Slashdot Mirror


The NSA Wants Tech Companies To Give It "Front Door" Access To Encrypted Data

An anonymous reader writes The National Security Agency is embroiled in a battle with tech companies over access to encrypted data that would allow it to spy (more easily) on millions of Americans and international citizens. Last month, companies like Google, Microsoft, and Apple urged the Obama administration to put an end to the NSA's bulk collection of metadata. "National Security Agency officials are considering a range of options to ensure their surveillance efforts aren't stymied by the growing use of encryption, particularly in smartphones. Key among the solutions, according to The Washington Post, might be a requirement that technology companies create a digital key that can open any locked device to obtain text messages or other content, but divide the key into pieces so no one group could use it without the cooperation of other parties."

135 of 212 comments (clear)

  1. First for Systemd!!! by Anonymous Coward · · Score: 1, Informative

    Fuck the NSA!!

    1. Re:First for Systemd!!! by Anonymous Coward · · Score: 2, Insightful

      That's the wrong attitude to take. The attitude you SHOULD take is to become one of the data controllers holding part of the key...which you simply delete.

      Problem fucking solved.

    2. Re:First for Systemd!!! by MobSwatter · · Score: 3, Interesting

      Hell, I gave up unencrypted evidence that was left on my pc for 10 years by my ex wife about a person that works in "Blood Money" before the pricks killed my father, and they did fuckall about it. They want access only to justify a budget, period, they don't really give a fuck about anything else.

  2. Right up until... by Anonymous Coward · · Score: 5, Insightful

    A government body gets the whole key and then has it stolen from them and we're all left with our trousers down in a changing room made of glass.

    No. If there is an EASY way to decrypt information, then that data is NOT SAFE and the encryption is useless.

    1. Re:Right up until... by Anonymous Coward · · Score: 5, Insightful

      A government body gets the whole key and then has it stolen from them and we're all left with our trousers down in a changing room made of glass.

      No. If there is an EASY way to decrypt information, then that data is NOT SAFE and the encryption is useless.

      Yep. In the meantime, one of the few advantages US companies have - software and web services - will be made completely worthless. If I am a bank, healthcare company, or whatever (it really doesn't matter) , I demand my data be secure. An NSA back door, front door, trap door, barn door means that there is a built-in insecurity.

      Right now, I do not think any American made software is secure enough for my business. We have achieved a state where business and government concerns are in direct conflict.

      I think a lot of it has to do with this Big Data fad. They seem to think that the more data they have, the more computing power they have, and the less security we have allows them to "get their guy". We have an out of control security bureaucracy.

      But as the US slips more and more into a police state (I was just ordered last week to hand over my license at a road block - they were stopping everyone. Papers please! actually it was "hand it over, now!), I just have to wonder with our freedoms and privacy being eroded everyday, just what does the US stand for anymore?

    2. Re:Right up until... by AmiMoJo · · Score: 5, Informative

      Even if it were somehow perfect, the NSA has proven itself to be untrustworthy. It apparently can't even police its own staff to stop them spying on their girlfriends and wives, let along stop them walking off with huge archives of information. If Snowden could do it then I think it's reasonable to strongly suspect that the Chinese, the French and anyone else interested in that stuff has infiltrated them too.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Right up until... by Wootery · · Score: 4, Informative

      Apparently the Supreme Court decided that that would be unconstitutional, but it's Just Too Important(TM) so it's fine.

    4. Re:Right up until... by Anonymous Coward · · Score: 5, Insightful

      You can bet that if Snowden could get access then there are hundreds of NSA employees and contractors that are trading on this information. No domestic or foreign corporation or state wants the NSA to have unfettered access to their data like this, because such access will be and is being abused.

      Put it this way, say you are trying to get a contract where General Electric is a competitor. And someone in the NSA is tapping all of your salesmen's communications and documents and passing them to the GE's sales team....

    5. Re:Right up until... by Endymion · · Score: 4, Insightful

      Well said.

      I find it unlikely that the NSA doesn't know how this will affect the US software/tech industry. Which means they are deliberatly trying to undermine an entire sector of the US economy. I call this treason. Many of these traitors took an oath to defend the constitution, yet they publicly announce how their desire to do the exact opposite.

      I know some of you are thinking that this is a crazy idea, because the US definition of trason is a difficult standard to meet due to the requirement to show that the traitor is "making war" against the countyr. Well, what else do you call the deliberate undermining of the most profitalbe sector in our economy? Modern weapons of war include a wide variety of tools, not just rifles and tanks. More importantly, this is exactly the kind of type of methods the CIA has used to "destabalize" other countries.

      --
      Ce n'est pas une signature automatique.
    6. Re:Right up until... by MobSwatter · · Score: 1

      You know the US did fair pretty well against the USSR on the cold war, but somehow failed to recognized the one with Italy that started after WWII, that one we've obviously lost.

    7. Re:Right up until... by ruir · · Score: 3, Insightful

      Microsoft was born due to Bills family being influential in washington, and has been in bed with the establishment ever since. In the past we also had strong hints they had a NSA backdoor. Cisco is also known to have backdoors. The industry has been undermining itself quite alone. Foreign people who use American software for industrial or political purposes are morons.

    8. Re:Right up until... by Anonymous Coward · · Score: 1

      We are truly living in Soviet Russia where there was a constitution and "rights" but of course they didn't mean shit because "protecting" the people was of course more "important."

    9. Re:Right up until... by Anonymous Coward · · Score: 2, Insightful

      But they're not protecting the people any more.

      They are now protecting the state. They have been for many years, they just tell you they're protecting the people.

      That was what the Soviet government was doing, too.

    10. Re:Right up until... by davester666 · · Score: 3, Insightful

      It's an emergency, because we are being overrun by terrorists and child molesters.

      That makes it ok.

      --
      Sleep your way to a whiter smile...date a dentist!
    11. Re: Right up until... by Jason+Levine · · Score: 2

      A government body gets the whole key and then has it stolen from them and we're all left with our trousers down in a changing room made of glass.

      Or a hacker finds a way to break in without the "keys."

      It doesn't matter how many "pieces" you split the key up into if someone can just busy down the door and take whatever they want. Adding a back door to an encryption product is just asking for someone to break that back door down.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    12. Re:Right up until... by Anonymous Coward · · Score: 1

      You can bet that if Snowden could get access then there are hundreds of NSA employees and contractors that are trading on this information.

      Just imagine the percentage of the population that are willing to use any information to their direct advantage. Add the percentage that would be willing to sell that information to someone else. Now multiply that by one hundred per NSA whistleblower and you get a pretty good idea on the number of people out there.

    13. Re:Right up until... by Anonymous Coward · · Score: 1

      That is exactly what the NSA seems to have been doing for a long time. If there is an American company involved in some tender somewhere, they try to intercept as much of the internal communication of the competitors as they can.

    14. Re:Right up until... by Anonymous Coward · · Score: 1

      Hint: Read Article III, Section 3. Treason is defined as making war or by aiding and abetting actual enemies (oh, say ISIS, the Muslim Brotherhood, etc...) in any form. That bar's quite a bit lower than most people realize after all.

