Slashdot Mirror

← Back to Stories (view on slashdot.org)

The NSA Wants Tech Companies To Give It "Front Door" Access To Encrypted Data

Posted by samzenpus on from the let-us-in dept.

An anonymous reader writes The National Security Agency is embroiled in a battle with tech companies over access to encrypted data that would allow it to spy (more easily) on millions of Americans and international citizens. Last month, companies like Google, Microsoft, and Apple urged the Obama administration to put an end to the NSA's bulk collection of metadata. "National Security Agency officials are considering a range of options to ensure their surveillance efforts aren't stymied by the growing use of encryption, particularly in smartphones. Key among the solutions, according to The Washington Post, might be a requirement that technology companies create a digital key that can open any locked device to obtain text messages or other content, but divide the key into pieces so no one group could use it without the cooperation of other parties."

45 of 212 comments (clear)

  1. Right up until... by Anonymous Coward · · Score: 5, Insightful

    A government body gets the whole key and then has it stolen from them and we're all left with our trousers down in a changing room made of glass.

    No. If there is an EASY way to decrypt information, then that data is NOT SAFE and the encryption is useless.

    1. Re:Right up until... by Anonymous Coward · · Score: 5, Insightful

      A government body gets the whole key and then has it stolen from them and we're all left with our trousers down in a changing room made of glass.

      No. If there is an EASY way to decrypt information, then that data is NOT SAFE and the encryption is useless.

      Yep. In the meantime, one of the few advantages US companies have - software and web services - will be made completely worthless. If I am a bank, healthcare company, or whatever (it really doesn't matter) , I demand my data be secure. An NSA back door, front door, trap door, barn door means that there is a built-in insecurity.

      Right now, I do not think any American made software is secure enough for my business. We have achieved a state where business and government concerns are in direct conflict.

      I think a lot of it has to do with this Big Data fad. They seem to think that the more data they have, the more computing power they have, and the less security we have allows them to "get their guy". We have an out of control security bureaucracy.

      But as the US slips more and more into a police state (I was just ordered last week to hand over my license at a road block - they were stopping everyone. Papers please! actually it was "hand it over, now!), I just have to wonder with our freedoms and privacy being eroded everyday, just what does the US stand for anymore?

    2. Re:Right up until... by AmiMoJo · · Score: 5, Informative

      Even if it were somehow perfect, the NSA has proven itself to be untrustworthy. It apparently can't even police its own staff to stop them spying on their girlfriends and wives, let along stop them walking off with huge archives of information. If Snowden could do it then I think it's reasonable to strongly suspect that the Chinese, the French and anyone else interested in that stuff has infiltrated them too.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Right up until... by Wootery · · Score: 4, Informative

      Apparently the Supreme Court decided that that would be unconstitutional, but it's Just Too Important(TM) so it's fine.

    4. Re:Right up until... by Anonymous Coward · · Score: 5, Insightful

      You can bet that if Snowden could get access then there are hundreds of NSA employees and contractors that are trading on this information. No domestic or foreign corporation or state wants the NSA to have unfettered access to their data like this, because such access will be and is being abused.

      Put it this way, say you are trying to get a contract where General Electric is a competitor. And someone in the NSA is tapping all of your salesmen's communications and documents and passing them to the GE's sales team....

    5. Re:Right up until... by Endymion · · Score: 4, Insightful

      Well said.

      I find it unlikely that the NSA doesn't know how this will affect the US software/tech industry. Which means they are deliberatly trying to undermine an entire sector of the US economy. I call this treason. Many of these traitors took an oath to defend the constitution, yet they publicly announce how their desire to do the exact opposite.

      I know some of you are thinking that this is a crazy idea, because the US definition of trason is a difficult standard to meet due to the requirement to show that the traitor is "making war" against the countyr. Well, what else do you call the deliberate undermining of the most profitalbe sector in our economy? Modern weapons of war include a wide variety of tools, not just rifles and tanks. More importantly, this is exactly the kind of type of methods the CIA has used to "destabalize" other countries.

      --
      Ce n'est pas une signature automatique.
    6. Re:Right up until... by ruir · · Score: 3, Insightful

      Microsoft was born due to Bills family being influential in washington, and has been in bed with the establishment ever since. In the past we also had strong hints they had a NSA backdoor. Cisco is also known to have backdoors. The industry has been undermining itself quite alone. Foreign people who use American software for industrial or political purposes are morons.

