The NSA Wants Tech Companies To Give It "Front Door" Access To Encrypted Data

An anonymous reader writes The National Security Agency is embroiled in a battle with tech companies over access to encrypted data that would allow it to spy (more easily) on millions of Americans and international citizens. Last month, companies like Google, Microsoft, and Apple urged the Obama administration to put an end to the NSA's bulk collection of metadata. "National Security Agency officials are considering a range of options to ensure their surveillance efforts aren't stymied by the growing use of encryption, particularly in smartphones. Key among the solutions, according to The Washington Post, might be a requirement that technology companies create a digital key that can open any locked device to obtain text messages or other content, but divide the key into pieces so no one group could use it without the cooperation of other parties."

First for Systemd!!!

Fuck the NSA!!

Re:First for Systemd!!!

That's the wrong attitude to take. The attitude you SHOULD take is to become one of the data controllers holding part of the key...which you simply delete.

Problem fucking solved.

Re:First for Systemd!!!

[MobSwatter]

Hell, I gave up unencrypted evidence that was left on my pc for 10 years by my ex wife about a person that works in "Blood Money" before the pricks killed my father, and they did fuckall about it. They want access only to justify a budget, period, they don't really give a fuck about anything else.

Right up until...

A government body gets the whole key and then has it stolen from them and we're all left with our trousers down in a changing room made of glass.

No. If there is an EASY way to decrypt information, then that data is NOT SAFE and the encryption is useless.

Re:Right up until...

A government body gets the whole key and then has it stolen from them and we're all left with our trousers down in a changing room made of glass.

No. If there is an EASY way to decrypt information, then that data is NOT SAFE and the encryption is useless.

Yep. In the meantime, one of the few advantages US companies have - software and web services - will be made completely worthless. If I am a bank, healthcare company, or whatever (it really doesn't matter) , I demand my data be secure. An NSA back door, front door, trap door, barn door means that there is a built-in insecurity.

Right now, I do not think any American made software is secure enough for my business. We have achieved a state where business and government concerns are in direct conflict.

I think a lot of it has to do with this Big Data fad. They seem to think that the more data they have, the more computing power they have, and the less security we have allows them to "get their guy". We have an out of control security bureaucracy.

But as the US slips more and more into a police state (I was just ordered last week to hand over my license at a road block - they were stopping everyone. Papers please! actually it was "hand it over, now!), I just have to wonder with our freedoms and privacy being eroded everyday, just what does the US stand for anymore?

Re:Right up until...

[AmiMoJo]

Even if it were somehow perfect, the NSA has proven itself to be untrustworthy. It apparently can't even police its own staff to stop them spying on their girlfriends and wives, let along stop them walking off with huge archives of information. If Snowden could do it then I think it's reasonable to strongly suspect that the Chinese, the French and anyone else interested in that stuff has infiltrated them too.

Re:Right up until...

[Wootery]

Apparently the Supreme Court decided that that would be unconstitutional, but it's Just Too Important(TM) so it's fine.

Re:Right up until...

You can bet that if Snowden could get access then there are hundreds of NSA employees and contractors that are trading on this information. No domestic or foreign corporation or state wants the NSA to have unfettered access to their data like this, because such access will be and is being abused.

Put it this way, say you are trying to get a contract where General Electric is a competitor. And someone in the NSA is tapping all of your salesmen's communications and documents and passing them to the GE's sales team....

Re:Right up until...

[Endymion]

Well said.

I find it unlikely that the NSA doesn't know how this will affect the US software/tech industry. Which means they are deliberatly trying to undermine an entire sector of the US economy. I call this treason. Many of these traitors took an oath to defend the constitution, yet they publicly announce how their desire to do the exact opposite.

I know some of you are thinking that this is a crazy idea, because the US definition of trason is a difficult standard to meet due to the requirement to show that the traitor is "making war" against the countyr. Well, what else do you call the deliberate undermining of the most profitalbe sector in our economy? Modern weapons of war include a wide variety of tools, not just rifles and tanks. More importantly, this is exactly the kind of type of methods the CIA has used to "destabalize" other countries.

Re:Right up until...

[MobSwatter]

You know the US did fair pretty well against the USSR on the cold war, but somehow failed to recognized the one with Italy that started after WWII, that one we've obviously lost.

Re:Right up until...

[ruir]

Microsoft was born due to Bills family being influential in washington, and has been in bed with the establishment ever since. In the past we also had strong hints they had a NSA backdoor. Cisco is also known to have backdoors. The industry has been undermining itself quite alone. Foreign people who use American software for industrial or political purposes are morons.

Re: Right up until...

US will just lose a say in standards adoption and tech in general as countries outside the U.S. Decide they don't want NSA messing with their data. US forced to comply or go under.

Of course since unlimited lobbying is equal to free speech, congress may just decide to side with tech companies rather than lose US role in tech and standards.

Re:Right up until...

We are truly living in Soviet Russia where there was a constitution and "rights" but of course they didn't mean shit because "protecting" the people was of course more "important."

Re:Right up until...

But they're not protecting the people any more.

They are now protecting the state. They have been for many years, they just tell you they're protecting the people.

That was what the Soviet government was doing, too.

Re:Right up until...

[davester666]

It's an emergency, because we are being overrun by terrorists and child molesters.

That makes it ok.

Re:Right up until...

Indeed. They are making war on the citizens of their own country. Each one of them swore an oath to support and defend the constitution of the United States against enemies foreign and domestic. They are all oath breakers.

Re: Right up until...

[Jason+Levine]

A government body gets the whole key and then has it stolen from them and we're all left with our trousers down in a changing room made of glass.

Or a hacker finds a way to break in without the "keys."

It doesn't matter how many "pieces" you split the key up into if someone can just busy down the door and take whatever they want. Adding a back door to an encryption product is just asking for someone to break that back door down.

Re:Right up until...

You can bet that if Snowden could get access then there are hundreds of NSA employees and contractors that are trading on this information.

Just imagine the percentage of the population that are willing to use any information to their direct advantage. Add the percentage that would be willing to sell that information to someone else. Now multiply that by one hundred per NSA whistleblower and you get a pretty good idea on the number of people out there.

Re:Right up until...

That is exactly what the NSA seems to have been doing for a long time. If there is an American company involved in some tender somewhere, they try to intercept as much of the internal communication of the competitors as they can.

Re:Right up until...

Not to mention: 6.7 BILLION PEOPLE DO NOT LIVE IN THE U.S.

I do not wish to be subject to NSA spying on my gear, because I don't LIVE in the U.S.
All they are doing is essentially making offshore (i.e. the other 95% of the world) encryption companies/interests laugh their heads off plus encouraging people to use TOR and so on for EVERYTHING...

Sorry America: I do not subscribe to your version of your right of protection "against unreasonable searches and seizures" in your Fourth Amendment of your Constitution being violated at every turn and using your economic muscle to force anyone selling things into your country to have vulnerabilities so you can poke about into my privacy.
I live in a country which does NOT allow you to poke into my business without due cause.
We also don't allow guns, but that's a different Amendment...

If all those NRA guys were as keen on the Fourth Amendment as the Second - the NSA would have been dragged away at gunpoint by millions of screaming Americans perfectly willing to buy guns which kill friends and family almost without exception (6 out of 7 U.S. gun deaths are caused by acquaintances - not strangers)...

Wonder how many Americans have every word, byte and telephone conversation filed away by the NSA... and how many around the world as they own crackable hardware which also happens to be sold in America and now is vulnerable any time the NSA fancies.

Re:Right up until...

Papers please! actually it was "hand it over, now!)

Da. Capitalist pigs laugh at Motherland, but in Motherland, Comrade Commissar is polite.

Comrade Commissar still has battalion of men with bears and guns to send you to Siberia, but Comrade Commissar is not being rude about it.

Re:Right up until...

Hint: Read Article III, Section 3. Treason is defined as making war or by aiding and abetting actual enemies (oh, say ISIS, the Muslim Brotherhood, etc...) in any form. That bar's quite a bit lower than most people realize after all.

Re:Right up until...

You should be VERY WARY of calling threats to corporate profits for TREASON.

'just sayin'

Re:Right up until...

[Holi]

"I do not wish to be subject to NSA spying on my gear, because I don't LIVE in the U.S." HAHAHA, I am sorry, but while the NSA routinely ignores it, it is illegal for the NSA to spy on citizens. Unfortunately for you, the whole reason they exist is to listen to the 6.7 Billion people who don't live here.

Re:Right up until...

[chihowa]

Wow, I just looked into that some more and it's pretty horrifying. The ruling was more than it being "Just Too Important(TM)", it was that it is too important to the State. That line of reasoning allows for just about any unconstitutional law to be upheld. Even the dissenting decisions were more concerned with the effectiveness of the checkpoints and considered the violation of the Fourth Amendment that they represent an accepted and foregone conclusion.

The majority opinion from Rehnquist: "In sum, the balance of the State's interest in preventing drunken driving, the extent to which this system can reasonably be said to advance that interest, and the degree of intrusion upon individual motorists who are briefly stopped, weighs in favor of the state program. We therefore hold that it is consistent with the Fourth Amendment."

Re:Right up until...

[g0bshiTe]

Yet we keep electing them.

Re:Right up until...