    15. Re:Right up until... by Holi · · Score: 2

      "I do not wish to be subject to NSA spying on my gear, because I don't LIVE in the U.S." HAHAHA, I am sorry, but while the NSA routinely ignores it, it is illegal for the NSA to spy on citizens. Unfortunately for you, the whole reason they exist is to listen to the 6.7 Billion people who don't live here.

      --
      Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
    16. Re:Right up until... by chihowa · · Score: 4, Informative

      Wow, I just looked into that some more and it's pretty horrifying. The ruling was more than it being "Just Too Important(TM)", it was that it is too important to the State. That line of reasoning allows for just about any unconstitutional law to be upheld. Even the dissenting decisions were more concerned with the effectiveness of the checkpoints and considered the violation of the Fourth Amendment that they represent an accepted and foregone conclusion.

      The majority opinion from Rehnquist: "In sum, the balance of the State's interest in preventing drunken driving, the extent to which this system can reasonably be said to advance that interest, and the degree of intrusion upon individual motorists who are briefly stopped, weighs in favor of the state program. We therefore hold that it is consistent with the Fourth Amendment."

      --
      If you want a vision of the future, imagine a youtube comments section scrolling - forever.
    17. Re:Right up until... by g0bshiTe · · Score: 1

      Yet we keep electing them.

      --
      I am Bennett Haselton! I am Bennett Haselton!
    18. Re:Right up until... by edtice1559 · · Score: 1

      It's important to all of the sober roadway users too. A balancing test is about the only reasonable way to resolve things when two different principles are in conflict. It's a violation of my privacy to have to walk through a metal detector when going to a courthouse. It's also a violation of my rights if I can't get a day in court because judges are assassinated so often. Therefore, the courts look to balance the interests in a way that produces an optimal outcome. They don't always get it perfect but the line of thinking is always reasonable. Random inspections of vehicle safety and driver sobriety are a reasonable way to ensure that we can use the roadways safely which is in everybody's interest.

    19. Re:Right up until... by WindBourne · · Score: 2

      terrorists? Spies? Foreign gov. interventions? Yes, that is what the NSA and the intel world is concerned with.
      Child Molesters? Nope. NSA does not do civilian issues.

      However, there are ppl that want to kill the NSA, and turn over this kind of technology to FBI.
      THAT IS WHAT YOU SHOULD FEAR. If the FBI, or groups like DEA, WHO HAVE REAL POWER, should get this kind of power, then you should fear.
      And what is needed with this, is to not allow congress to ever again remove the oversight, like the GOP did in 2005.

      --
      I prefer the "u" in honour as it seems to be missing these days.
    20. Re: Right up until... by WindBourne · · Score: 1

      Had I not replied elsewhere, I would have modded you up. NSA getting this tech is NOT about taking our citizen's rights. However, the more that they push to have open access to ENCRYPTED DATA, the more that America will see destruction of our real strength; economic.

      Do note that China already said that all businesses must give access to encrypted data. Russia has always insisted on it. And France is saying that they want access to encrypted data (they, like ALL GOVs., access public comm). Shortly, all of the western govs. will be insisting on access to ENCRYPTED data.

      --
      I prefer the "u" in honour as it seems to be missing these days.
    21. Re:Right up until... by StikyPad · · Score: 1

      I would argue two points.

      1) "Random inspections of vehicle safety and driver sobriety are a reasonable way to ensure that we can use the roadways safely"

      Do we have actual evidence of a decline in drunk driving through the use of checkpoints, or is it just accepted because it sounds effective? If they're not effective, then the whole argument is moot.
      http://www.thecrimereport.org/...
      https://en.wikipedia.org/wiki/...

      2) Balancing tests are only appropriate when there are no other options, such as in the courthouse example you cite. Either there are checkpoints at courthouse entrances OR courthouses are insecure. There is no such mutual exclusivity with DUI checkpoints.

    22. Re:Right up until... by davester666 · · Score: 1

      Where have you been?

      The NSA has already been passing information to the FBI, which has been prosecuting those people [hey, it's ok if we use parallel construction, along with a dash of lying]. It won't be a big surprise if the next Patriot Act extension makes this legal.

      And congress still has oversight of all these agencies. They choose to continue to permit them to do it.

      --
      Sleep your way to a whiter smile...date a dentist!
    23. Re: Right up until... by bigodfw · · Score: 1

      Yeah that's all nice and logical but if all they wanted to check was sobriety they wouldn't check for a multitude of other things to increase their chances of creating revenue

    24. Re:Right up until... by Wootery · · Score: 1

      I don't recall the Fourth Amendment mentioning an exception for unless you really want to.

    25. Re:Right up until... by lsatenstein · · Score: 1

      A government body gets the whole key and then has it stolen from them and we're all left with our trousers down in a changing room made of glass.

      No. If there is an EASY way to decrypt information, then that data is NOT SAFE and the encryption is useless.

      I think that they should get the encryption algorithm, but the actual key, speak to the individual party, and to a judge that would authorize a search warrant.
      Imagine that each subscriber gets to choose his encryption key, and a vigenere string to salt the encrypted result.

      --
      Leslie Satenstein Montreal Quebec Canada
    26. Re:Right up until... by david_thornley · · Score: 1

      Around here, we have the "implied consent" doctrine. It states that, in exchange for permission to operate a vehicle weighing a ton or more at speeds up to over 100 kph (c. 30 m/s), we grant permission to check alcohol levels on demand. This is at least somewhat reasonable. You aren't checked for using the public roads, only if you're driving. I suppose it depends on where you are on the "driving is a privilege" to "driving is a right" line.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    27. Re:Right up until... by chihowa · · Score: 1

      It's not the check for intoxication that concerns anyone, it's the checkpoints. Around here, the police need suspicion of a crime in order search a person. Nobody has a problem with stopping and testing people who appear to be driving drunk (except the drunk, I suppose).

      --
      If you want a vision of the future, imagine a youtube comments section scrolling - forever.
    28. Re:Right up until... by WindBourne · · Score: 1

      No, NSA passes information up the ladder and then ppl inside of DOJ, along with president and others decide what filters down to the FBI.
      You will find that no information about citizens is making it to FBI, unless it involves acts of terrorism, or criminal issues from outside of America.

      In 2005-2006, the GOP pretty much removed the oversight of NSA. I know. I was working on PAT act then and was very aware of what was going on.

      --
      I prefer the "u" in honour as it seems to be missing these days.
  3. The NSA requests you stop sealing envelopes by mtrachtenberg · · Score: 5, Insightful

    As you all know, our country is subject to terrible terrorist threats. It has come to the attention of your friends at the National Security Agency ("we put the security in the national") that terrorists have, under certain circumstances, used the United States Postal Service, United Parcel Service, and Federal Express in order to facilitate their terrorist doings. Therefore, we would appreciate it if, effective immediately, you stop sealing your parcels and envelopes, to make inspection easier.

    This is for your protection. Please don't object, or we'll have to illegally open your items and lie about it. Thank you.

    1. Re:The NSA requests you stop sealing envelopes by ColdWetDog · · Score: 2

      .[Terrorists].. under certain circumstances, [have] used the United States Postal Service, United Parcel Service, and Federal Express in order to facilitate their terrorist doings.

      I don't see where this is true at all. According to numerous, recent news reports, the only thing that domestic terrorists have used to advance their cause has been the FBI.

