The NSA Wants Tech Companies To Give It "Front Door" Access To Encrypted Data
An anonymous reader writes The National Security Agency is embroiled in a battle with tech companies over access to encrypted data that would allow it to spy (more easily) on millions of Americans and international citizens. Last month, companies like Google, Microsoft, and Apple urged the Obama administration to put an end to the NSA's bulk collection of metadata. "National Security Agency officials are considering a range of options to ensure their surveillance efforts aren't stymied by the growing use of encryption, particularly in smartphones. Key among the solutions, according to The Washington Post, might be a requirement that technology companies create a digital key that can open any locked device to obtain text messages or other content, but divide the key into pieces so no one group could use it without the cooperation of other parties."
Fuck the NSA!!
A government body gets the whole key and then has it stolen from them and we're all left with our trousers down in a changing room made of glass.
No. If there is an EASY way to decrypt information, then that data is NOT SAFE and the encryption is useless.
As you all know, our country is subject to terrible terrorist threats. It has come to the attention of your friends at the National Security Agency ("we put the security in the national") that terrorists have, under certain circumstances, used the United States Postal Service, United Parcel Service, and Federal Express in order to facilitate their terrorist doings. Therefore, we would appreciate it if, effective immediately, you stop sealing your parcels and envelopes, to make inspection easier.
This is for your protection. Please don't object, or we'll have to illegally open your items and lie about it. Thank you.
The fact that the NSA thinks it can achieve this shows how far our civil liberties have fallen.
Wow. And how long do they think their magical key will remain secret? If a single key can open all the doors, finding that key will become more important and the resourced dedicated to discovering it will be increased. The secrets that are being protected are not only -- or even primarily -- the secrets of criminals. There are millions of bank accounts and private medical records along with political dissidents.
Every weakening of security aids not only law enforcements but criminals as well.
===== Murphy's Law is recursive. =====
When the NSA says these kinds of things, it's like they are saying that they are immune to being cracked.
While we're asking for stuff we want, I want one billion dollars a year of NSA funding redirected to me. I'll spend it all on providing college scholarships.
I believe my idea is better than theirs: educated, autonomous individuals make for a better society than fear and authoritarianism. Who's with me?
One (partitioned) Key to rule them all, One Key to find them,
One Key to bring them all and in the darkness bind them
need anyone say more?
This story was posted yesterday. http://it.slashdot.org/story/1...
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
..and these separate entities will be compelled to comply with an NSL, right? Fuck that bullshit. The problem here is statist/authoritarian politics not technology.
Such backdoors aren't enforceable in open source projects. If this comes to pass then free software will have a great competitive advantage.
The designers of the Clipper chip (http://en.wikipedia.org/wiki/Clipper_chip) had just about the same method in mind: encryption for the users, with an independent organization knowing the master keys and being able to hand over session keys to decode communications to government institutions. It was actually the reason why PGP etc were invented.
We have a similar situation here: the gov wants to have the keys to encrypted machines. Theoretically, the same arguments can be brought up again: it's bad because the keys may leak, it weakens the encryption because there's another set of keys that can be bruteforced or found in a smarter way, but it's also pretty ineffective: the phones that allow people messing around in their systems (Jolla, Ubuntu phones, rooted Androids) will just have third-party, non-gov-approved encryption in them and criminals (and people not really comfortable with NSA snooping) will subsequently use these.
If one the parties is the user and he gets to keep HIS part of the key, so that nobody can decrypt his data without him giving up his key, fine.
Would miss the point though...
until, assuming encryption is stacked, one of the escrow holders manages to create a fake key which, when used to decrypt some given message, produces an entirely different result than the key holder's genuine key should generate. Example: Shamir's Secret Sharing
Well, this scheme would effectively make it impossible for any party to complete the key. As each organization embarks on the quest to collect the shattered fragments of the key they will all invariably get stuck at the Water Temple and just give up.
There's no "centuries-old social compact" or whatthefuck ever, let alone one around warrants.
What a sack of shit.
And, yeah, the idea that you're going to have this magic key that only good guys can use is also technically and operationally impossible... as every single person in the NSA or anywhere else in the federal intelligence or law enforcement agencies knows damned well. I assume they want to create it so that they can steal it and use it for mass attacks. If they don't want me to believe that, well, they need to overcome their decades-long pattern of established behavior.
Key fragments? Can we have that with a bow tie and a nice NIST endorsement?
Even if you wear the regal black cloak of the Central Malfeasance Agency, when you're found out, it can and will be held against you.
Ho hum. This is clipper chip redux.