[edtice1559]

It's important to all of the sober roadway users too. A balancing test is about the only reasonable way to resolve things when two different principles are in conflict. It's a violation of my privacy to have to walk through a metal detector when going to a courthouse. It's also a violation of my rights if I can't get a day in court because judges are assassinated so often. Therefore, the courts look to balance the interests in a way that produces an optimal outcome. They don't always get it perfect but the line of thinking is always reasonable. Random inspections of vehicle safety and driver sobriety are a reasonable way to ensure that we can use the roadways safely which is in everybody's interest.

Re:Right up until...

[WindBourne]

terrorists? Spies? Foreign gov. interventions? Yes, that is what the NSA and the intel world is concerned with.
Child Molesters? Nope. NSA does not do civilian issues.

However, there are ppl that want to kill the NSA, and turn over this kind of technology to FBI.
THAT IS WHAT YOU SHOULD FEAR. If the FBI, or groups like DEA, WHO HAVE REAL POWER, should get this kind of power, then you should fear.
And what is needed with this, is to not allow congress to ever again remove the oversight, like the GOP did in 2005.

Re: Right up until...

[WindBourne]

Had I not replied elsewhere, I would have modded you up. NSA getting this tech is NOT about taking our citizen's rights. However, the more that they push to have open access to ENCRYPTED DATA, the more that America will see destruction of our real strength; economic.

Do note that China already said that all businesses must give access to encrypted data. Russia has always insisted on it. And France is saying that they want access to encrypted data (they, like ALL GOVs., access public comm). Shortly, all of the western govs. will be insisting on access to ENCRYPTED data.

Re:Right up until...

A government body gets the whole key and then has it stolen from them and we're all left with our trousers down in a changing room made of glass.

No. If there is an EASY way to decrypt information, then that data is NOT SAFE and the encryption is useless.

The best thing the NSA could do for national security would be to stop trying to get all the data there is (especially in the US) and focus instead on making our nation's communications infrastructure more secure and promote policies so that corporations are less likely to sell data about us to foreign adversaries or their corporate proxies.

Target our adversaries and stop trying to collect all the data that is generated in the US just so you can sort it out later and impress folks with how much you can find out. The mass data collection in the US is especially dangerous. An adversary might have trouble collecting all this data in the US without drawing notice, so serving it up to them buffet style at the NSA itself is a terrible idea. Those big repositories of data are a honey pot and the keys to the kingdom for all our adversaries and to expect that counter-intelligence can keep them forever or even consistently safe is tragically and dangerously naive. Massive counter-intelligence failures are regular and predictable. All the more so when so much vulnerability is put in one place.

Re:Right up until...

Hint: Read Article III, Section 3. Treason is defined as making war or by aiding and abetting actual enemies (oh, say ISIS, the Muslim Brotherhood, etc...) in any form. That bar's quite a bit lower than most people realize after all.

The Government of the United States of America has a long and sordid history of aiding and abetting terrorists, warlords, dictators, and assorted other malevolent state and non-state actors. By defintion the Government of the United States of America has actively engaged in treason and should be arrested and charged with treachery, sedition, and violation of the Constitution of the United States of America. Arrest President Obama and let the process begin as the prosecutors work backwards through history. By the way, Attorney General Eric Holder violated the Constitution and he is/was the chief law enforcement officer in the country.

Re:Right up until...

Would mod parent up to 11 if I could, instead I'll post this Spinal Tap-ish compliment. Because that is the issue in a nutshell ... aside from general abuse of powers that is always a potential (that, of course includes commercial entities as well as government).

Re:Right up until...

[StikyPad]

I would argue two points.

1) "Random inspections of vehicle safety and driver sobriety are a reasonable way to ensure that we can use the roadways safely"

Do we have actual evidence of a decline in drunk driving through the use of checkpoints, or is it just accepted because it sounds effective? If they're not effective, then the whole argument is moot.
http://www.thecrimereport.org/...
https://en.wikipedia.org/wiki/...

2) Balancing tests are only appropriate when there are no other options, such as in the courthouse example you cite. Either there are checkpoints at courthouse entrances OR courthouses are insecure. There is no such mutual exclusivity with DUI checkpoints.

Re:Right up until...

[davester666]

Where have you been?

The NSA has already been passing information to the FBI, which has been prosecuting those people [hey, it's ok if we use parallel construction, along with a dash of lying]. It won't be a big surprise if the next Patriot Act extension makes this legal.

And congress still has oversight of all these agencies. They choose to continue to permit them to do it.

Re: Right up until...

[bigodfw]

Yeah that's all nice and logical but if all they wanted to check was sobriety they wouldn't check for a multitude of other things to increase their chances of creating revenue

Re:Right up until...

[Wootery]

I don't recall the Fourth Amendment mentioning an exception for unless you really want to.

Re:Right up until...

Even the dissenting decisions were more concerned with the effectiveness of the checkpoints and considered the violation of the Fourth Amendment that they represent an accepted and foregone conclusion.

It's important to realize that nobody gets selected to the Supreme Court (or other high judicial office) that's actually interested in upholding the Bill of Rights.

Pretending to uphold it, yes. Actually upholding it, in it's entirety, not a chance.

The key insight here is to realize that one of the most fundamental rights that are certainly "retained by the people" (9th Amendment) and "reserved to the people" (10th Amendment) is the right to ethical practice of law. This right applies not just to legal professionals as individuals, but to the legal profession as a class or group in society. Even the appearance of conflict of interest must be avoided when it is reasonably possible to do so.

This right invalidates large portions of the current practice of law in the USA (and not just at the federal level). This point will be apparent to any person with a functioning brain and an open mind that studies the legal system. It has been discussed many times in prior Slashdot discussions, for those that haven't studied the legal system, in the context of discussions on patent law, copyright law, trademark law, contract law, property law, tax law and many other topics.

The legal profession therefore insures that nobody gets selected for high office that will rock the boat. They can do this because a) most legislators and many executives are legal professionals (as are a significant fraction of their staff members), and b) the legal profession is an enormously powerful, wealthy, and active lobby. Both parties thus have a vested interest in ensuring that nobody causes problems, so powerful it unites them on this issue despite their differences in other respects.

Note that this is not a conspiracy, rather it is the consequence of amoral individuals recognizing their own interests (and not concerning themselves with the price society pays). Nobody with a functioning brain makes it very far into law school or the practice of law without figuring out how the game is played.

To indicate their willingness to occupy high positions without rocking the boat, judges make decisions (both in and out of court) early in their career that communicate their willingness to preserve the status quo. Once they have done this, of course, they have no option but to continue to do so, since by violating their oaths they have disqualified themselves from holding any future position of public trust or responsibility. This means that once bought, they stay bought.

To give an example, one way in which judges communicate that they know how to play the game is by coming up with rules for their court that require one to have a lawyer approved by the court before one can appear before that court. This, of course, is blatantly unethical, since legal professionals are in a position of ethical conflict of interest with respect to creating artificial demand for the services of legal professionals. It's also problematic from a Bill of Rights perspective, since the 9th Amendment provides for the assertion of unspecified rights "retained by the people" (the 10th Amendment does something similar, in providing for unspecified rights "reserved to the people"). By definition, rights retained by the people can not be taken away by any entity or group, including the legal profession. But here we have a situation where one must have a lawyer (and not just any lawyer) to represent one before certain courts, and thus the legal profession effectively gets to filter the arguments that are made. This allows (in many situations) effective exclusion of arguments based on the 9th Amendment, which the legal profession finds very convenient. See no evil, hear no evil.

There might be some cases where it would be reasonable to expect a plaintiff to have a lawyer, but to require one, chosen

Re:Right up until...

[lsatenstein]

A government body gets the whole key and then has it stolen from them and we're all left with our trousers down in a changing room made of glass.

No. If there is an EASY way to decrypt information, then that data is NOT SAFE and the encryption is useless.

I think that they should get the encryption algorithm, but the actual key, speak to the individual party, and to a judge that would authorize a search warrant.
Imagine that each subscriber gets to choose his encryption key, and a vigenere string to salt the encrypted result.

Re:Right up until...

[david_thornley]

Around here, we have the "implied consent" doctrine. It states that, in exchange for permission to operate a vehicle weighing a ton or more at speeds up to over 100 kph (c. 30 m/s), we grant permission to check alcohol levels on demand. This is at least somewhat reasonable. You aren't checked for using the public roads, only if you're driving. I suppose it depends on where you are on the "driving is a privilege" to "driving is a right" line.

Re:Right up until...

[chihowa]

It's not the check for intoxication that concerns anyone, it's the checkpoints. Around here, the police need suspicion of a crime in order search a person. Nobody has a problem with stopping and testing people who appear to be driving drunk (except the drunk, I suppose).

Re:Right up until...

[WindBourne]

No, NSA passes information up the ladder and then ppl inside of DOJ, along with president and others decide what filters down to the FBI.
You will find that no information about citizens is making it to FBI, unless it involves acts of terrorism, or criminal issues from outside of America.

In 2005-2006, the GOP pretty much removed the oversight of NSA. I know. I was working on PAT act then and was very aware of what was going on.

The NSA requests you stop sealing envelopes

[mtrachtenberg]

As you all know, our country is subject to terrible terrorist threats. It has come to the attention of your friends at the National Security Agency ("we put the security in the national") that terrorists have, under certain circumstances, used the United States Postal Service, United Parcel Service, and Federal Express in order to facilitate their terrorist doings. Therefore, we would appreciate it if, effective immediately, you stop sealing your parcels and envelopes, to make inspection easier.

This is for your protection. Please don't object, or we'll have to illegally open your items and lie about it. Thank you.

