge people to stop being scared and take action. The latter is going to be much easier than the former, but it's dependent.
Other people have also tried to warn the public, even two former Presidents who were not members of the "club".
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Well everyone has the right to snoop on encrypted communication.......If they CAN.
Don't come crying to the intelligence agencies for help when terrorists shoot up innocent people. Self righteous Europeans blasted intelligence until ISIS attacked then they changed their tune. Go ahead and down vote my post. It won't change the fact that you all will be begging for help from the spooks when ISIS hits your state and country.
You do realize the U.S. Constitution only applies to US citizens and individuals from other counties when they are in the United States?
A country that breaks it's own laws now wants legal methods for their illegal activities even when it doesn't have to answer to any courts in the first place.
So does Micheal Rogers want to have sex with my wife as well?
Care to explain how "a legal framework for data access of entities that operate within and under a US legal construct" (aside from, you know, warrants and subpoenas and so forth) is possible for encrypted data *without* weakening the cryptosystem in a manner "antithetical to the security interests of the United States, our people, our military, our intelligence community, and anyone else who requires secure communications in any form"?
You talk a lot, but you aren't actually offering any solutions. You're just cheering for team World Gestapo. If you want anybody to take anything you say seriously, start offering solutions. The fact that crypto beats the NSA is a feature (a vital one), not a bug. If you want to argue otherwise, try coming up with the following:
1) A method / reason we should believe it won't be used to cripple our information security.
2) A reason we should believe other nations won't obtain and use the same access against us.
3) An actual problem that would be solved by going through all this rigmarole, that existing laws and government powers don't provide.
4) A reason to believe this wouldn't be abused and cause greater harm than good.
The standard of evidence I require for #4, but the way, is to make this more important than freeing the innocents held in Guantanamo Bay and punishing the uniformed abominations who tortured them.
There. I've told you what it would take to change my mind. Care to do the same?
There's no place I could be, since I've found Serenity...
Logicacal consequence of right to snoop on all data is that either memorising becomes illegal or the right to remain silent must be withdrawn...
... imagine being responsible for the security our country. Imagine trying to avoid or to solve a terrible crime only to find out that a key piece of evidence is unavailable due to string crypto. I understand the dilemma, intelligence and law enforcement agencies are facing. It's simply not good enough to say - well, they suck. I am doing IT security for a long time. I am protecting the digital assets of my clients in a way, that nobody will be able to intercept or to eavesdrop on them. So I guess I know what I am talking about. We are on a slippery slope. We expect our government to prosecute criminals but at the same time we're promoting encryption and complain about the governments attempts to break it. In order to understand the situation - consider the extremes: Everything is encrypted and law enforcement is unable to access any communications or data storage. Would the world be a better and safer place? Only if you are daydreaming. So how will it play out? How will we find a way to keep the public need for law enforcement in sync with personal liberties ? Politicians may try to outlaw encryption or demand back doors. But that won't work, because good crypto is undetectable and can be hidden pretty much anywhere. Usually it all boils down to personal responsibility and accountability. I am a big fan of "I do stuff and I will be responsible for the consequences" . In other words: If you do (or provide) crypto, you will have to surrender the keys if ordered (by a court of law) to do so. This of course might interfere with the constitutional protection of 'self incrimination'. Lawyers will have to figure this one out. One thing is for sure: We want a government that is able to prosecute offenders. In order to do so, law enforcement might need access to encrypted data. If we don't want broken crypto or back doors, we will have to accept responsibility for the data we encrypt. If the government finds it. But that is another story.
For what it's worth, how are they going to
unecrypt it if they
can't tell it's encrypted.
know what I mean.
You have all kinds
of options to
use a variety of methods.
Now you don't need a decoder ring to
See the message here.
Although this one is obvious, you get my meaning.
Yeah, they would not surveil Congress staff working for the Intelligence Oversight Committee, because you know, that's totally beyond the scope of what they do...
Rights were not granted by the Constitution. They were recognized. They pre-existed. People don't have those rights because they are Americans. They have those rights because they are human beings. If the government chooses not to recognize those rights then that is a choice, but it does not alter the fact that those rights exist. Otherwise, it would be impossible for a government to be guilty of rights violations.
We did have a whistleblower Snowden but did his dump of information really change anything? sadly no. This is a clear ACT OF TREASON against us "The People" of the United States. My papers are suppose to be secure and only subject to be searched WITH A PROPER WARRENT!.
Yet are the Congresscritters doing anything? No. Personally I think the NSA, CIA, FBI have stink on the members of Congress to where they can't do or saying anything without their own dirty laundry being exposed. Look what happed to Gen. Patarus (miss spelled). He talks a bit and bang his emails to his girlfriend are leaked.
Until the NSA is totally scrapped which I don't see happening we are fucked.
Note that Yahoo's CSIO is talking with him yet Yahoo's network IS WIRETAPPED!. I know I watch the NSA install the harvesting nodes in the data center where Yahoo's servers are in Atlanta. Even got photos of the boxes. No not a "direct" tap but just on the other side of the Data Center's border router sits the harvesting node. Actully two of them. You need reduncey. So not a direct tap but one hop up there it is stripping the SSL down to clear text and pumping to the NSA listening post down the road. They installed this in 2006.
Oh the words spoken between us that day.
These are the only terrorist I live in fear of all headquartered in DC.
Yet will anyone get off their ass and do something about this? Sadly I think not. Sadly I see my Grandchildren being slaves to the State.
THIS IS FUCKING TREASON!!!
No nation worthy of loyalty or respect does this to its citizens. The purpose is not to protect us - it's to protect the 'State'. These domestic spies (NSA, FBI, CIA, and all of the local Stats Polizei) and the politicians we, the 'Stupid', elect, are only interested in controlling an increasingly 'restless' and angry public. And in a nation like this one, with perhaps a hundred million armed civilians, they have every reason to feel insecure! If our Constitution is the law of the land, and truly represents the moral underpinnings of the United States, then these agents of the 'State' should be hung as traitors to the Republic.
This is all fine and dandy. Make sure US companies encryption products have an extra front door. This can probably even be made reasonably secure by use of a gov' public key to add an extra header to all encrypted data from said products.
But how exactly are you going to make Open Source products comply with these regulations. All it will do internationally is make US encryption products unpalatable to anyone who guards their privacy weather they be criminal or not. Perhaps via international treaty, the US could like it has with copyright, force nations to criminalize large portions of their populace.
You know, I say go ahead, we all know where this ends and the vox-populi is not something Mr Director you would want to be lined up against the wall to answer.
"When government fears the people, there is liberty. When the people fear the government, there is tyranny." - Thomas Jefferson
It isn't an efficient law or action. E.g., it is illegal to rob convenience stores - but does that stop convenience stores from being robbed? Keeping that indisputable fact in mind, who would expect criminals - let alone terrorists - to comply with laws or regulations on the encryption algorithms and methods "permitted" for use? As another example, it is also illegal to 'jack airliners - and has been since well before 9/11.
IMHO, the NSA would be better off (from the perspective of accomplishing their mission) investing the time, money, and resources into developing ever better decryption methods and into the ability to detect the use of encryption techniques - be they known or new to the NSA - in the flood of traffic that is "the 'Net", thus weeding out what needs further analysis from the chaff.
(By the way: Would I care if the 'Net was reconfigured to completely block those nations and states that repetitiously source/harbor/fund crackerz and terrorists? Nope.)
Orwell: "In a Time of Universal Deceit, telling the Truth is a Revolutionary Act"