Cooperation requires either trust or truncheons. No worries for the NSA. It'll soon enough be classified as a state-secret crime against humanity to bleat when beaten, if it isn't already.
their profiled "terrorists" are usually from societies that are accustomed to communicating covertly without any electronic means.
i'm not an expert in terrorism or communication, but i was a punk kid once that did bad things. even i was smart enough to know that if you were planning something big and illegal, you didn't go calling people about it, or writing it down.
do they really think that someone is going to send an email or text message saying "hit the big red button 12:30 next tuesday"? or that someone will save a map to a warehouse of deadly weapons in "the cloud" and name it "weaponsmap.jpg"?
of course they don't.
so how is this gaping hole in the intensions of the survaillance plan not being used as leverage to stop this nonsense before america goes from paranoid to total police state at the press of a button one night? are people so weak that all it would take is someone sending an encrypted message about a "serious terrorist act that would kill a lot of people" that's "intercepted" and the plot "stopped" to widen the scope of this stuff?
as someone watching this from outside the USA, it's very confusing to me
We'll give the NSA expedient access to our encrypted data...
When they'll confess to all possible breaches of our Constitution, and submit to the death penalty for any actual breaches.
Have we got a deal, NSA? Oh, why not? You fucking traitors.
What must life be like for crypto experts at the NSA? I assume that they are smart people, who must surely realize what a boneheaded idea this is. Imagine working somewhere where your most senior bosses go around publicly showing off their lack of knowledge.
The real "Libtards" are the Libertarians!
Really? Republicans? That's what you're going with? Get me if I'm wrong, but didn't a major Democrat (who's running for US President) stop using her State Department provided email account so she could send her mail through a mailserver she controlled, which would not be archived, audited or available to FOIA requests? And then when asked for the mailserver contents, said "hey, we went through it all and there's nothing of interest there. Hey, is that a squirrel over there?" God thing you're posting as AC. Should probably be AI, Anonymous Idiot...
until the NSA finishes hacking the other agencies for their part of the keys. It's not like they've tried anything like that before. (http://www.wired.com/2015/02/gemalto-confirms-hacked-insists-nsa-didnt-get-crypto-keys/)
Dear NSA,
I would love to design the phone that you are asking for. please pay the sum of $USD 30 million into my bank account and i will organise it straight away. also, please sign a contract that you will subsidise the cost of every single phone sold because in order to add the extra encryption that you are expecting it will push up the price, and in a competitive business world nobody would buy it without subsidies.
I look forward to hearing from you shortly.
Signed, Luke Leighton
(Libre and FSF-Endorseable Hardware Design Engineer)
whose government will now mandate a successful encryption that even THEY can't break....except they can.
Push the clients out of U.S. markets for phones and services
THAT will help!
It doesn't make sense at any level I think about it. If e.g. mobile phones had publically known backdoors built-in, it would essentially prevent their use in many governmental organizations around the world. Such devices would most likely be ultimately outlawed altogether in many countries.
And there's always that one small thing: if someone has the keys to all the devices, those keys will be worth gold to every single spy agency around the world. The only way to prevent this threat is to not have the keys at all. The US government wasn't able to keep the keys to the Atom bomb secret so how could they possibly protect global decryption keys.
Ist der Ruf erst mal ruiniert, lebt sich's völlig ungeniert.
It loses a bit in translation, but essentially the meaning is "once your reputation is ruined, you can as well stop having any shame".
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If we do it for you, then don't expect us to pay you as much as we do anymore.
Do your own damn homework same as everyone else.
Liberty - Security - Laziness - Pick any two.
Just download the "no backdoor" patch from Europe. If the law applies to the producer, then you're legally safe. If not, they must reveal that they were spying on you to exploit it, so you can sue them for information on their investigations, etc.
This exactly. Even IF somehow open source projects were "forced" to include a back door...then knowledgeable people could easily just remove the back door from their copy. And explain to others how to easily do it on some forum hosted outside the US.
So they are building insanely large data centers.... to collect metadata.
I swear that doesn't add up.
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
...the founding fathers of this country outlawed the burning of slips of paper so the citizenry couldn't hide information from the government. This is just the 21st century equivalent so what's the big deal?
one of those parties is the customer, though
-- 'The' Lord and Master Bitman On High, Master Of All
..that they are totally honest and competent, and that weakening security will only hurt the bad guys
In the real world, government security is done by people who actually want to work for the government..if you're at the bottom of the technological barrel..hey, a job is a job..and government jobs have job security. Yeah, I have to take a drug test..but that's OK..I don't use illegal drugs (within the testing window)
If you are on the other side of the fence..all that matters is technical competence
You might be a criminal, or a terrorist, or someone who is just pissed off..but IF you have the ability to exploit the weaknesses that are intentionally introduced, under the pretext of national security..you will win
might be a requirement that technology companies create a digital key that can open any locked device to obtain text messages or other content, but divide the key into pieces so no one group could use it without the cooperation of other parties."
Apple already has a "corporate key".
"If any question why we died, Tell them because our fathers lied."
The NSA wants front door decryption access - Yeah, and I want to sleep with a different bouncy cheerleader every night.
The US government has lost sight of the larger issue here. The tail (NSA and law enforcement) is wagging the dog.
The NSA and law enforcement agencies want to be able to intercept anything, since it makes their jobs easier. However, this runs counter to the larger national interest of the United States.