Re:The NSA requests you stop sealing envelopes

[ColdWetDog]

.[Terrorists].. under certain circumstances, [have] used the United States Postal Service, United Parcel Service, and Federal Express in order to facilitate their terrorist doings.

I don't see where this is true at all. According to numerous, recent news reports, the only thing that domestic terrorists have used to advance their cause has been the FBI.

Let's get rid of them and see how things improve.

Re:The NSA requests you stop sealing envelopes

Enough people at the delivery chain is doing that already with the aim of collecting any cash and valuables posted in envelopes and packets. So you see, the whole thing is privatized already and as such, totally alright.

Re:The NSA requests you stop sealing envelopes

Remember the "white powder" mailings? Sure, some of them were flour, but a few of them were powered ricin, a toxin.

As I recall, the initial threat letter was due to changes in trucking regulation, and odds are that it never amounted to more than a threat; however, a different letter followed up on that threat and actually mailed powdered ricin.

That would have been USPS, so we only have two more to go.

UPS has been dealing with the odd and occasional mail bomb since 1919. According to information gleaned second hand from MarketWatch the USPIS deals with about 200 incidences of possible postal bombs per year. I'm inclined to believe that 1% of those are true bombing attempts, but that's at least 2 bombs per year.

Federal Express had a (thankfully foiled) plot to bomb cargo planes in 2010. I'm sure there's more to talk about; but, like most companies, they'll only leak what is necessary, not what raised alarms.

This information is not mean to be alarmist, it is the 1% of 1% of 1% of the intent and contents of millions of packages sent every day. This post is mean to provide factual information about actual threats and actions, so we don't get all mentally skewed about the non-presence of malicious intent and the actions that follow. The FBI has a very undesirable job, and nobody that I know about holds the scales to determine if they have done more harm than good. To my way of viewing things, it is disingenuous to flatly state they've done more harm because none of these agencies have ever delivered a harmful package, when history obviously has shown they have.

Feel free to show how the FBI has done harm, if that is your motivation; however, don't do so by fabricating truths which are not true.

Re:The NSA requests you stop sealing envelopes

Do not laugh, it is already happening in Panama with the Postal Service. You cannot send any small package without them inspecting it first.

Re:The NSA requests you stop sealing envelopes

The postal service already takes an image of every. single. package. that crosses their system.

Also, a better motto for the NSA is "NSA - We make your business our business"

Re: The NSA requests you stop sealing envelopes

Heck it happens here too. I couldn't tell you how many times I've gotten a package from uses already open. Sometimes they put some tape back in it, but usually they just leave it unsealed and open.

Re:The NSA requests you stop sealing envelopes

Largest domestic terrorism event in the U.S. excepting 9-11:
Timothy McVeigh - largest before, or since.

And no encryption - or lack thereof - could have stopped him.
He worked too quickly and used trusted people who helped him. The only change made effectively after this bombing was tracking/modifying nitrate fertilizer to make it more difficult to amass this amount of materiel again.

Of course: nitrate fertilizer comes from the AIR so all you REALLY need is air, knowledge, and patience so in the end: it just closed one terrorism loophole, and made anyone attempting the same thing again more cautious.

Disturbing this is even being openly discussed

[JoeyRox]

The fact that the NSA thinks it can achieve this shows how far our civil liberties have fallen.

Re:Disturbing this is even being openly discussed

[future+assassin]

What do you expect when people rather spend more time crying foul and protesting expensive internet and entertainment than something that affects their rights. Romans knew to let there be games, to keep the masses busy from free thinking.

Re:Disturbing this is even being openly discussed

[viperidaenz]

The Roman Empire fell because they spread themselves too thin and outsourced their military to fill in the spots they couldn't cover.

Re:Disturbing this is even being openly discussed

[Bite+The+Pillow]

Only through inaction on the part of the citizenry. The fact that they have to ask for this shows we are achieving technical parity. It is up to the citizens to protect the citizens, and we can do exactly that.

Ignoring the question of whether they should be reading the mail (that's another topic, don't dilute this thread), we have effectively been sending post cards instead of envelopes.

We would not have switched to encryption everywhere without this, so it's a problem of their own making. And now it's a question of whether big business is run by citizens. Some are, and have switched, so the "all corporations are bad" nonsense is invalid.

It is up to the citizens to restore the balance of power. Should we trust that the spy agencies will do nothing unconstitutional? I know your answer, but what about the courts that write laws that get overturned?

My point by bringing that up is that the citizens have a responsibility to ensure the government is respecting their rights. If dragnet data collection is allowed by the courts, and the citizens disagree, then encrypt everything.

Re:Disturbing this is even being openly discussed

[SuricouRaven]

They fell for a number of reasons - any one of which they could have shrugged off, but they all came at once. Rebellions from inside, invasions from the east, loyalty to the empire strained by imposed religious reformation to some strange new monotheistic cult and economic struggles as an empire built on constant expansion ran out of new land to invade for tribute - and then all that during a succession crisis which left the empire fragmented and unable to muster up a unified response. There's no one factor that lead to the collapse, and the collapse itsself was a slow process - you can't find a single year and declare the empire ceased to exist here.

Re:Disturbing this is even being openly discussed

Then take your liberties back.
Encrypt everything.
Vote all proposals down.
FUCK the NSA, FUCK the COPS, FUCK the GOVERNMENT.
They're all useless anyways.

Re:Disturbing this is even being openly discussed

That's not my take on it. I think that they have a real problem now that Google, Microsoft and Apple are taking security and encryption seriously. There have been many improvements in public domain encryption and security technologies since the last time the NSA publicly fought the tech industry over encryption during the Clinton administration. The people working for Google, Microsoft and Apple aren't dummies and the public research into crypto has yielded some high quality stuff over the past decade or so. The NSA knows this and they are scared that they will be effectively locked out of most encrypted communications. Now, instead of breaking weak crypto, they're going to have to do targeted operations to steal keys, infect target computers with malware and the like which increases their costs dramatically and makes the threshold to justify spending what it takes to read a target's email or communications that much higher. Maybe they'll have to restrict themselves to only the really bad people and maybe that's a good thing.

Re: Disturbing this is even being openly discussed

OK let's do it!
Oh wait, Dancing With The Stars is on...

Re:Disturbing this is even being openly discussed

[DigiShaman]

I told all you bitches! PRISM compliant hardware; the velvet gloves come off the feds. In fact, they might audit your data just so all you fucking sheep can get used to the "new normal" of security.

Re:Disturbing this is even being openly discussed

[viperidaenz]

You're right, it did. I named two specific reasons.

Although admittedly, by not mentioning any others I implied they were not relevant.

Re: Disturbing this is even being openly discussed

OK let's do it!
Oh wait, Dancing With The Stars is on...

Oooh yeah, I hear Kim Kardashian's ass is gonna be shaking at the Colosseum tonight!
While Rome burns...

Re: Disturbing this is even being openly discussed

[Endymion]

While Rome burns...

close, but wrong city... at least according to St. Vincent:

They say, "I'm on your side
"When nobody is, 'cause nobody is
"Come sit right here and sleep
"While I slip poison in your ear"

We are waiting on a telegram
To give us news of the fall
I am sorry to report
Dear Paris is burning after all

We have taken to the streets
In open rejoice revolting
We are dancing a black waltz
Fair Paris is burning after all

Re:Disturbing this is even being openly discussed

[rnturn]

``Romans knew to let there be games, to keep the masses busy from free thinking.''

Yep. We have our reality TV, March Madness, the Super Bowl, the World Series (heck, professional sports in general), lotteries, celebrity worship, and so on and so on. There are already plenty of distractions to keep the American public from concentrating on, or even learning about, how their freedom has been taken away from them.

Re:Disturbing this is even being openly discussed

The fact that they are probably right makes it even worse.

Re:Disturbing this is even being openly discussed

[neilo_1701D]

They fell for a number of reasons - any one of which they could have shrugged off, but they all came at once.

Well... "at once" over the course of several hundred years.

loyalty to the empire strained by imposed religious reformation to some strange new monotheistic cult

That strained the Senate far more than the general populace, who were quite happy accepting yet one more god.

and then all that during a succession crisis which left the empire fragmented and unable to muster up a unified response.

If you're going to say the succession crisis caused the collapse in the latter years of the empire, you need to explain why the succession crisis didn't cause the same problems during the Crisis of the Third Century.

you can't find a single year and declare the empire ceased to exist here.

September 4, 476 was the official end of the Western Roman Empire. The Eastern Roman Empire lasted 1,000 years after that, when it fell to the Ottomans.

But back to September 4, 476. Odoacer turfs out Romulus Augustulus and sends the robes etc. to Emperor Zeno, saying that they were no longer required. Now, granted the western empire was in ruins at this point in time, but this date is the accepted date for the end of the empire.

... empire built on constant expansion ran out of new land to invade for tribute

That's not even remotely true of the latter empire. The later republic was certainly built upon constant expansion; however the Varian Disaster in 9 AD put a northern border that the empire didn't grow beyond. Trajan had the greatest territory expansion, this was mainly to the east; and his reign ended in 117 AD; long before 476 or even the crisis of the third century. Hadrian consolidated the new frontiers but didn't push past them.

There's no one factor that lead to the collapse, and the collapse itsself was a slow process

That's not quite true. The prime factors are the rising of the Sasanian Empire, a collapse in tax revenue, and loss of the growing areas in Northern Africa.