      Let's get rid of them and see how things improve.

      --
      Faster! Faster! Faster would be better!
  4. Disturbing this is even being openly discussed by JoeyRox · · Score: 5, Insightful

    The fact that the NSA thinks it can achieve this shows how far our civil liberties have fallen.

    1. Re:Disturbing this is even being openly discussed by future+assassin · · Score: 2

      What do you expect when people rather spend more time crying foul and protesting expensive internet and entertainment than something that affects their rights. Romans knew to let there be games, to keep the masses busy from free thinking.

      --
      by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
    2. Re:Disturbing this is even being openly discussed by viperidaenz · · Score: 1

      The Roman Empire fell because they spread themselves too thin and outsourced their military to fill in the spots they couldn't cover.

    3. Re:Disturbing this is even being openly discussed by Bite+The+Pillow · · Score: 1

      Only through inaction on the part of the citizenry. The fact that they have to ask for this shows we are achieving technical parity. It is up to the citizens to protect the citizens, and we can do exactly that.

      Ignoring the question of whether they should be reading the mail (that's another topic, don't dilute this thread), we have effectively been sending post cards instead of envelopes.

      We would not have switched to encryption everywhere without this, so it's a problem of their own making. And now it's a question of whether big business is run by citizens. Some are, and have switched, so the "all corporations are bad" nonsense is invalid.

      It is up to the citizens to restore the balance of power. Should we trust that the spy agencies will do nothing unconstitutional? I know your answer, but what about the courts that write laws that get overturned?

      My point by bringing that up is that the citizens have a responsibility to ensure the government is respecting their rights. If dragnet data collection is allowed by the courts, and the citizens disagree, then encrypt everything.

    4. Re:Disturbing this is even being openly discussed by SuricouRaven · · Score: 3, Informative

      They fell for a number of reasons - any one of which they could have shrugged off, but they all came at once. Rebellions from inside, invasions from the east, loyalty to the empire strained by imposed religious reformation to some strange new monotheistic cult and economic struggles as an empire built on constant expansion ran out of new land to invade for tribute - and then all that during a succession crisis which left the empire fragmented and unable to muster up a unified response. There's no one factor that lead to the collapse, and the collapse itsself was a slow process - you can't find a single year and declare the empire ceased to exist here.

    5. Re:Disturbing this is even being openly discussed by Anonymous Coward · · Score: 1

      That's not my take on it. I think that they have a real problem now that Google, Microsoft and Apple are taking security and encryption seriously. There have been many improvements in public domain encryption and security technologies since the last time the NSA publicly fought the tech industry over encryption during the Clinton administration. The people working for Google, Microsoft and Apple aren't dummies and the public research into crypto has yielded some high quality stuff over the past decade or so. The NSA knows this and they are scared that they will be effectively locked out of most encrypted communications. Now, instead of breaking weak crypto, they're going to have to do targeted operations to steal keys, infect target computers with malware and the like which increases their costs dramatically and makes the threshold to justify spending what it takes to read a target's email or communications that much higher. Maybe they'll have to restrict themselves to only the really bad people and maybe that's a good thing.

    6. Re:Disturbing this is even being openly discussed by DigiShaman · · Score: 1

      I told all you bitches! PRISM compliant hardware; the velvet gloves come off the feds. In fact, they might audit your data just so all you fucking sheep can get used to the "new normal" of security.

      --
      Life is not for the lazy.
    7. Re:Disturbing this is even being openly discussed by viperidaenz · · Score: 1

      You're right, it did. I named two specific reasons.

      Although admittedly, by not mentioning any others I implied they were not relevant.

    8. Re: Disturbing this is even being openly discussed by Endymion · · Score: 1

      While Rome burns...

      close, but wrong city... at least according to St. Vincent:

      They say, "I'm on your side
      "When nobody is, 'cause nobody is
      "Come sit right here and sleep
      "While I slip poison in your ear"

      We are waiting on a telegram
      To give us news of the fall
      I am sorry to report
      Dear Paris is burning after all

      We have taken to the streets
      In open rejoice revolting
      We are dancing a black waltz
      Fair Paris is burning after all

      --
      Ce n'est pas une signature automatique.
    9. Re:Disturbing this is even being openly discussed by rnturn · · Score: 3, Interesting

      ``Romans knew to let there be games, to keep the masses busy from free thinking.''

      Yep. We have our reality TV, March Madness, the Super Bowl, the World Series (heck, professional sports in general), lotteries, celebrity worship, and so on and so on. There are already plenty of distractions to keep the American public from concentrating on, or even learning about, how their freedom has been taken away from them.

      --
      CUR ALLOC 20195.....5804M
    10. Re:Disturbing this is even being openly discussed by neilo_1701D · · Score: 1

      They fell for a number of reasons - any one of which they could have shrugged off, but they all came at once.

      Well... "at once" over the course of several hundred years.

      loyalty to the empire strained by imposed religious reformation to some strange new monotheistic cult

      That strained the Senate far more than the general populace, who were quite happy accepting yet one more god.

      and then all that during a succession crisis which left the empire fragmented and unable to muster up a unified response.

      If you're going to say the succession crisis caused the collapse in the latter years of the empire, you need to explain why the succession crisis didn't cause the same problems during the Crisis of the Third Century.

      you can't find a single year and declare the empire ceased to exist here.

      September 4, 476 was the official end of the Western Roman Empire. The Eastern Roman Empire lasted 1,000 years after that, when it fell to the Ottomans.

      But back to September 4, 476. Odoacer turfs out Romulus Augustulus and sends the robes etc. to Emperor Zeno, saying that they were no longer required. Now, granted the western empire was in ruins at this point in time, but this date is the accepted date for the end of the empire.

      ... empire built on constant expansion ran out of new land to invade for tribute

      That's not even remotely true of the latter empire. The later republic was certainly built upon constant expansion; however the Varian Disaster in 9 AD put a northern border that the empire didn't grow beyond. Trajan had the greatest territory expansion, this was mainly to the east; and his reign ended in 117 AD; long before 476 or even the crisis of the third century. Hadrian consolidated the new frontiers but didn't push past them.

      There's no one factor that lead to the collapse, and the collapse itsself was a slow process

      That's not quite true. The prime factors are the rising of the Sasanian Empire, a collapse in tax revenue, and loss of the growing areas in Northern Africa.

      The rise of the Sasanian Empire caused the empire to move northern border troops to the east. The now porous northern border allowed the Germanic tribes to start to invade; the Germanic tribes themselves were being pushed out of their lands by the Huns. The Germanic tribes moved along Gaul and Spain, and crossed into Africa, capturing the the fertile regions there. Meanwhile, other Germanic tribes at first started ransacking cities and towns, but soon discovered it was much easier to offer to defend the towns and rule. These Roman towns and cities then directed their tax revenue to the Germanic rulers, depriving Rome of much-needed funds. As the funds for the armies declined, so did the armies. Roman tax collectors were not only unwelcome, but forced out of these new Germanic areas.

      The Western and Eastern emperors agreed that recapturing North Africa was a prime concern, and mounted probably the largest military force ever seen to do just that. But before the fleet could sail, Atilla the Hun started his 10 year rampage, diverting Roman attention to this new menace.