Which country has the highest level of connectedness and dependence on the Internet? Which country would be worst hurt if a sophisticated attacker was able to penetrate and conduct malicious actions using the systems connected to the Internet? The US, that's who. It is by far in the US's overall national interest to properly secure the Internet and communications infrastructure. Eavesdropping on everyone else is a secondary benefit, in comparison.
The proper role of the President and the Attorney General is to separate the desire of the NSA and law enforcement to make their jobs easier from the greater benefit to the country as a whole. They need to tell the ambitious underlings "NO" in unequivocal terms, then bitch slap them if they keep whining about it.
--Paul
It is almost as if this idea comes up every 7 to 10 years except that the scope increases each time.. With any luck they wont get it over the line..
I suspect that sophisticated crooks and terrorists have perfect paperwork and perfect online personas, passports and other documentation which means that the only people they are going to trap are the random idiots and the majority of the law abiding population.
Could you imagine if the NSA actually was permitted to do this? The moment something like this came to be true, every tech company cooperating would simply go out of business. Who would buy anything with a backdoor built into it? I wouldn't.
Shut down the NSA, to even suggest this is economic armageddon. I don't even need to go anywhere near the freedom and privacy aspects of this, I can appeal the capitalists, this is just bad for business.
...as long as they're cool with all of our multinational tech companies doing the same favor for the Chinese government. I mean, laws are laws, right?
An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
Did we all forget Clinton and their Clipper initiative? Or has it just become easier to understand for Joe Sixpack?
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
The only trustworthy solution is one based on end to end encryption. The tech companies have nothing but encrypted content to move around. They have nothing to give the NSA that they could use.
Have gnu, will travel.
Much as we dislike the NSA I don't think anyone would argue that they are stupid. Morally bankrupt, ethically challenged, constitutionally wrong - yes, but stupid - no. Therefore the NSA clearly knows that this is a stupid idea and will never work and will never be implemented. I have to believe this is a negotiating ploy (ask for something totally outrageous so that you can be bargained down to something merely obnoxious - which is what you wanted all along).
That being the case then this must be their totally outrageous start. What do they really want that they will `settle` for?
Don Dugger
"Censeo Toto nos in Kansa esse decisse." - D. Gale
USA is falling into irrelevancy wrt to secure technology and services. It doesn't matter anymore. Do whatever you like NSA, everybody is switching to european services.
The NSA does not represent what is best for our country or our future. They have chosen their path, and it is not one we can follow if we wish to have a bright economic or free future for our children, to remain trusted by people who use our products, or to remain respected as a country where the rule of law is followed.
"Not without a warrant, motherfucker."
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
This exactly. Even IF somehow open source projects were "forced" to include a back door...then knowledgeable people could easily just remove the back door from their copy. And explain to others how to easily do it on some forum hosted outside the US.
It's quite obvious that if major companies had to give their keys to the NSA, then owning or distributing software that doesn't do this would be in itself made a serious crime.
This is moronic, if this is put in place only Americans will use American software (and then only some of them). NO other country is going to voluntarily use software they know has a "front door" regardless of all the "good intentions" promised by splitting the key up. May as well shoot Microsoft in the foot.
There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
Reminds me of warnings on grape juice concentrate sold during prohibition: "After dissolving the brick in a gallon of water, do not place the liquid in a jug away in the cupboard for twenty days, because then it would turn into wine."
Could we get something similar: "After downloading the code, do not remove lines 33-67 of Encrypt.c, as this will disable the legally mandated NSA back doors"
On the one side, the NSA is collecting data on American's using secret orders with a rubber duck stamp that has a pirate patch on its eye. On the other side we have Russia owned by a kleptocracy and threats of nuclear war if anyone interferes with their invasion plans.
Hmm,....
Ok, how about giving root access to all government, law enforcement, and military computers to the general public so they can perform valuable oversight duties to ensure that no corruption or criminal activity is present in our institutions?
Spy on them as they spy on us.
Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
It would be an interesting Big Data exercise to see trading data by certain federal government employees... Oh, I don't know - perhaps to see what the average gains were in a 12-month period compared to the gains of the average Joe in private industry?
"A little misunderstanding? Galileo and the Pope had a little misunderstanding."
Could we get something similar: "After downloading the code, do not remove lines 33-67 of Encrypt.c, as this will disable the legally mandated NSA back doors"
Or... do not compile this code without #defining INCLUDE_BACKDOORS as this will disable the legally mandated back doors.
Idiots like you are everywhere.
You think that America is the ONLY one that has loads of backdoors? You are a REAL idiot, or work for the Chinese gov.
I prefer the "u" in honour as it seems to be missing these days.
... on a server. They cannot share what they don't have. Generate your own private keys and give them to nobody.
But everyone basically agrees that Nixon was an asshole and is trotted out to divert attention away from the fact that current policies would have been a wet dream for Nixon. New rule to judge a government policy, if Nixon would have used against those on his enemies list then it is a really shitty unconstitutional action and those proposing or pushing for it should impeached for failing to uphold their oath of office and duty to the constitution.
Time to offend someone