    7. Re:Right up until... by Anonymous Coward · · Score: 2, Insightful

      But they're not protecting the people any more.

      They are now protecting the state. They have been for many years, they just tell you they're protecting the people.

      That was what the Soviet government was doing, too.

    8. Re:Right up until... by davester666 · · Score: 3, Insightful

      It's an emergency, because we are being overrun by terrorists and child molesters.

      That makes it ok.

      --
      Sleep your way to a whiter smile...date a dentist!
    9. Re: Right up until... by Jason+Levine · · Score: 2

      A government body gets the whole key and then has it stolen from them and we're all left with our trousers down in a changing room made of glass.

      Or a hacker finds a way to break in without the "keys."

      It doesn't matter how many "pieces" you split the key up into if someone can just busy down the door and take whatever they want. Adding a back door to an encryption product is just asking for someone to break that back door down.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    10. Re:Right up until... by Holi · · Score: 2

      "I do not wish to be subject to NSA spying on my gear, because I don't LIVE in the U.S." HAHAHA, I am sorry, but while the NSA routinely ignores it, it is illegal for the NSA to spy on citizens. Unfortunately for you, the whole reason they exist is to listen to the 6.7 Billion people who don't live here.

      --
      Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
    11. Re:Right up until... by chihowa · · Score: 4, Informative

      Wow, I just looked into that some more and it's pretty horrifying. The ruling was more than it being "Just Too Important(TM)", it was that it is too important to the State. That line of reasoning allows for just about any unconstitutional law to be upheld. Even the dissenting decisions were more concerned with the effectiveness of the checkpoints and considered the violation of the Fourth Amendment that they represent an accepted and foregone conclusion.

      The majority opinion from Rehnquist: "In sum, the balance of the State's interest in preventing drunken driving, the extent to which this system can reasonably be said to advance that interest, and the degree of intrusion upon individual motorists who are briefly stopped, weighs in favor of the state program. We therefore hold that it is consistent with the Fourth Amendment."

      --
      If you want a vision of the future, imagine a youtube comments section scrolling - forever.
    12. Re:Right up until... by WindBourne · · Score: 2

      terrorists? Spies? Foreign gov. interventions? Yes, that is what the NSA and the intel world is concerned with.
      Child Molesters? Nope. NSA does not do civilian issues.

      However, there are ppl that want to kill the NSA, and turn over this kind of technology to FBI.
      THAT IS WHAT YOU SHOULD FEAR. If the FBI, or groups like DEA, WHO HAVE REAL POWER, should get this kind of power, then you should fear.
      And what is needed with this, is to not allow congress to ever again remove the oversight, like the GOP did in 2005.

      --
      I prefer the "u" in honour as it seems to be missing these days.
  2. The NSA requests you stop sealing envelopes by mtrachtenberg · · Score: 5, Insightful

    As you all know, our country is subject to terrible terrorist threats. It has come to the attention of your friends at the National Security Agency ("we put the security in the national") that terrorists have, under certain circumstances, used the United States Postal Service, United Parcel Service, and Federal Express in order to facilitate their terrorist doings. Therefore, we would appreciate it if, effective immediately, you stop sealing your parcels and envelopes, to make inspection easier.

    This is for your protection. Please don't object, or we'll have to illegally open your items and lie about it. Thank you.

    1. Re:The NSA requests you stop sealing envelopes by ColdWetDog · · Score: 2

      .[Terrorists].. under certain circumstances, [have] used the United States Postal Service, United Parcel Service, and Federal Express in order to facilitate their terrorist doings.

      I don't see where this is true at all. According to numerous, recent news reports, the only thing that domestic terrorists have used to advance their cause has been the FBI.

      Let's get rid of them and see how things improve.

      --
      Faster! Faster! Faster would be better!
  3. Disturbing this is even being openly discussed by JoeyRox · · Score: 5, Insightful

    The fact that the NSA thinks it can achieve this shows how far our civil liberties have fallen.

    1. Re:Disturbing this is even being openly discussed by future+assassin · · Score: 2

      What do you expect when people rather spend more time crying foul and protesting expensive internet and entertainment than something that affects their rights. Romans knew to let there be games, to keep the masses busy from free thinking.