      Following Atilla's death, there simply wasn't the money to raise an army to retake North Africa, and the Western Empire effectively ceased functioning around 410 AD, with the empire formally coming to an end on September 4, 476 when Odoacer deposed Romulus Augustulus and declared himself ruler of Italy.

  5. All your eggs in one basket. by Jaywalk · · Score: 4, Insightful

    Wow. And how long do they think their magical key will remain secret? If a single key can open all the doors, finding that key will become more important and the resourced dedicated to discovering it will be increased. The secrets that are being protected are not only -- or even primarily -- the secrets of criminals. There are millions of bank accounts and private medical records along with political dissidents.

    Every weakening of security aids not only law enforcements but criminals as well.

    --
    ===== Murphy's Law is recursive. =====
    1. Re:All your eggs in one basket. by wonkey_monkey · · Score: 1

      If a single key can open all the doors

      Not that it makes much difference to the substance of your point, but I don't think anyone's proposing literally a single key. It could (hypothetically, naively) be one split key per company, or per product, or batch of a product, or maybe even one split key per "real" key.

      I might be missing something which rules out any or all of those possibilities, though.

      --
      systemd is Roko's Basilisk.
    2. Re:All your eggs in one basket. by R3d+M3rcury · · Score: 3, Insightful

      ...and if you only have part of the key, why should you devote resources to protecting it? Let the other guy worry about that.

      Kind of like immunization...

  6. Heh by DivineKnight · · Score: 2

    When the NSA says these kinds of things, it's like they are saying that they are immune to being cracked.

    1. Re:Heh by Scutter · · Score: 2

      When the NSA says these kinds of things, it's like they're saying something that they know is completely ridiculous to turn your attention away from something far more insidious that they're up to.

      --

      "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
  7. Ok. by Anonymous Coward · · Score: 3, Insightful

    While we're asking for stuff we want, I want one billion dollars a year of NSA funding redirected to me. I'll spend it all on providing college scholarships.

    I believe my idea is better than theirs: educated, autonomous individuals make for a better society than fear and authoritarianism. Who's with me?

    1. Re:Ok. by Livius · · Score: 2

      make for a better society

      So clearly it will not happen.

  8. one key, eh? by Anonymous Coward · · Score: 2, Insightful

    One (partitioned) Key to rule them all, One Key to find them,
    One Key to bring them all and in the darkness bind them

    need anyone say more?

    1. Re:one key, eh? by ColdWetDog · · Score: 2

      One (partitioned) Key to rule them all, One Key to find them,
      One Key to bring them all and in the darkness bind them

      need anyone say more?

      At least in the Tolkien fantasies we got orcs, wizards, castles and beautiful elvish women. Here we just get a bunch of overweight, ugly guys, some half assed Star Trek furniture and an ugly old building from the 1960's.

      No key until they at they at least update their image to include a smoking volcano.

      --
      Faster! Faster! Faster would be better!
  9. Dupe. by BitterOak · · Score: 2

    This story was posted yesterday. http://it.slashdot.org/story/1...

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    1. Re:Dupe. by wonkey_monkey · · Score: 5, Funny

      Yes, but unless you have all the parts you can't get the whole story.

      --
      systemd is Roko's Basilisk.
    2. Re:Dupe. by Technician · · Score: 1

      Note who gets the parts. Government, Government, Government. NSA, CIA, DEA, ATF, FAA... How long before they share? Can you say smokescreen? Appease the public. What they don't know. Works until another Snowden incident.

      --
      The truth shall set you free!
  10. Yeah ok by epyT-R · · Score: 1

    ..and these separate entities will be compelled to comply with an NSL, right? Fuck that bullshit. The problem here is statist/authoritarian politics not technology.

    1. Re:Yeah ok by andymadigan · · Score: 2

      Even if it's completely illegal for the NSA to get the other pieces, they'll try. They'll hack in, or they'll snoop into the lives of everyone with access to find something they can use for blackmail...

      Which is why, if this insane policy is enacted, there needs to be another requirement: if the NSA tries to get the other pieces, the director of the NSA gets executed on live TV for treason. So does every official or agent involved in the operation. Same goes for every other government agency.

      Really, though. Hearing the NSA complain that they can't access my private data sounds exactly like complaining they can't bug my apartment. If they want to stop the "turrists" they'll have to learn to do it without creating a worldwide police state.

      --
      The right to protest the State is more sacred than the State.
    2. Re:Yeah ok by rtb61 · · Score: 1

      Now is it the NSA that wants this stuff or is it the corporate masters of the politicians who appoint corporate stooges to run those three letter organisations. Don't like you politics, they want to be able to totally fucking destroy you, make you a non person. Deny all you citizen rights, make it impossible for you to travel, ensure you have only the most menial degrading employment, and if necessary silence you and using extremely belligerent and violent law enforcement who will kill during the arrest (not fucking around any more).

      The corporations want the excuse to hack into everyone ones lives whom they want to control. They fear loosing exploitative control and are become more desperate in their attempts to maintain. The flimsy lies are becoming so pathetic and as you would expect when this occurs, they are becoming more violent in their responses when they fail.

      --
      Chaos - everything, everywhere, everywhen
  11. Great for free software by Sean · · Score: 2

    Such backdoors aren't enforceable in open source projects. If this comes to pass then free software will have a great competitive advantage.

    1. Re:Great for free software by gnasher719 · · Score: 1

      If there is a legal requirement, then it is absolutely enforcable against open source software. If the NSA managed to get laws passed in their favour (which I very much doubt), and for example Apple had to hand over some encryption keys, and all the lawyers they could hire cannot prevent that, what kind of idiot would believe that an open source project would be exempt?

    2. Re:Great for free software by Kjella · · Score: 1

      Until they pass a law demanding that all encryption software must be able to comply with lawful warrants to decrypt the contents and outlaws the rest, making it a crime by iteself. Or just create some procedural rules to keep you in contempt of court until you decrypt it. You really think they're going to clamp down on all proprietary software and totally ignore open source just like that? I admire your optimism but if they can make this happen open source encryption will be on death row.

      --
      Live today, because you never know what tomorrow brings
    3. Re:Great for free software by viperidaenz · · Score: 1

      Also, great for the economy of everywhere but USA. It's an incentive to not have a presence in the country to avoid such laws.

    4. Re:Great for free software by SuricouRaven · · Score: 1

      Open source projects are very geographically mobile. New forks would rapidly appear, managed outside of the US.

    5. Re:Great for free software by sumdumass · · Score: 1

      Until free software gets outlawed for not having them or they make criminals out of people who disable the back doors.

      I have no faith the something like that would be impossible to happen.

    6. Re:Great for free software by radarskiy · · Score: 1

      "free software will have a great competitive advantage."

      There's not even motivation to get enough labor to look for security bugs in free software, let alone for deliberate misfeatures. To get it done you'll have to pay someone to do it, and then you'll have a competitive advantage if you have done it with non-free software.

    7. Re:Great for free software by Sean · · Score: 1

      I doubt it's actually possible to enforce encryption backdoors beyond a few major vendors. The result would be similar to exiting attempts to prohibit reverse engineering. It's impossible to outlaw debuggers, disassemblers, logic analyzers, and similar tools. It's like outlawing radios that can tune in to any station. It's been done, but it's not all that effective.