The rise of the Sasanian Empire caused the empire to move northern border troops to the east. The now porous northern border allowed the Germanic tribes to start to invade; the Germanic tribes themselves were being pushed out of their lands by the Huns. The Germanic tribes moved along Gaul and Spain, and crossed into Africa, capturing the the fertile regions there. Meanwhile, other Germanic tribes at first started ransacking cities and towns, but soon discovered it was much easier to offer to defend the towns and rule. These Roman towns and cities then directed their tax revenue to the Germanic rulers, depriving Rome of much-needed funds. As the funds for the armies declined, so did the armies. Roman tax collectors were not only unwelcome, but forced out of these new Germanic areas.

The Western and Eastern emperors agreed that recapturing North Africa was a prime concern, and mounted probably the largest military force ever seen to do just that. But before the fleet could sail, Atilla the Hun started his 10 year rampage, diverting Roman attention to this new menace.

Following Atilla's death, there simply wasn't the money to raise an army to retake North Africa, and the Western Empire effectively ceased functioning around 410 AD, with the empire formally coming to an end on September 4, 476 when Odoacer deposed Romulus Augustulus and declared himself ruler of Italy.

All your eggs in one basket.

[Jaywalk]

Wow. And how long do they think their magical key will remain secret? If a single key can open all the doors, finding that key will become more important and the resourced dedicated to discovering it will be increased. The secrets that are being protected are not only -- or even primarily -- the secrets of criminals. There are millions of bank accounts and private medical records along with political dissidents.

Every weakening of security aids not only law enforcements but criminals as well.

Re:All your eggs in one basket.

Never mind that. How long do you think that the world is going to want to buy US tech products?

The USA does not have a monopoly on technology. In fact, it has outsourced so much of it that it's a wonder that there's any "American tech" even left IN the USA.

Re:All your eggs in one basket.

[wonkey_monkey]

If a single key can open all the doors

Not that it makes much difference to the substance of your point, but I don't think anyone's proposing literally a single key. It could (hypothetically, naively) be one split key per company, or per product, or batch of a product, or maybe even one split key per "real" key.

I might be missing something which rules out any or all of those possibilities, though.

Re:All your eggs in one basket.

[R3d+M3rcury]

...and if you only have part of the key, why should you devote resources to protecting it? Let the other guy worry about that.

Kind of like immunization...

Heh

[DivineKnight]

When the NSA says these kinds of things, it's like they are saying that they are immune to being cracked.

Re:Heh

[Scutter]

When the NSA says these kinds of things, it's like they're saying something that they know is completely ridiculous to turn your attention away from something far more insidious that they're up to.

Re:Heh

and the NSA would never hire someone with a mindset or capabilities of another Edward Snowden.

Re:Heh

You mean someone who felt that the people were more important than the instruments of state used to oppress them?

Re:Heh

and the NSA would never hire someone with a mindset or capabilities of another Edward Snowden.

Are you on break after licking Dick Cheney's "boots" all morning?

Re:Heh

The cracking doesn't have to happen to the government agency itself, an intermediate point or alternative method would likely be found anyway.

Also, would this then make non-commercial/open-source efforts like Let's Encrypt (https://letsencrypt.org/) outside the law (if they didn't play ball)?

Ok.

While we're asking for stuff we want, I want one billion dollars a year of NSA funding redirected to me. I'll spend it all on providing college scholarships.

I believe my idea is better than theirs: educated, autonomous individuals make for a better society than fear and authoritarianism. Who's with me?

Re:Ok.

[Livius]

make for a better society

So clearly it will not happen.

Re:Ok.

And I'll have a flying car, thanks

one key, eh?

One (partitioned) Key to rule them all, One Key to find them,
One Key to bring them all and in the darkness bind them

need anyone say more?

Re:one key, eh?

[ColdWetDog]

One (partitioned) Key to rule them all, One Key to find them,
One Key to bring them all and in the darkness bind them

need anyone say more?

At least in the Tolkien fantasies we got orcs, wizards, castles and beautiful elvish women. Here we just get a bunch of overweight, ugly guys, some half assed Star Trek furniture and an ugly old building from the 1960's.

No key until they at they at least update their image to include a smoking volcano.

who cares

They're going to get what they want, one way or the other. If they don't, they'll just take it. They didn't give a fuck before and they won't give a fuck down the road, either. There are no penalties to violating the rights of the citizen, therefore the rights of the citizen might as well not exist. So why bother giving a fuck? Their abuses were documented, exposed, discussed, and everyone collectively shrugged. There's not much more you can do than that. If people don't give a fuck about their privacy and liberties, then they won't be protected (and as we saw, even if they did care, it wouldn't matter).

This also helps other countries...

since if they get the keys, they can also help stop terrorism. Those other countries are much more trustworthy than the Republicans. It is the Republicans that want us to die. They are killing us and stacking our bodies like cordwood, and no one can stand-up to their kind. They are the ones doing this, and they are the ones killing us. Stop spouting lies that we should be concerned about people on the other side of the world. They are the ones that control our cities, counties, states and federal government with an iron fist. They are the ones killing us. They are the ones that want to hide their illegal dealings with encryption. That is why they are fighting this.

Re:This also helps other countries...

[Phydeaux]

Really? Republicans? That's what you're going with? Get me if I'm wrong, but didn't a major Democrat (who's running for US President) stop using her State Department provided email account so she could send her mail through a mailserver she controlled, which would not be archived, audited or available to FOIA requests? And then when asked for the mailserver contents, said "hey, we went through it all and there's nothing of interest there. Hey, is that a squirrel over there?" God thing you're posting as AC. Should probably be AI, Anonymous Idiot...

Re:This also helps other countries...

Republicans do have that whole Nixon legacy. He openly used NSA data collection against his political opponents.

Re:This also helps other countries...

https://en.wikipedia.org/wiki/...

Investigating copyright infringement

Adam McGaughey, the webmaster of a fan site for the television show Stargate SG-1, was charged with copyright infringement and computer fraud. During the investigation, the FBI invoked a provision of the Act to obtain financial records from the site's Internet Service Provider.[8] The USA PATRIOT Act amended the Computer Fraud and Abuse Act to include search and seizure of records from Internet Service Providers.
Investigation of potential drug traffickers

In September 2003, the New York Times reported on a case of the USA PATRIOT Act being used to investigate alleged potential drug traffickers without probable cause. The article also mentions a study by Congress that referenced hundreds of cases where the USA PATRIOT Act was used to investigate non-terrorist alleged future crimes. The New York Times reports that these non-terrorist investigations are relevant because President Bush and several members of Congress stated that the purpose the USA PATRIOT Act was that of investigating and preempting potential terrorist acts.[9]

So lets see, copyright infringement is a "terrorist act"? Or "alleged drug trafficking"?
Or those "non-terrorist alleged future crimes"?!? What are we doing now, prosecuting "pre-crime"?

Blanket requests for financial information on visitors to Las Vegas

In November 2005, Business Week reported that the FBI had issued tens of thousands of "National Security Letters" and had obtained one million financial records from the customers of targeted Las Vegas businesses. Selected businesses included casinos, storage warehouses and car rental agencies. An anonymous Justice official claimed that such requests were permitted under section 215 of the USA PATRIOT Act and despite the volume of requests insisted "We are not inclined to ask courts to endorse fishing expeditions".[10] This didn't just include financial records, but credit records, employment records, and in some cases, health records.

Damn, now you're a "terrorist" if you go to Las Vegas to gamble a bit?!?

Let's see, we're in a "war on terror" - so, what defines "winning"? Who surrenders? If we invade "terrorism" and occupy the capital, did we win?
How about we add to it, let's launch a "war on crime"! Think that'll ever end? Kinda like the "war on drugs", lots of money spent and all the drugs are gone right? Oh, wait... well, but the end is in sight right? Maybe when we conquer the country of "drugs" and put "democracy" in place?

You won't ever "stop" terrorism, there's no country to declare war on, there's no capital, there's no army to conquer... war on an idea doesn't work.

Re:This also helps other countries...

[Bob+the+Super+Hamste]

But everyone basically agrees that Nixon was an asshole and is trotted out to divert attention away from the fact that current policies would have been a wet dream for Nixon. New rule to judge a government policy, if Nixon would have used against those on his enemies list then it is a really shitty unconstitutional action and those proposing or pushing for it should impeached for failing to uphold their oath of office and duty to the constitution.

Dupe.

[BitterOak]

This story was posted yesterday. http://it.slashdot.org/story/1...

Re:Dupe.

[wonkey_monkey]

Yes, but unless you have all the parts you can't get the whole story.

Re:Dupe.

[Technician]

Note who gets the parts. Government, Government, Government. NSA, CIA, DEA, ATF, FAA... How long before they share? Can you say smokescreen? Appease the public. What they don't know. Works until another Snowden incident.

Re:Dupe.

Yes, probably our buddy, the nsa is probing to see who's interested or as a trial balloon.
The idea of a message by message audit path from multiple outside entities idea is an improvement,
but technically I don't see how to actually make it work.
Which makes it seem more a fig leaf than a solution.
If there is a technical solution with a mix of multiple private and public entities in the trust loop, then with the right limits and publication rules, maybe.
To be good, this would have to be a wild step back from the Patriot act.
Given the latitude taken with the act to date, hopeful caution seems the best reaction.

The promise of our democracy is that,
it can continually reinvent itself to what is needed,
instead of atrophying into a big comfortable beauracracy
that eventually has to be 'reinvented' by the unfortunate historical method.

If this proposal has substance, it may be a good for the safety/liberty balance debate.

The other area is the shear size of govt.
During WW2, there was a congressional committee on removing unnecessary programs.
This old idea seems sorely needed.
Perhaps Mr. P could start the process by de-elevating just one Cabinet level department.

