U.S. Gov't Grapples With Clash Between Privacy, Security

schwit1 writes: WaPo: "For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee U.S. government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?"

NSA director Adm. Michael S. Rogers wants to require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it. But progress is nonexistent:

"The odds of passing a new law appear slim, given a divided Congress and the increased attention to privacy in the aftermath of leaks by former NSA contractor Edward Snowden. There are bills pending to ban government back doors into communications devices. So far, there is no legislation proposed by the government or lawmakers to require Internet and tech firms to make their services and devices wiretap-ready."

Why shouldn't we trust them? They sound legit!

NSA director Adm. Michael S. Rogers wants to require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it. But progress is nonexistent:

Sure. I totally believe that you're going to do that. I mean, it's not like you scum have a history of blatantly lying to the American people and doing the complete opposite of what you say you will, right?

How about no. Just fuck off and stop invading my privacy. You have absolutely no right there, whether you split that responsibility with other criminal--I mean, government-- organizations or not (not that I believe you'd even do that much).

Perspective

[laing]

When considering whether or not it should be okay for the US government to have backdoor access to any device, one should also consider whether other governments should also have that same access. The answer shouldn't depend upon which government you support.

One should also remember that government employees with privileged access are people, and people can misuse the access they have.

We should recognize that the Fourth Amendment of the US Constitution was created to prevent this exact scenario. Law abiding people encrypt sensitive information to protect it from misuse by criminals, but the information can be misused by ANYONE with access.

Dividing a backdoor key between multiple parties simply creates a requirement that all parties agree to access the information before it can be accessed. It doesn't guarantee that the access will be lawful.

Re:Perspective

[MobSwatter]

You can't install a back door to anything without weakening the security for the less than lawful crowd, when taken into context it would appear that the entire surveillance thing is not only unconstitutional, unconstitutional is also unlawful beyond not being that smart. It also concludes that not only the NSA and the elite are above the law, but every other law enforcement agency is going make a play for it because the NSA got away with it. Now take all that and add the element of organized crime that we know has invaded every aspect of government and society today including national security, watch entire country fall down. Sometimes a new feature can be more of a bug.

Keeping Secrets

[Dutch+Gun]

So... what makes the NSA think that anyone could actually keep these ultimate "keys to the kingdom" secret? I mean, just about everything else of theirs that was secret has leaked out thanks to a single contractor. Can you imagine how valuable these keys are, and how much money could be made by selling them? Hell, the US couldn't even keep our nuclear weapon plans under wraps.

And what's awesome about this scheme is that once the secret is out, every single smartphone in the US is compromised all at once. Whee!

Re:Keeping Secrets

[Jaime2]

It goes further... their scheme requires that the people holding the parts of the key work together regularly whenever access is needed. This is likely to be thousands of times every year. There's no way to keep a secret that needs to be accessed so often by so many. Enigma was broken due to poor operational security, not poor technology. Venona broke one-time pads due to poor OpSec. An encryption scheme used by all authorities wanting decrypts of cell phones would involve tens of thousands of people and would be impossible to carry out without making egregious operational errors. Add to that the fact that none of those who hold the keys have much to lose when they screw up. War time operatives know their way of life depends on them not screwing up. The local FBI office only cares about decrypting the phone, if they screw up, it doesn't hurt them, but it hurts me.

Dear NSA

[Opportunist]

No matter how many US agencies you distribute the key over, one thing is absolute certain: If you require US companies to make any and all contents on mobile devices available to US government (and, considering who owns it, US corporations), absolutely NO non-US company could sensibly buy anything anymore from a US tech company.

Hell, the chance to not be spied on would be bigger if you bought Chinese crap!

Quite seriously, why should anyone trust a country that has a worse record when it comes to industrial spying than China?

Naw

[Dunbal]

There's no clash. The law is perfectly clear on that subject. Only the government is choosing to ignore it.

Re:Break the key apart?

[PopeRatzo]

There's no such thing as a secret law in the USA... it's either in Lexis or it never existed.

There's not supposed to be, but there are. Every time a secret court like FISA makes a secret decision, new secret law is created on the fly. Secret precedent.

And by the way, there's also supposed to be no such thing as anonymous local police in the USA, but they take off their ID and pull balaclavas over their faces at the sight of three black people walking down the street with a protest sign.

There are a lot of things in the USA that are not supposed to exist. Secret laws, secret courts, secret trade agreements. Secret police. Secret police blacksites. Secret "crowd control" weapons for the secret police to use domestically. Torture. Rendition. Off-shore prisons. Extrajudicial assassination.

And secret donors, of course. That's what it's all for. There was a secret coup in the US decades ago, and we were collateral damage.

The FBI isn't the only law enforcement agency

[ZeroWaiteState]

If a backdoor key exists, then the company that created it must by law give it to any lawful government authority that requests it. For example, if a company does business in Saudi Arabia, and a backdoor key exists, they may be compelled under Saudi law to give that key to the Saudi's. If a company does business in Russia, they may be compelled by the Russian government to give them the key. That's the nature of a backdoor. You can't just give it to only one entity. And let's not forget about Gemalto. They have cellphone encryption keys for the SIM cards they produced, which were held on their servers so that law enforcement agencies could obtain backdoor access to cellular communications via the legal process. However, the NSA broke into their servers and stole all of their secret keys, and then used them to mass decrypt cellular traffic. That's a real example of key escrow in action, and it completely failed to protect anyone.

Re:What's the acceptable limit?

[Jane+Q.+Public]

I wouldn't doubt thaht the NSA has broken iPhone's encryption.

This proposal by NSA mirrors the Clipper Chip/Skipjack + Key Escrow system proposed back in the early 90s. People didn't trust the government with their keys THEN... why the hell should they do so NOW, given that government intrusion into our lives has only increased in the interim?

Unlike the 90s, by now they have proved they can't be trusted.