      Even if all software from major vendors like Microsoft, Apple, and Google implemented protocols with backdoors, correct implementations of the underlying algorithms are necessary for those to function.

      We've seen forced decryption laws in the UK. Forward secrecy basically defeats RIPA, because you can't force someone to decrypt something they never had the key for in the first place.

      China has attempted to regulate cryptography, essentially requiring a license to develop, buy, sell, or research encryption. They have mandatory key escrow too. It's useless. Everyone uses encryption all the time. There's no putting the genie back in the bottle.

    8. Re:Great for free software by spauldo · · Score: 1

      You may find this interesting reading.

      In old versions of UNIX (not open source, but only because there was no such distinction at the time - the source was very much available) the compiler would add code to any program you tried to compile named 'login'. You could look at the source for the login program all you want and never see the backdoor. You also would have a hard time finding the code in the C compiler.

      And this was just something Ken Thompson did to prove that he could. Imagine what the NSA would be capable of.

      --
      Those who can't do, teach. Those who can't teach either, do tech support.
    9. Re:Great for free software by Damarkus13 · · Score: 1

      Isn't that exactly what producing deterministic builds during a security audit supposed to detect?

    10. Re:Great for free software by Kardos · · Score: 2

      Why does this keep coming up?
      This problem is solved: http://www.dwheeler.com/trusti...

    11. Re:Great for free software by gnasher719 · · Score: 1

      I doubt it's actually possible to enforce encryption backdoors beyond a few major vendors. The result would be similar to exiting attempts to prohibit reverse engineering. It's impossible to outlaw debuggers, disassemblers, logic analyzers, and similar tools. It's like outlawing radios that can tune in to any station. It's been done, but it's not all that effective.

      It's not a backdoor that they want, it's a key to the front door :-(

      Here's what they can do: Download an open source package. Send an encrypted email to themselves. Check that they can decrypt it with keys supplied by the software. If not, use all the force that the US police can muster to stamp the supplier out of existence.

  12. Fwiw, last time it didn't work. by Sprite_tm · · Score: 4, Informative

    The designers of the Clipper chip (http://en.wikipedia.org/wiki/Clipper_chip) had just about the same method in mind: encryption for the users, with an independent organization knowing the master keys and being able to hand over session keys to decode communications to government institutions. It was actually the reason why PGP etc were invented.

    We have a similar situation here: the gov wants to have the keys to encrypted machines. Theoretically, the same arguments can be brought up again: it's bad because the keys may leak, it weakens the encryption because there's another set of keys that can be bruteforced or found in a smarter way, but it's also pretty ineffective: the phones that allow people messing around in their systems (Jolla, Ubuntu phones, rooted Androids) will just have third-party, non-gov-approved encryption in them and criminals (and people not really comfortable with NSA snooping) will subsequently use these.

    1. Re:Fwiw, last time it didn't work. by StikyPad · · Score: 1

      the phones that allow people messing around in their systems (Jolla, Ubuntu phones, rooted Androids) will just have third-party, non-gov-approved encryption in them and criminals (and people not really comfortable with NSA snooping) will subsequently use these.

      They'll prohibit and penalize that by restricting such tools, the same way they did with "circumvention tools" in the DMCA. Banks and those with "legitimate" needs excepted, of course.

  13. No problem by joh · · Score: 2

    If one the parties is the user and he gets to keep HIS part of the key, so that nobody can decrypt his data without him giving up his key, fine.

    Would miss the point though...

  14. This all works by __aabppq7737 · · Score: 1

    until, assuming encryption is stacked, one of the escrow holders manages to create a fake key which, when used to decrypt some given message, produces an entirely different result than the key holder's genuine key should generate. Example: Shamir's Secret Sharing

    1. Re:This all works by wonkey_monkey · · Score: 1

      assuming encryption is stacked

      What does "stacked" mean in this context?

      one of the escrow holders manages to create a fake key

      Not quite sure what you mean. Do you mean one of the escrow holders providing a fake "part" of the key, to be joined with the other real parts, thus producing a full, but false, key? Or producing an entire fake key by themselves?

      when used to decrypt some given message, produces an entirely different result than the key holder's genuine key should generate

      Isn't that what all incorrect keys do? Generate a result different from what the genuine key would produce?

      --
      systemd is Roko's Basilisk.
    2. Re:This all works by __aabppq7737 · · Score: 1

      What does "stacked" mean in this context?

      When I said "stacked" encryption I meant encrypting an already encrypted file repetitively.

      Isn't that what all incorrect keys do? Generate a result different from what the genuine key would produce

      I meant to say 'generate a result that could be misinterpreted as a valid message', thus maintaining the so-thought integrity of the fake message.

      For example, drawing from Get Smart, imagine that Alice wanting to communicate with Bob uses a plain-text message that looks unencrypted to bystander Eve, such as:

      My food is good. Eating is good. Eating is good. To infinity and beyond. Underestimate how delicious food is. Near broccoli is guacamole. Do not eat asparagus. Eat bread, instead. Read the recipe books. Toward the breadbox is the bread. Hens taste good on the table. Eggs go well with turkey. Beer is an alcoholic beverage. Right behind the fridge is a mouse. Indigo is a nice color for plums. Don't burn the food. Green eggs and ham taste bad. Empty the trash can when you get here.

      If you take the first letter from each word, you get MEETUNDERTHEBRIDGE, or Meet [me] under the bridge. But this message appeared unencrypted, even supposing that this message passed the very last layer of escrow.

    3. Re:This all works by wonkey_monkey · · Score: 1

      I meant to say 'generate a result that could be misinterpreted as a valid message', thus maintaining the so-thought integrity of the fake message.

      Ah, I think I see where my confusion arose. When you said "one of the escrow holders manages to create a fake key" you didn't mean that the key itself was fake - it would still be right key, according to the key escrow process - but that the original encryption could have been done in such a way as to cause the correct key to return a misleading result?

      produces an entirely different result than the key holder's genuine key should generate.

      Not if by "genuine key" you mean the key used by the proprietary device, and for which step it also generates the secret split key to allow decryption by agencies. Any decryption by either of those keys will result in the correct decryption.

      If by "genuine key" you mean the key used to encrypt the data before it went through device encryption, well, then the escrow decryption process will still produce the correct intermediate (once-encrypted) text.

      --
      systemd is Roko's Basilisk.
    4. Re:This all works by retchdog · · Score: 1

      It wouldn't be stacked, ffs. Stacking encryption wastes compute time at best, or compromises the encryption at worst. Basically, the single encryption key would literally be split into pieces; each of k members would get N/k of the bits according to some protocol (perhaps interleaved). Shamir's Secret Sharing is an elaborate example of doing a lot better than that, so using it as an example of an attack against stacked encryption is rather ironic.

      I defy you to take any currently-good cryptosystem and craft a "fake key" which will decrypt a known cyphertext, C, as plaintext B as opposed to the intended A, when combined with other fixed keys. Jesus christ, even if you knew what the other keys were, we're talking about an insanely difficult task.

      --
      "They were pure niggers." – Noam Chomsky
  15. The key has been scattered across this land... by Riddler+Sensei · · Score: 1

    Well, this scheme would effectively make it impossible for any party to complete the key. As each organization embarks on the quest to collect the shattered fragments of the key they will all invariably get stuck at the Water Temple and just give up.