Perhaps /. should start merging the original comments into the dup.
Or give the second poster some negative brownie points.

Yeah ok

[epyT-R]

..and these separate entities will be compelled to comply with an NSL, right? Fuck that bullshit. The problem here is statist/authoritarian politics not technology.

Re:Yeah ok

[andymadigan]

Even if it's completely illegal for the NSA to get the other pieces, they'll try. They'll hack in, or they'll snoop into the lives of everyone with access to find something they can use for blackmail...

Which is why, if this insane policy is enacted, there needs to be another requirement: if the NSA tries to get the other pieces, the director of the NSA gets executed on live TV for treason. So does every official or agent involved in the operation. Same goes for every other government agency.

Really, though. Hearing the NSA complain that they can't access my private data sounds exactly like complaining they can't bug my apartment. If they want to stop the "turrists" they'll have to learn to do it without creating a worldwide police state.

Re:Yeah ok

[rtb61]

Now is it the NSA that wants this stuff or is it the corporate masters of the politicians who appoint corporate stooges to run those three letter organisations. Don't like you politics, they want to be able to totally fucking destroy you, make you a non person. Deny all you citizen rights, make it impossible for you to travel, ensure you have only the most menial degrading employment, and if necessary silence you and using extremely belligerent and violent law enforcement who will kill during the arrest (not fucking around any more).

The corporations want the excuse to hack into everyone ones lives whom they want to control. They fear loosing exploitative control and are become more desperate in their attempts to maintain. The flimsy lies are becoming so pathetic and as you would expect when this occurs, they are becoming more violent in their responses when they fail.

Fuck you NSA.

Eat shit and die. Seriously.

Sounds good.

Distribute the parts of the key between every member of the UN security council.

Locks

> "I want a front door. And I want the front door to have multiple locks. Big locks."

Locks keep honest people out. The dishonest on the other hand...

Great for free software

[Sean]

Such backdoors aren't enforceable in open source projects. If this comes to pass then free software will have a great competitive advantage.

Re:Great for free software

[gnasher719]

If there is a legal requirement, then it is absolutely enforcable against open source software. If the NSA managed to get laws passed in their favour (which I very much doubt), and for example Apple had to hand over some encryption keys, and all the lawyers they could hire cannot prevent that, what kind of idiot would believe that an open source project would be exempt?

Re:Great for free software

[Kjella]

Until they pass a law demanding that all encryption software must be able to comply with lawful warrants to decrypt the contents and outlaws the rest, making it a crime by iteself. Or just create some procedural rules to keep you in contempt of court until you decrypt it. You really think they're going to clamp down on all proprietary software and totally ignore open source just like that? I admire your optimism but if they can make this happen open source encryption will be on death row.

Re:Great for free software

[viperidaenz]

Also, great for the economy of everywhere but USA. It's an incentive to not have a presence in the country to avoid such laws.

Re:Great for free software

That worked so well for Truecrypt.

If this comes to pass non-US companies will have a competitive advantage. Well except the French of course.

Re:Great for free software

[SuricouRaven]

Open source projects are very geographically mobile. New forks would rapidly appear, managed outside of the US.

Re:Great for free software

[sumdumass]

Until free software gets outlawed for not having them or they make criminals out of people who disable the back doors.

I have no faith the something like that would be impossible to happen.

Re:Great for free software

[radarskiy]

"free software will have a great competitive advantage."

There's not even motivation to get enough labor to look for security bugs in free software, let alone for deliberate misfeatures. To get it done you'll have to pay someone to do it, and then you'll have a competitive advantage if you have done it with non-free software.

Re:Great for free software

How would they enforce it against open-source software? If you have the source code, it's really obvious to tell where they put the backdoor; and if they use some means to obfuscate that (e.g. a binary blob) you can just fork from an earlier version.

Re:Great for free software

[Sean]

I doubt it's actually possible to enforce encryption backdoors beyond a few major vendors. The result would be similar to exiting attempts to prohibit reverse engineering. It's impossible to outlaw debuggers, disassemblers, logic analyzers, and similar tools. It's like outlawing radios that can tune in to any station. It's been done, but it's not all that effective.

Even if all software from major vendors like Microsoft, Apple, and Google implemented protocols with backdoors, correct implementations of the underlying algorithms are necessary for those to function.

We've seen forced decryption laws in the UK. Forward secrecy basically defeats RIPA, because you can't force someone to decrypt something they never had the key for in the first place.

China has attempted to regulate cryptography, essentially requiring a license to develop, buy, sell, or research encryption. They have mandatory key escrow too. It's useless. Everyone uses encryption all the time. There's no putting the genie back in the bottle.

Re: Great for free software

Please go read about software bugs and exploits. It's not that simple and if done correctly (which has been done!), you wouldn't know.

Re:Great for free software

The feds have no authority to make such a requirement.

Re:Great for free software

If there is a legal requirement, then it is absolutely enforcable against open source software.

Even if this were the case, there'd be a fork and they'd have to enforce it against that too. It'd be forks all the way down.

Re:Great for free software

[spauldo]

You may find this interesting reading.

In old versions of UNIX (not open source, but only because there was no such distinction at the time - the source was very much available) the compiler would add code to any program you tried to compile named 'login'. You could look at the source for the login program all you want and never see the backdoor. You also would have a hard time finding the code in the C compiler.

And this was just something Ken Thompson did to prove that he could. Imagine what the NSA would be capable of.

Re:Great for free software

[Damarkus13]

Isn't that exactly what producing deterministic builds during a security audit supposed to detect?

Re:Great for free software

[Kardos]

Why does this keep coming up?
This problem is solved: http://www.dwheeler.com/trusti...

Re:Great for free software

[gnasher719]

I doubt it's actually possible to enforce encryption backdoors beyond a few major vendors. The result would be similar to exiting attempts to prohibit reverse engineering. It's impossible to outlaw debuggers, disassemblers, logic analyzers, and similar tools. It's like outlawing radios that can tune in to any station. It's been done, but it's not all that effective.

It's not a backdoor that they want, it's a key to the front door :-(

Here's what they can do: Download an open source package. Send an encrypted email to themselves. Check that they can decrypt it with keys supplied by the software. If not, use all the force that the US police can muster to stamp the supplier out of existence.

Re:Great for free software

Seems irrelevant since unless it's security software. how many are going to bother?

Fine

As long as I have the other key to my phone...

How about a trade?

I'll allow easy access to my data when you allow me to see yours.

Fwiw, last time it didn't work.

[Sprite_tm]

The designers of the Clipper chip (http://en.wikipedia.org/wiki/Clipper_chip) had just about the same method in mind: encryption for the users, with an independent organization knowing the master keys and being able to hand over session keys to decode communications to government institutions. It was actually the reason why PGP etc were invented.

We have a similar situation here: the gov wants to have the keys to encrypted machines. Theoretically, the same arguments can be brought up again: it's bad because the keys may leak, it weakens the encryption because there's another set of keys that can be bruteforced or found in a smarter way, but it's also pretty ineffective: the phones that allow people messing around in their systems (Jolla, Ubuntu phones, rooted Androids) will just have third-party, non-gov-approved encryption in them and criminals (and people not really comfortable with NSA snooping) will subsequently use these.

Re:Fwiw, last time it didn't work.

I'm willing to give a lot, and I mean __a lot__ of leeway.

Sometimes I think of the "independent organization" as the company that owns the computers and has hired the people writing the emails. In the event they are being sued do to the contents of an email written by an employee, shouldn't they be allowed the option of filtering the email before it leaves the company network?

I'm not saying they will read every email, I'm saying "shouldn't they have the option of filtering the email". Sure, the technology might be thirty years away, but if it existed, shouldn't the option exist?

The Clipper chip was on ground much less firm. We acknowledge that generally the USA is comprised by a lot of people, who occasionally act not in national interest, but in the interest of various private third parties. So naturally, the government should not have access until they can prove proper chain of custody. However, denying anyone access to any encrypted information might have undesirable side-effects.

If a company cannot secure their own private holdings, by law, to deter harm to the company's self; then, we can easily expect the company to close the means by which secure communication is transmitted. Perhaps the future holds a brighter path for us all; however, the present won't accomodate an organization to permit oversight-less harm to itself.

Re:Fwiw, last time it didn't work.

I'm using a VPN here, as everywhere these days. It's not that I'm doing nefarious things here on /. but the NSA can waste time and resources decrypting my traffic as I just changed to a Romanian IP address and with their nearly unlimited resources it shouldn't be a problem.

Re:Fwiw, last time it didn't work.

The key takeaway here is that terrorists and criminals are far smarter than government idiots think.
They're the ones that will know how to write their own encryption, not the other way around.
You cannot pass any effective law to make criminals confess their crimes, however much you try. And this is just the same. You will catch only the idiots, which would be easy to catch already anyway.

Re:Fwiw, last time it didn't work.

[StikyPad]

the phones that allow people messing around in their systems (Jolla, Ubuntu phones, rooted Androids) will just have third-party, non-gov-approved encryption in them and criminals (and people not really comfortable with NSA snooping) will subsequently use these.

They'll prohibit and penalize that by restricting such tools, the same way they did with "circumvention tools" in the DMCA. Banks and those with "legitimate" needs excepted, of course.

No problem

[joh]

If one the parties is the user and he gets to keep HIS part of the key, so that nobody can decrypt his data without him giving up his key, fine.

Would miss the point though...