  16. Well, that's a load of horseshit by Hizonner · · Score: 4, Insightful

    There's no "centuries-old social compact" or whatthefuck ever, let alone one around warrants.

    • There's no problem getting data access using warrants, no matter how much encryption you have. It's just that you have to get the data from the person who owns them, rather than sneaking through a third party. If the owner doesn't cooperate, you have a process to compel them. You know, just like warrants and other court orders have worked for hundreds of years. It's really unprecedented to be able to get access to somebody's personal papers without that person even knowing it.
    • There's no long-established ability to get access to people's ephemeral communications without physically following them around. That wasn't even possible until the telephone came along. For hundreds of years before that, you had to actually engage and gain people's individual confidence to spy on them.
    • Rogers' agency (the NSA) has never used warrants, not ever. It was given warrantless powers it probably should not have been given, arguably illegally because you can't do it under the constitution. It has then repeatedly gone beyond those already excessive powers over the entire course of its existence. It takes a lot of gall for somebody like Rogers to whine about lawful authority to do anything, let alone about warrants.

    What a sack of shit.

    And, yeah, the idea that you're going to have this magic key that only good guys can use is also technically and operationally impossible... as every single person in the NSA or anywhere else in the federal intelligence or law enforcement agencies knows damned well. I assume they want to create it so that they can steal it and use it for mass attacks. If they don't want me to believe that, well, they need to overcome their decades-long pattern of established behavior.

    1. Re:Well, that's a load of horseshit by Hizonner · · Score: 1

      There's no point in my replying to such total clueless incomprehension of my three paragraphs of explanation.

      But I do want to correct this misapprehension, because I can see where it might come from:

      You can't just call anything you like a sack of shit without providing any sort of argument to the negative.

      The "sack of shit" I meant was Mike Rogers, personally. I wouldn't want anybody to think I hadn't meant to insult that sack of shit.

    2. Re:Well, that's a load of horseshit by edtice1559 · · Score: 1

      I like your argument but it simply isn't true. We've had wiretaps as long as there has been a phone system. This is really the analogous capability for encrypted devices. I'm not saying that this is a good policy idea. I think it's terrible for all of the reasons already expressed. But it's not new or novel.

    3. Re:Well, that's a load of horseshit by Hizonner · · Score: 1

      There are two parts to this: "wiretap-like" ephemeral communication, and "personal-papers-like" data stored in devices (and, more importantly in this debate, in associated cloud services).

      On the far more important personal papers side, there has simply never, ever been a time in the past when you could expect as a matter of course to get somebody's personal papers surreptitiously, from a third party. Yes, you might have gotten lucky and been able to do that, but in the vast majority of cases you were going to have to go directly and overtly to that person and seize those papers.

      That's a HUGE change. It's new with cloud storage and remote device access. It's total bullshit to pretend that it resembles anything in the past.

      Nor is it new that the target of an investigation can obscure or obfuscate the content of those papers, or destroy those papers when you come after them, or hide them and refuse to tell you where they are, or any number of other things. People hid their letters all the time. There's nothing new in kind here.

      As for matters of degree, well, yeah, modern encryption is easier and more effective than old methods of securing your papers. On the other hand, the "papers" being secured are incomparably more detailed, information-rich, and difficult to avoid creating, and you carry all of them with you all the time. What you would have gotten on somebody if you managed to find their hidden letters even 20 years ago is not even close to what you can get on somebody burrowing through their phone today.

      So if there has been any change in the practical circumstances recently, it's that searches of "personal papers" have become more productive, not less. And encryption would only partially undo that.

      On the less important wiretap side, yes, there have been wiretaps for about 100 years. They were pretty controversial even in those illiberal times, but they crept by the US Supreme Court (1926, I think it was). However, in the WaPo article, we had talk[1] about "standard American practice for the past couple of hundred years".

      That puts the time before wiretaps into play. And I choose to look at all of the time before wiretaps, which includes most of the time during which the common law developed, the time during which legal expectations about privacy evolved, and the time at which the US constitution was written. In the context of that time, wiretaps are a pretty damned recent blip. They were a technological windfall for spooks, and spooks' addiction to them doesn't justify perpetuating that windfall when the technology changes.

      [1] The person who made the "last couple of hundred years" comment was admittedly not Rogers, who apparently confined himself to disingenuously advocating for technical measures he has to know can't possibly work, and which would be suspiciously amenable to exactly the sort of abuse his agency is famous for. The "couple of hundred years" comment was from deputy AG David Bitkower. So maybe I should have named Bitkower as a sack of shit, too.

    4. Re:Well, that's a load of horseshit by edtice1559 · · Score: 1

      It's too bad you can't moderate up good counter-arguments.

  17. bow tie and nice NIST endorsement by epine · · Score: 1

    Key fragments? Can we have that with a bow tie and a nice NIST endorsement?

    When you break your word, you break something that can not be mended.

    Even if you wear the regal black cloak of the Central Malfeasance Agency, when you're found out, it can and will be held against you.

    Ho hum. This is clipper chip redux.

    In 1997, a group of leading cryptographers published a paper, "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption," analyzing the architectural vulnerabilities of implementing key escrow systems in general, including but not limited to the Clipper Chip Skipjack protocol. The technical flaws described in this paper were instrumental in the demise of the Clipper chip as a public policy option.
    ...
    The U.S. government continued to press for key escrow by offering incentives to manufacturers, allowing more relaxed export controls if key escrow were part of cryptographic software that was exported.

    Cooperation requires either trust or truncheons. No worries for the NSA. It'll soon enough be classified as a state-secret crime against humanity to bleat when beaten, if it isn't already.

  18. i really don't get it by resfilter · · Score: 1

    their profiled "terrorists" are usually from societies that are accustomed to communicating covertly without any electronic means.

    i'm not an expert in terrorism or communication, but i was a punk kid once that did bad things. even i was smart enough to know that if you were planning something big and illegal, you didn't go calling people about it, or writing it down.

    do they really think that someone is going to send an email or text message saying "hit the big red button 12:30 next tuesday"? or that someone will save a map to a warehouse of deadly weapons in "the cloud" and name it "weaponsmap.jpg"?

    of course they don't.

    so how is this gaping hole in the intensions of the survaillance plan not being used as leverage to stop this nonsense before america goes from paranoid to total police state at the press of a button one night? are people so weak that all it would take is someone sending an encrypted message about a "serious terrorist act that would kill a lot of people" that's "intercepted" and the plot "stopped" to widen the scope of this stuff?

    as someone watching this from outside the USA, it's very confusing to me

    1. Re:i really don't get it by Livius · · Score: 1

      someone will save a map to a warehouse of deadly weapons in "the cloud" and name it "weaponsmap.jpg"?

      of course they don't.

      Of course they will.

      That's what the decoy map is for.

  19. Trust is a two-way street by DoofusOfDeath · · Score: 1

    We'll give the NSA expedient access to our encrypted data...

    When they'll confess to all possible breaches of our Constitution, and submit to the death penalty for any actual breaches.

    Have we got a deal, NSA? Oh, why not? You fucking traitors.