This all works

[__aabppq7737]

until, assuming encryption is stacked, one of the escrow holders manages to create a fake key which, when used to decrypt some given message, produces an entirely different result than the key holder's genuine key should generate. Example: Shamir's Secret Sharing

Re:This all works

[wonkey_monkey]

assuming encryption is stacked

What does "stacked" mean in this context?

one of the escrow holders manages to create a fake key

Not quite sure what you mean. Do you mean one of the escrow holders providing a fake "part" of the key, to be joined with the other real parts, thus producing a full, but false, key? Or producing an entire fake key by themselves?

when used to decrypt some given message, produces an entirely different result than the key holder's genuine key should generate

Isn't that what all incorrect keys do? Generate a result different from what the genuine key would produce?

Re:This all works

[__aabppq7737]

What does "stacked" mean in this context?

When I said "stacked" encryption I meant encrypting an already encrypted file repetitively.

Isn't that what all incorrect keys do? Generate a result different from what the genuine key would produce

I meant to say 'generate a result that could be misinterpreted as a valid message', thus maintaining the so-thought integrity of the fake message.

For example, drawing from Get Smart, imagine that Alice wanting to communicate with Bob uses a plain-text message that looks unencrypted to bystander Eve, such as:

My food is good. Eating is good. Eating is good. To infinity and beyond. Underestimate how delicious food is. Near broccoli is guacamole. Do not eat asparagus. Eat bread, instead. Read the recipe books. Toward the breadbox is the bread. Hens taste good on the table. Eggs go well with turkey. Beer is an alcoholic beverage. Right behind the fridge is a mouse. Indigo is a nice color for plums. Don't burn the food. Green eggs and ham taste bad. Empty the trash can when you get here.

If you take the first letter from each word, you get MEETUNDERTHEBRIDGE, or Meet [me] under the bridge. But this message appeared unencrypted, even supposing that this message passed the very last layer of escrow.

Re:This all works

[wonkey_monkey]

I meant to say 'generate a result that could be misinterpreted as a valid message', thus maintaining the so-thought integrity of the fake message.

Ah, I think I see where my confusion arose. When you said "one of the escrow holders manages to create a fake key" you didn't mean that the key itself was fake - it would still be right key, according to the key escrow process - but that the original encryption could have been done in such a way as to cause the correct key to return a misleading result?

produces an entirely different result than the key holder's genuine key should generate.

Not if by "genuine key" you mean the key used by the proprietary device, and for which step it also generates the secret split key to allow decryption by agencies. Any decryption by either of those keys will result in the correct decryption.

If by "genuine key" you mean the key used to encrypt the data before it went through device encryption, well, then the escrow decryption process will still produce the correct intermediate (once-encrypted) text.

Re:This all works

[retchdog]

It wouldn't be stacked, ffs. Stacking encryption wastes compute time at best, or compromises the encryption at worst. Basically, the single encryption key would literally be split into pieces; each of k members would get N/k of the bits according to some protocol (perhaps interleaved). Shamir's Secret Sharing is an elaborate example of doing a lot better than that, so using it as an example of an attack against stacked encryption is rather ironic.

I defy you to take any currently-good cryptosystem and craft a "fake key" which will decrypt a known cyphertext, C, as plaintext B as opposed to the intended A, when combined with other fixed keys. Jesus christ, even if you knew what the other keys were, we're talking about an insanely difficult task.

The key has been scattered across this land...

[Riddler+Sensei]

Well, this scheme would effectively make it impossible for any party to complete the key. As each organization embarks on the quest to collect the shattered fragments of the key they will all invariably get stuck at the Water Temple and just give up.

Well, that's a load of horseshit

[Hizonner]

There's no "centuries-old social compact" or whatthefuck ever, let alone one around warrants.

• There's no problem getting data access using warrants, no matter how much encryption you have. It's just that you have to get the data from the person who owns them, rather than sneaking through a third party. If the owner doesn't cooperate, you have a process to compel them. You know, just like warrants and other court orders have worked for hundreds of years. It's really unprecedented to be able to get access to somebody's personal papers without that person even knowing it.
• There's no long-established ability to get access to people's ephemeral communications without physically following them around. That wasn't even possible until the telephone came along. For hundreds of years before that, you had to actually engage and gain people's individual confidence to spy on them.
• Rogers' agency (the NSA) has never used warrants, not ever. It was given warrantless powers it probably should not have been given, arguably illegally because you can't do it under the constitution. It has then repeatedly gone beyond those already excessive powers over the entire course of its existence. It takes a lot of gall for somebody like Rogers to whine about lawful authority to do anything, let alone about warrants.

What a sack of shit.

And, yeah, the idea that you're going to have this magic key that only good guys can use is also technically and operationally impossible... as every single person in the NSA or anywhere else in the federal intelligence or law enforcement agencies knows damned well. I assume they want to create it so that they can steal it and use it for mass attacks. If they don't want me to believe that, well, they need to overcome their decades-long pattern of established behavior.

Re:Well, that's a load of horseshit

The US Fourth Amendment is over two centuries old. We're discussing search warrants here in the US, for the most part. You can't just call anything you like a sack of shit without providing any sort of argument to the negative.

Re:Well, that's a load of horseshit

[Hizonner]

There's no point in my replying to such total clueless incomprehension of my three paragraphs of explanation.

But I do want to correct this misapprehension, because I can see where it might come from:

You can't just call anything you like a sack of shit without providing any sort of argument to the negative.

The "sack of shit" I meant was Mike Rogers, personally. I wouldn't want anybody to think I hadn't meant to insult that sack of shit.

Re:Well, that's a load of horseshit

[edtice1559]

I like your argument but it simply isn't true. We've had wiretaps as long as there has been a phone system. This is really the analogous capability for encrypted devices. I'm not saying that this is a good policy idea. I think it's terrible for all of the reasons already expressed. But it's not new or novel.

Re:Well, that's a load of horseshit

[Hizonner]

There are two parts to this: "wiretap-like" ephemeral communication, and "personal-papers-like" data stored in devices (and, more importantly in this debate, in associated cloud services).

On the far more important personal papers side, there has simply never, ever been a time in the past when you could expect as a matter of course to get somebody's personal papers surreptitiously, from a third party. Yes, you might have gotten lucky and been able to do that, but in the vast majority of cases you were going to have to go directly and overtly to that person and seize those papers.

That's a HUGE change. It's new with cloud storage and remote device access. It's total bullshit to pretend that it resembles anything in the past.

Nor is it new that the target of an investigation can obscure or obfuscate the content of those papers, or destroy those papers when you come after them, or hide them and refuse to tell you where they are, or any number of other things. People hid their letters all the time. There's nothing new in kind here.

As for matters of degree, well, yeah, modern encryption is easier and more effective than old methods of securing your papers. On the other hand, the "papers" being secured are incomparably more detailed, information-rich, and difficult to avoid creating, and you carry all of them with you all the time. What you would have gotten on somebody if you managed to find their hidden letters even 20 years ago is not even close to what you can get on somebody burrowing through their phone today.

So if there has been any change in the practical circumstances recently, it's that searches of "personal papers" have become more productive, not less. And encryption would only partially undo that.

On the less important wiretap side, yes, there have been wiretaps for about 100 years. They were pretty controversial even in those illiberal times, but they crept by the US Supreme Court (1926, I think it was). However, in the WaPo article, we had talk[1] about "standard American practice for the past couple of hundred years".

That puts the time before wiretaps into play. And I choose to look at all of the time before wiretaps, which includes most of the time during which the common law developed, the time during which legal expectations about privacy evolved, and the time at which the US constitution was written. In the context of that time, wiretaps are a pretty damned recent blip. They were a technological windfall for spooks, and spooks' addiction to them doesn't justify perpetuating that windfall when the technology changes.

[1] The person who made the "last couple of hundred years" comment was admittedly not Rogers, who apparently confined himself to disingenuously advocating for technical measures he has to know can't possibly work, and which would be suspiciously amenable to exactly the sort of abuse his agency is famous for. The "couple of hundred years" comment was from deputy AG David Bitkower. So maybe I should have named Bitkower as a sack of shit, too.

Re:Well, that's a load of horseshit

[edtice1559]

It's too bad you can't moderate up good counter-arguments.

Want, want . . .

And people in hell want ice water.

bow tie and nice NIST endorsement

[epine]

Key fragments? Can we have that with a bow tie and a nice NIST endorsement?

When you break your word, you break something that can not be mended.

Even if you wear the regal black cloak of the Central Malfeasance Agency, when you're found out, it can and will be held against you.

Ho hum. This is clipper chip redux.

In 1997, a group of leading cryptographers published a paper, "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption," analyzing the architectural vulnerabilities of implementing key escrow systems in general, including but not limited to the Clipper Chip Skipjack protocol. The technical flaws described in this paper were instrumental in the demise of the Clipper chip as a public policy option.
...
The U.S. government continued to press for key escrow by offering incentives to manufacturers, allowing more relaxed export controls if key escrow were part of cryptographic software that was exported.

Cooperation requires either trust or truncheons. No worries for the NSA. It'll soon enough be classified as a state-secret crime against humanity to bleat when beaten, if it isn't already.

Re:bow tie and nice NIST endorsement

How about civillians start killing the government people?

Riddle me this

If the US agencies have such good reasons to dig into my personal information, why not the Chinese, Syrian, or North Korean? After all, those are just about as totalitarian states, equally far away from where I live. And their arguments for spying my personal data are as good as the Americans...

i really don't get it

[resfilter]

their profiled "terrorists" are usually from societies that are accustomed to communicating covertly without any electronic means.

i'm not an expert in terrorism or communication, but i was a punk kid once that did bad things. even i was smart enough to know that if you were planning something big and illegal, you didn't go calling people about it, or writing it down.

do they really think that someone is going to send an email or text message saying "hit the big red button 12:30 next tuesday"? or that someone will save a map to a warehouse of deadly weapons in "the cloud" and name it "weaponsmap.jpg"?

of course they don't.

so how is this gaping hole in the intensions of the survaillance plan not being used as leverage to stop this nonsense before america goes from paranoid to total police state at the press of a button one night? are people so weak that all it would take is someone sending an encrypted message about a "serious terrorist act that would kill a lot of people" that's "intercepted" and the plot "stopped" to widen the scope of this stuff?

as someone watching this from outside the USA, it's very confusing to me

Re:i really don't get it

[Livius]

someone will save a map to a warehouse of deadly weapons in "the cloud" and name it "weaponsmap.jpg"?

of course they don't.

Of course they will.

That's what the decoy map is for.

Trust is a two-way street

[DoofusOfDeath]

We'll give the NSA expedient access to our encrypted data...

When they'll confess to all possible breaches of our Constitution, and submit to the death penalty for any actual breaches.

Have we got a deal, NSA? Oh, why not? You fucking traitors.

Life for crypto experts at NSA

[whoever57]

What must life be like for crypto experts at the NSA? I assume that they are smart people, who must surely realize what a boneheaded idea this is. Imagine working somewhere where your most senior bosses go around publicly showing off their lack of knowledge.

Re:Life for crypto experts at NSA

[SuricouRaven]

Or maybe they already have ways into just about everything, and this doomed request is just to create the false impression they need it?

They still want to fuck you

They are just trying to sugar-coat it now. As that would make rape any better...

that might work....

until the NSA finishes hacking the other agencies for their part of the keys. It's not like they've tried anything like that before. (http://www.wired.com/2015/02/gemalto-confirms-hacked-insists-nsa-didnt-get-crypto-keys/)

What we really need

What we really need is a portable vocoder/decoder that you can attach to the front of your phone. You agree with your friend about what settings it needs when talking business, then you both set the vocoder transmit/receive to the same 10 digit code (you and your friend both need one, and having a pseudorandom number generator share keys via bluetooth is even better). Talk normally. Let the NSA guess what is going on and make the rat bastards decode every last bit. The tech. company might bend over (they might be forced to bend over), but that doesn't mean its time to let them stare at your nakedness whenever and however they want. If they are a cryptologic company, they should have to work for their data.

Dear NSA

[lkcl]

Dear NSA,

I would love to design the phone that you are asking for. please pay the sum of $USD 30 million into my bank account and i will organise it straight away. also, please sign a contract that you will subsidise the cost of every single phone sold because in order to add the extra encryption that you are expecting it will push up the price, and in a competitive business world nobody would buy it without subsidies.

I look forward to hearing from you shortly.

Signed, Luke Leighton
(Libre and FSF-Endorseable Hardware Design Engineer)

Re:Dear NSA

[currently_awake]

Existing phones have the processing power to do end to end encryption without any new hardware. You'll need to audit or re-write your entire software stack (including baseband) to keep out back doors of course, and that will be expensive. But unit cost increase will still be a few dollars per phone, not enough to make them unsellable.

All this means is OPPORTUNITY for Chinese spies

[AutodidactLabrat]

whose government will now mandate a successful encryption that even THEY can't break....except they can.
Push the clients out of U.S. markets for phones and services
THAT will help!

This is so naive

It doesn't make sense at any level I think about it. If e.g. mobile phones had publically known backdoors built-in, it would essentially prevent their use in many governmental organizations around the world. Such devices would most likely be ultimately outlawed altogether in many countries.

And there's always that one small thing: if someone has the keys to all the devices, those keys will be worth gold to every single spy agency around the world. The only way to prevent this threat is to not have the keys at all. The US government wasn't able to keep the keys to the Atom bomb secret so how could they possibly protect global decryption keys.

Re:This is so naive

It doesn't make sense at any level I think about it. If e.g. mobile phones had publically known backdoors built-in, it would essentially prevent their use in many governmental organizations around the world.

The whole system is a backdoor. Worthless A* encryption, security trivially bypassed by operation of fake infrastructure and attackers choice of many generations of hopelessly broken technology all handsets happily insecurely fallback to.

it would essentially prevent their use in many governmental organizations around the world.

Governments around the world also use SMTP E-Mail for much of their day-day business without batting an eye.

The only way to prevent this threat is to not have the keys at all.

Everyone here seems to agree. I suspect NSA rumblings are more them taking an offensive posture to blowback... than something they seriously hope to achieve..

However right now this is all effectively quite hollow and pointless as the worlds comms platforms are irrecoverably broke and not just from a security perspective.

Old German proverb

[Opportunist]

Ist der Ruf erst mal ruiniert, lebt sich's völlig ungeniert.

It loses a bit in translation, but essentially the meaning is "once your reputation is ruined, you can as well stop having any shame".

Or they could do their actual job

[spiritplumber]

Dear NSA, privacy arguments aside: You guys have the specific job of making codes and breaking codes.

If we do it for you, then don't expect us to pay you as much as we do anymore.

Do your own damn homework same as everyone else.

BULLSHIT

Them having a part of the key makes bruteforcing the whole key possible.

You have no security if part of your key is already known!

Re:bullshit

[Akaihiryuu]

This exactly. Even IF somehow open source projects were "forced" to include a back door...then knowledgeable people could easily just remove the back door from their copy. And explain to others how to easily do it on some forum hosted outside the US.

Re:bullshit

Actually, since OSS is used outside the US and outside their jurisdiction, OSS would probably include an "--enable-nsa" and of course its disable counterpart. Knowledgeable people would just check that it does work as intended.

Re:bullshit

[gnasher719]

This exactly. Even IF somehow open source projects were "forced" to include a back door...then knowledgeable people could easily just remove the back door from their copy. And explain to others how to easily do it on some forum hosted outside the US.

It's quite obvious that if major companies had to give their keys to the NSA, then owning or distributing software that doesn't do this would be in itself made a serious crime.

Re:bullshit

They're unlikely to go their in our lifetimes- they do have to keep pretenses up, you know. Something about the First Amendment (remember the licenses?) makes it...difficult...to preclude. They found crypto restrictions to be difficult to enforce under the right conditions for that very reason.

Re:bullshit

[johnwallace123]

Reminds me of warnings on grape juice concentrate sold during prohibition: "After dissolving the brick in a gallon of water, do not place the liquid in a jug away in the cupboard for twenty days, because then it would turn into wine."

Could we get something similar: "After downloading the code, do not remove lines 33-67 of Encrypt.c, as this will disable the legally mandated NSA back doors"

Re:bullshit

[JohnFen]

Could we get something similar: "After downloading the code, do not remove lines 33-67 of Encrypt.c, as this will disable the legally mandated NSA back doors"

Or... do not compile this code without #defining INCLUDE_BACKDOORS as this will disable the legally mandated back doors.

Re:bullshit

Just like hard crypto used to be illegal for most things, or how the FOSS decoders for H.264 and MP3 are technically illegal? That hasn't stopped anyone yet.

bullshit

Just download the "no backdoor" patch from Europe. If the law applies to the producer, then you're legally safe. If not, they must reveal that they were spying on you to exploit it, so you can sue them for information on their investigations, etc.

The market will speak

Like I would ever buy such a product, ever, under any circumstances.

What's the point?

Why divide the key? When one party forcibly coerce the others to do what they want and can prevent them from talking about it, why bother pretending they can't?

Do you really need a smartphone?

Really, do you?

Giant data centers

[MrL0G1C]

So they are building insanely large data centers.... to collect metadata.

I swear that doesn't add up.

This is why in the 18th century...

[mpthompson]

...the founding fathers of this country outlawed the burning of slips of paper so the citizenry couldn't hide information from the government. This is just the 21st century equivalent so what's the big deal?

Okay

[Lord+Bitman]

one of those parties is the customer, though

The government wants you to think..

[MpVpRb]

..that they are totally honest and competent, and that weakening security will only hurt the bad guys

In the real world, government security is done by people who actually want to work for the government..if you're at the bottom of the technological barrel..hey, a job is a job..and government jobs have job security. Yeah, I have to take a drug test..but that's OK..I don't use illegal drugs (within the testing window)

If you are on the other side of the fence..all that matters is technical competence

You might be a criminal, or a terrorist, or someone who is just pissed off..but IF you have the ability to exploit the weaknesses that are intentionally introduced, under the pretext of national security..you will win

Apple already has this

[koan]

might be a requirement that technology companies create a digital key that can open any locked device to obtain text messages or other content, but divide the key into pieces so no one group could use it without the cooperation of other parties."

Apple already has a "corporate key".

Re: Apple already has this

No, they don't. Quit spreading lies.

Re: Apple already has this

I know a policeman who says they can access data on Android and BlackBerry phones easily, but need to send iPhones to Apple to extract data. He didn't say anything more, but I wonder if that implies they can get around full disk encryption on all devices. It's like when an IT admin protects a full disk encryption key with two passphrases: one for the user, one for the admin in case the user forgets their password. The key is encrypted two times using the two passwords. iOS, Android and BlackBerry might all do something similar, but only Apple refused to give the "admin password" to the gov't.

Wish in one hand, shit in the other...