  20. Life for crypto experts at NSA by whoever57 · · Score: 1

    What must life be like for crypto experts at the NSA? I assume that they are smart people, who must surely realize what a boneheaded idea this is. Imagine working somewhere where your most senior bosses go around publicly showing off their lack of knowledge.

    --
    The real "Libtards" are the Libertarians!
    1. Re:Life for crypto experts at NSA by SuricouRaven · · Score: 1

      Or maybe they already have ways into just about everything, and this doomed request is just to create the false impression they need it?

  21. Re:This also helps other countries... by Phydeaux · · Score: 2

    Really? Republicans? That's what you're going with? Get me if I'm wrong, but didn't a major Democrat (who's running for US President) stop using her State Department provided email account so she could send her mail through a mailserver she controlled, which would not be archived, audited or available to FOIA requests? And then when asked for the mailserver contents, said "hey, we went through it all and there's nothing of interest there. Hey, is that a squirrel over there?" God thing you're posting as AC. Should probably be AI, Anonymous Idiot...

  22. that might work.... by Anonymous Coward · · Score: 1

    until the NSA finishes hacking the other agencies for their part of the keys. It's not like they've tried anything like that before. (http://www.wired.com/2015/02/gemalto-confirms-hacked-insists-nsa-didnt-get-crypto-keys/)

  23. Dear NSA by lkcl · · Score: 1

    Dear NSA,

    I would love to design the phone that you are asking for. please pay the sum of $USD 30 million into my bank account and i will organise it straight away. also, please sign a contract that you will subsidise the cost of every single phone sold because in order to add the extra encryption that you are expecting it will push up the price, and in a competitive business world nobody would buy it without subsidies.

    I look forward to hearing from you shortly.

    Signed, Luke Leighton
    (Libre and FSF-Endorseable Hardware Design Engineer)

    1. Re:Dear NSA by currently_awake · · Score: 1

      Existing phones have the processing power to do end to end encryption without any new hardware. You'll need to audit or re-write your entire software stack (including baseband) to keep out back doors of course, and that will be expensive. But unit cost increase will still be a few dollars per phone, not enough to make them unsellable.

  24. All this means is OPPORTUNITY for Chinese spies by AutodidactLabrat · · Score: 1

    whose government will now mandate a successful encryption that even THEY can't break....except they can.
    Push the clients out of U.S. markets for phones and services
    THAT will help!

  25. This is so naive by Anonymous Coward · · Score: 1

    It doesn't make sense at any level I think about it. If e.g. mobile phones had publically known backdoors built-in, it would essentially prevent their use in many governmental organizations around the world. Such devices would most likely be ultimately outlawed altogether in many countries.

    And there's always that one small thing: if someone has the keys to all the devices, those keys will be worth gold to every single spy agency around the world. The only way to prevent this threat is to not have the keys at all. The US government wasn't able to keep the keys to the Atom bomb secret so how could they possibly protect global decryption keys.

  26. Old German proverb by Opportunist · · Score: 5, Interesting

    Ist der Ruf erst mal ruiniert, lebt sich's völlig ungeniert.

    It loses a bit in translation, but essentially the meaning is "once your reputation is ruined, you can as well stop having any shame".

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  27. Or they could do their actual job by spiritplumber · · Score: 1
    Dear NSA, privacy arguments aside: You guys have the specific job of making codes and breaking codes.

    If we do it for you, then don't expect us to pay you as much as we do anymore.

    Do your own damn homework same as everyone else.

    --
    Liberty - Security - Laziness - Pick any two.
  28. bullshit by Anonymous Coward · · Score: 1

    Just download the "no backdoor" patch from Europe. If the law applies to the producer, then you're legally safe. If not, they must reveal that they were spying on you to exploit it, so you can sue them for information on their investigations, etc.

  29. Re:bullshit by Akaihiryuu · · Score: 2

    This exactly. Even IF somehow open source projects were "forced" to include a back door...then knowledgeable people could easily just remove the back door from their copy. And explain to others how to easily do it on some forum hosted outside the US.

  30. Giant data centers by MrL0G1C · · Score: 1

    So they are building insanely large data centers.... to collect metadata.

    I swear that doesn't add up.

    --
    Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  31. This is why in the 18th century... by mpthompson · · Score: 1

    ...the founding fathers of this country outlawed the burning of slips of paper so the citizenry couldn't hide information from the government. This is just the 21st century equivalent so what's the big deal?

  32. Okay by Lord+Bitman · · Score: 1

    one of those parties is the customer, though

    --
    -- 'The' Lord and Master Bitman On High, Master Of All
  33. The government wants you to think.. by MpVpRb · · Score: 1

    ..that they are totally honest and competent, and that weakening security will only hurt the bad guys

    In the real world, government security is done by people who actually want to work for the government..if you're at the bottom of the technological barrel..hey, a job is a job..and government jobs have job security. Yeah, I have to take a drug test..but that's OK..I don't use illegal drugs (within the testing window)

    If you are on the other side of the fence..all that matters is technical competence

    You might be a criminal, or a terrorist, or someone who is just pissed off..but IF you have the ability to exploit the weaknesses that are intentionally introduced, under the pretext of national security..you will win

  34. Apple already has this by koan · · Score: 1

    might be a requirement that technology companies create a digital key that can open any locked device to obtain text messages or other content, but divide the key into pieces so no one group could use it without the cooperation of other parties."

    Apple already has a "corporate key".

    --
    "If any question why we died, Tell them because our fathers lied."
  35. Wish in one hand, shit in the other... by BozoForPresident · · Score: 1

    The NSA wants front door decryption access - Yeah, and I want to sleep with a different bouncy cheerleader every night.

  36. A matter of priorities by plsuh · · Score: 3, Insightful

    The US government has lost sight of the larger issue here. The tail (NSA and law enforcement) is wagging the dog.

    The NSA and law enforcement agencies want to be able to intercept anything, since it makes their jobs easier. However, this runs counter to the larger national interest of the United States.

    Which country has the highest level of connectedness and dependence on the Internet? Which country would be worst hurt if a sophisticated attacker was able to penetrate and conduct malicious actions using the systems connected to the Internet? The US, that's who. It is by far in the US's overall national interest to properly secure the Internet and communications infrastructure. Eavesdropping on everyone else is a secondary benefit, in comparison.

    The proper role of the President and the Attorney General is to separate the desire of the NSA and law enforcement to make their jobs easier from the greater benefit to the country as a whole. They need to tell the ambitious underlings "NO" in unequivocal terms, then bitch slap them if they keep whining about it.

    --Paul

  37. Here we go again.. by MegOnWheels · · Score: 1

    It is almost as if this idea comes up every 7 to 10 years except that the scope increases each time.. With any luck they wont get it over the line..

    I suspect that sophisticated crooks and terrorists have perfect paperwork and perfect online personas, passports and other documentation which means that the only people they are going to trap are the random idiots and the majority of the law abiding population.

  38. NSA wants to put American out of business by duke_cheetah2003 · · Score: 2

    Could you imagine if the NSA actually was permitted to do this? The moment something like this came to be true, every tech company cooperating would simply go out of business. Who would buy anything with a backdoor built into it? I wouldn't.