[BozoForPresident]

The NSA wants front door decryption access - Yeah, and I want to sleep with a different bouncy cheerleader every night.

Re:Wish in one hand, shit in the other...

One of my exs is a nymphomaniac.

That is not as much fun as it sounds.

A matter of priorities

[plsuh]

The US government has lost sight of the larger issue here. The tail (NSA and law enforcement) is wagging the dog.

The NSA and law enforcement agencies want to be able to intercept anything, since it makes their jobs easier. However, this runs counter to the larger national interest of the United States.

Which country has the highest level of connectedness and dependence on the Internet? Which country would be worst hurt if a sophisticated attacker was able to penetrate and conduct malicious actions using the systems connected to the Internet? The US, that's who. It is by far in the US's overall national interest to properly secure the Internet and communications infrastructure. Eavesdropping on everyone else is a secondary benefit, in comparison.

The proper role of the President and the Attorney General is to separate the desire of the NSA and law enforcement to make their jobs easier from the greater benefit to the country as a whole. They need to tell the ambitious underlings "NO" in unequivocal terms, then bitch slap them if they keep whining about it.

--Paul

Re:A matter of priorities

The proper role of the President and the AG is to fire the incompetent leadership that demands measures that would harm the institution's goals. And even if their goals is to make political shitty things, it still would be damaged. Because others would also get the power to politically shit on them with this measure.
So that leadership has to be replaced, and if the President and the AG are not powerful enough to do so, they might as well just burn the constitution.

Re:A matter of priorities

But that doesn't benefit Barry and Company. They're part of the reason they're asking for it in the first place.

Here we go again..

[MegOnWheels]

It is almost as if this idea comes up every 7 to 10 years except that the scope increases each time.. With any luck they wont get it over the line..

I suspect that sophisticated crooks and terrorists have perfect paperwork and perfect online personas, passports and other documentation which means that the only people they are going to trap are the random idiots and the majority of the law abiding population.

How about opensource devs tell them to go FUCK the

How about opensource devs tell them to go FUCK themselves, and if they come with their court orders, shoot them dead.

How about that.

In the past opensource devs did not give a FUCK about what the government demanded, they HATED the government.

Maybe you faggots need to get out of OSS and give it back to the people who ran it before.

NSA Should Blackmail Tech Companies

It's simple really. If these companies don't put in back doors, then they don't get any more H1-B visa workers.

Expect compliance within one microsecond.

NSA wants to put American out of business

[duke_cheetah2003]

Could you imagine if the NSA actually was permitted to do this? The moment something like this came to be true, every tech company cooperating would simply go out of business. Who would buy anything with a backdoor built into it? I wouldn't.

Shut down the NSA, to even suggest this is economic armageddon. I don't even need to go anywhere near the freedom and privacy aspects of this, I can appeal the capitalists, this is just bad for business.

Re:NSA wants to put American out of business

All non-techies that I talk to says government backdoors and key escrow is a good thing because it helps catch criminals and terrorists, and makes the job of law enforcement easier. It's too hard to get a warrant these days with everyone being so politically correct, and so law enforcement should be able to just do whatever they want when they want to keep us safe. I don't buy it. Didn't the American civil war start that way?

Re:NSA wants to put American out of business

[freedom4us]

Yes I believe you or if not most others would. Apple is already responding to government requests, the dissappearing of warrant canary, do you remember? and the whole facebook thing? come on :))

Re:NSA wants to put American out of business

I don't think it would be that bad. The American tech companies would simply move out of the U.S. and the rest would stop doing business in the U.S.

Divide the key up?

That sounds like a very bad idea. Each holder of a portion of the key would need the support of all other holders. The net result would be that all of the key holders would grant the other holders what ever they want. There would be be no upside for any key holder to deny any other key holder anything. Two key holders double the spying and so on.

Sounds good...

[Copid]

...as long as they're cool with all of our multinational tech companies doing the same favor for the Chinese government. I mean, laws are laws, right?

Nothing new

[fred911]

Did we all forget Clinton and their Clipper initiative? Or has it just become easier to understand for Joe Sixpack?

Good luck with that

[PPH]

The only trustworthy solution is one based on end to end encryption. The tech companies have nothing but encrypted content to move around. They have nothing to give the NSA that they could use.

What does the NSA really want?

[n0ano]

Much as we dislike the NSA I don't think anyone would argue that they are stupid. Morally bankrupt, ethically challenged, constitutionally wrong - yes, but stupid - no. Therefore the NSA clearly knows that this is a stupid idea and will never work and will never be implemented. I have to believe this is a negotiating ploy (ask for something totally outrageous so that you can be bargained down to something merely obnoxious - which is what you wanted all along).

That being the case then this must be their totally outrageous start. What do they really want that they will `settle` for?

Irrelevant

USA is falling into irrelevancy wrt to secure technology and services. It doesn't matter anymore. Do whatever you like NSA, everybody is switching to european services.

NO

The NSA does not represent what is best for our country or our future. They have chosen their path, and it is not one we can follow if we wish to have a bright economic or free future for our children, to remain trusted by people who use our products, or to remain respected as a country where the rule of law is followed.

America is ran by Nazis

hey honey, I hear keeping up with the kardashians is on tonight

Legalising the status quo

I think they want this so that the already present backdoors become legalised.

Might as well give the keys to China and Russia.

What are they going to say when other countries ask for the keys as well? These agencies are as myopic as their short names.

Use this phrase:

[jcr]

"Not without a warrant, motherfucker."

-jcr

Re:Use this phrase:

[Bob+the+Super+Hamste]

I have always preferred:
"Go fuck yourself with a spindle sander"

The death of american software

[LordWabbit2]

This is moronic, if this is put in place only Americans will use American software (and then only some of them). NO other country is going to voluntarily use software they know has a "front door" regardless of all the "good intentions" promised by splitting the key up. May as well shoot Microsoft in the foot.

Re:The death of american software

[JohnFen]

May as well shoot Microsoft in the foot.

You shouldn't argue against a thing by pointing out a positive result of it.

Truth

it will shove more and more safety minded off the net , nore th eof the paranoid off the net and more people that might become conspuracy buffs etc...the goal being that it subdues the net for govt control easier as those that speak up , become fewer and fewer

canada , = case in point

2006 - 24 million net users ( pop 34 million )
2014 - 17 million net users ( pop 35 million )

now think what they are and have been up too....destroying civil rights all over and continuing to do so.

it is being used to gain control....

FUCK YOU

Fuck the NSA, and any company that goes along with them.

Any that do are a life long enemy of freedom.

Hmm, hard problem.

[Bonzoli]

On the one side, the NSA is collecting data on American's using secret orders with a rubber duck stamp that has a pirate patch on its eye. On the other side we have Russia owned by a kleptocracy and threats of nuclear war if anyone interferes with their invasion plans.
Hmm,....

Fair Trade?

[MagickalMyst]

Ok, how about giving root access to all government, law enforcement, and military computers to the general public so they can perform valuable oversight duties to ensure that no corruption or criminal activity is present in our institutions?

Spy on them as they spy on us.

Interesting exercise

[Mariner28]

It would be an interesting Big Data exercise to see trading data by certain federal government employees... Oh, I don't know - perhaps to see what the average gains were in a 12-month period compared to the gains of the average Joe in private industry?

Please

[WindBourne]

Idiots like you are everywhere.
You think that America is the ONLY one that has loads of backdoors? You are a REAL idiot, or work for the Chinese gov.

Re:Please

[ruir]

You are wrong, I am just a european "idiot". Only a naive would believe NSA has to ask for backdoors, this "newsflash" is just political propaganda for the sheeple. Please do go on, I bet you believe too 9/11 was a work of a fictional terrorist cell.

Re:Please

[ruir]

And what you propose? Use products with american backdoors because they are your "friends"? What do you expect me to say, thank you or fuck you? I am confused by your reasoning.

Re:Please

Idiots like you are everywhere.

You think that America is the ONLY one that has loads of backdoors? You are a REAL idiot, or work for the Chinese gov.

Are you trying to win the Biggest Tool on /. award?

Re:Please

[WindBourne]

So, what exactly was 9/11 if not a terrorist act?
And I did not say that NSA had to ask for backdoors. They are everywhere. BUT, when data is encrypted, it makes it harder for ANY government to get around.

Oh, yes, ALL of the european govs are involved in spying on their citizens as well.

Re:Please

[WindBourne]

who do you want spying on you? If you buy a commercial product that was produced in China, I guarantee that it has a backdoor. That is why the DOD insists that Cisco manufacture their network equipment here in America (and they do).

Our best bet for staying off radars is to not trust ANY commercial product, and go with OSS. FreeBSD is good. So is Linux. Using Commercial OSs from any nation will get you spied on, simple as that.

But in the end, for those of us in the west, it is better to have European govs, or the 5-eyes (now bigger, though I am not certain how big), spy on us, rather than Chinese and Russian.

that's why I never store my private keys ...

[RealRaven2000]

... on a server. They cannot share what they don't have. Generate your own private keys and give them to nobody.

Let's Think About the Message Here

They are implying that they are going to spy, without limits, no matter what happens. Mass surveillance, no just cause, no due process. Just a "going through the motions" FISA court and a Senate committee who are told as little as possible. For those infrequent times when the NSA needs some political cover.

All they are giving us is the option: We can F* you from the front, or we can F* you from the back. You have a choice!

Gee, that's really swell NSA! I guess America truly is the Land of Freedom. The NSA is free from the Constitution, after all.