    Shut down the NSA, to even suggest this is economic armageddon. I don't even need to go anywhere near the freedom and privacy aspects of this, I can appeal the capitalists, this is just bad for business.

    1. Re:NSA wants to put American out of business by freedom4us · · Score: 1

      Yes I believe you or if not most others would. Apple is already responding to government requests, the dissappearing of warrant canary, do you remember? and the whole facebook thing? come on :))

  39. Sounds good... by Copid · · Score: 1

    ...as long as they're cool with all of our multinational tech companies doing the same favor for the Chinese government. I mean, laws are laws, right?

    --
    An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
  40. Nothing new by fred911 · · Score: 1

    Did we all forget Clinton and their Clipper initiative? Or has it just become easier to understand for Joe Sixpack?

    --
    09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  41. Good luck with that by PPH · · Score: 1

    The only trustworthy solution is one based on end to end encryption. The tech companies have nothing but encrypted content to move around. They have nothing to give the NSA that they could use.

    --
    Have gnu, will travel.
  42. What does the NSA really want? by n0ano · · Score: 1

    Much as we dislike the NSA I don't think anyone would argue that they are stupid. Morally bankrupt, ethically challenged, constitutionally wrong - yes, but stupid - no. Therefore the NSA clearly knows that this is a stupid idea and will never work and will never be implemented. I have to believe this is a negotiating ploy (ask for something totally outrageous so that you can be bargained down to something merely obnoxious - which is what you wanted all along).

    That being the case then this must be their totally outrageous start. What do they really want that they will `settle` for?

    --
    Don Dugger
    "Censeo Toto nos in Kansa esse decisse." - D. Gale
  43. Irrelevant by Anonymous Coward · · Score: 1

    USA is falling into irrelevancy wrt to secure technology and services. It doesn't matter anymore. Do whatever you like NSA, everybody is switching to european services.

  44. NO by Anonymous Coward · · Score: 1

    The NSA does not represent what is best for our country or our future. They have chosen their path, and it is not one we can follow if we wish to have a bright economic or free future for our children, to remain trusted by people who use our products, or to remain respected as a country where the rule of law is followed.

  45. Use this phrase: by jcr · · Score: 1

    "Not without a warrant, motherfucker."

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
    1. Re:Use this phrase: by Bob+the+Super+Hamste · · Score: 1

      I have always preferred:
      "Go fuck yourself with a spindle sander"

      --
      Time to offend someone
  46. Re:bullshit by gnasher719 · · Score: 1

    This exactly. Even IF somehow open source projects were "forced" to include a back door...then knowledgeable people could easily just remove the back door from their copy. And explain to others how to easily do it on some forum hosted outside the US.

    It's quite obvious that if major companies had to give their keys to the NSA, then owning or distributing software that doesn't do this would be in itself made a serious crime.

  47. The death of american software by LordWabbit2 · · Score: 2

    This is moronic, if this is put in place only Americans will use American software (and then only some of them). NO other country is going to voluntarily use software they know has a "front door" regardless of all the "good intentions" promised by splitting the key up. May as well shoot Microsoft in the foot.

    --
    There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
    1. Re:The death of american software by JohnFen · · Score: 1

      May as well shoot Microsoft in the foot.

      You shouldn't argue against a thing by pointing out a positive result of it.

  48. Re:bullshit by johnwallace123 · · Score: 2

    Reminds me of warnings on grape juice concentrate sold during prohibition: "After dissolving the brick in a gallon of water, do not place the liquid in a jug away in the cupboard for twenty days, because then it would turn into wine."

    Could we get something similar: "After downloading the code, do not remove lines 33-67 of Encrypt.c, as this will disable the legally mandated NSA back doors"

  49. Hmm, hard problem. by Bonzoli · · Score: 1

    On the one side, the NSA is collecting data on American's using secret orders with a rubber duck stamp that has a pirate patch on its eye. On the other side we have Russia owned by a kleptocracy and threats of nuclear war if anyone interferes with their invasion plans.
    Hmm,....

  50. Fair Trade? by MagickalMyst · · Score: 1

    Ok, how about giving root access to all government, law enforcement, and military computers to the general public so they can perform valuable oversight duties to ensure that no corruption or criminal activity is present in our institutions?

    Spy on them as they spy on us.

    --
    Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
  51. Interesting exercise by Mariner28 · · Score: 1

    It would be an interesting Big Data exercise to see trading data by certain federal government employees... Oh, I don't know - perhaps to see what the average gains were in a 12-month period compared to the gains of the average Joe in private industry?

    --
    "A little misunderstanding? Galileo and the Pope had a little misunderstanding."
  52. Re:bullshit by JohnFen · · Score: 2

    Could we get something similar: "After downloading the code, do not remove lines 33-67 of Encrypt.c, as this will disable the legally mandated NSA back doors"

    Or... do not compile this code without #defining INCLUDE_BACKDOORS as this will disable the legally mandated back doors.

  53. Please by WindBourne · · Score: 1

    Idiots like you are everywhere.
    You think that America is the ONLY one that has loads of backdoors? You are a REAL idiot, or work for the Chinese gov.

    --
    I prefer the "u" in honour as it seems to be missing these days.
    1. Re:Please by ruir · · Score: 1

      You are wrong, I am just a european "idiot". Only a naive would believe NSA has to ask for backdoors, this "newsflash" is just political propaganda for the sheeple. Please do go on, I bet you believe too 9/11 was a work of a fictional terrorist cell.

    2. Re:Please by ruir · · Score: 1

      And what you propose? Use products with american backdoors because they are your "friends"? What do you expect me to say, thank you or fuck you? I am confused by your reasoning.

    3. Re:Please by WindBourne · · Score: 1

      So, what exactly was 9/11 if not a terrorist act?
      And I did not say that NSA had to ask for backdoors. They are everywhere. BUT, when data is encrypted, it makes it harder for ANY government to get around.

      Oh, yes, ALL of the european govs are involved in spying on their citizens as well.

      --
      I prefer the "u" in honour as it seems to be missing these days.
    4. Re:Please by WindBourne · · Score: 1

      who do you want spying on you? If you buy a commercial product that was produced in China, I guarantee that it has a backdoor. That is why the DOD insists that Cisco manufacture their network equipment here in America (and they do).

      Our best bet for staying off radars is to not trust ANY commercial product, and go with OSS. FreeBSD is good. So is Linux. Using Commercial OSs from any nation will get you spied on, simple as that.

      But in the end, for those of us in the west, it is better to have European govs, or the 5-eyes (now bigger, though I am not certain how big), spy on us, rather than Chinese and Russian.

      --
      I prefer the "u" in honour as it seems to be missing these days.
  54. that's why I never store my private keys ... by RealRaven2000 · · Score: 1

    ... on a server. They cannot share what they don't have. Generate your own private keys and give them to nobody.

  55. Re:This also helps other countries... by Bob+the+Super+Hamste · · Score: 1

    But everyone basically agrees that Nixon was an asshole and is trotted out to divert attention away from the fact that current policies would have been a wet dream for Nixon. New rule to judge a government policy, if Nixon would have used against those on his enemies list then it is a really shitty unconstitutional action and those proposing or pushing for it should impeached for failing to uphold their oath of office and duty to the constitution.

    --
    Time to offend someone