      --
      by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
    2. Re:Disturbing this is even being openly discussed by SuricouRaven · · Score: 3, Informative

      They fell for a number of reasons - any one of which they could have shrugged off, but they all came at once. Rebellions from inside, invasions from the east, loyalty to the empire strained by imposed religious reformation to some strange new monotheistic cult and economic struggles as an empire built on constant expansion ran out of new land to invade for tribute - and then all that during a succession crisis which left the empire fragmented and unable to muster up a unified response. There's no one factor that lead to the collapse, and the collapse itsself was a slow process - you can't find a single year and declare the empire ceased to exist here.

    3. Re:Disturbing this is even being openly discussed by rnturn · · Score: 3, Interesting

      ``Romans knew to let there be games, to keep the masses busy from free thinking.''

      Yep. We have our reality TV, March Madness, the Super Bowl, the World Series (heck, professional sports in general), lotteries, celebrity worship, and so on and so on. There are already plenty of distractions to keep the American public from concentrating on, or even learning about, how their freedom has been taken away from them.

      --
      CUR ALLOC 20195.....5804M
  4. All your eggs in one basket. by Jaywalk · · Score: 4, Insightful

    Wow. And how long do they think their magical key will remain secret? If a single key can open all the doors, finding that key will become more important and the resourced dedicated to discovering it will be increased. The secrets that are being protected are not only -- or even primarily -- the secrets of criminals. There are millions of bank accounts and private medical records along with political dissidents.

    Every weakening of security aids not only law enforcements but criminals as well.

    --
    ===== Murphy's Law is recursive. =====
    1. Re:All your eggs in one basket. by R3d+M3rcury · · Score: 3, Insightful

      ...and if you only have part of the key, why should you devote resources to protecting it? Let the other guy worry about that.

      Kind of like immunization...

  5. Heh by DivineKnight · · Score: 2

    When the NSA says these kinds of things, it's like they are saying that they are immune to being cracked.

    1. Re:Heh by Scutter · · Score: 2

      When the NSA says these kinds of things, it's like they're saying something that they know is completely ridiculous to turn your attention away from something far more insidious that they're up to.

      --

      "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
  6. Ok. by Anonymous Coward · · Score: 3, Insightful

    While we're asking for stuff we want, I want one billion dollars a year of NSA funding redirected to me. I'll spend it all on providing college scholarships.

    I believe my idea is better than theirs: educated, autonomous individuals make for a better society than fear and authoritarianism. Who's with me?

    1. Re:Ok. by Livius · · Score: 2

      make for a better society

      So clearly it will not happen.

  7. one key, eh? by Anonymous Coward · · Score: 2, Insightful

    One (partitioned) Key to rule them all, One Key to find them,
    One Key to bring them all and in the darkness bind them

    need anyone say more?

    1. Re:one key, eh? by ColdWetDog · · Score: 2

      One (partitioned) Key to rule them all, One Key to find them,
      One Key to bring them all and in the darkness bind them

      need anyone say more?

      At least in the Tolkien fantasies we got orcs, wizards, castles and beautiful elvish women. Here we just get a bunch of overweight, ugly guys, some half assed Star Trek furniture and an ugly old building from the 1960's.

      No key until they at they at least update their image to include a smoking volcano.

      --
      Faster! Faster! Faster would be better!
  8. Dupe. by BitterOak · · Score: 2

    This story was posted yesterday. http://it.slashdot.org/story/1...

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    1. Re:Dupe. by wonkey_monkey · · Score: 5, Funny

      Yes, but unless you have all the parts you can't get the whole story.

      --
      systemd is Roko's Basilisk.
  9. Great for free software by Sean · · Score: 2

    Such backdoors aren't enforceable in open source projects. If this comes to pass then free software will have a great competitive advantage.

    1. Re:Great for free software by Kardos · · Score: 2

      Why does this keep coming up?
      This problem is solved: http://www.dwheeler.com/trusti...

  10. Fwiw, last time it didn't work. by Sprite_tm · · Score: 4, Informative

    The designers of the Clipper chip (http://en.wikipedia.org/wiki/Clipper_chip) had just about the same method in mind: encryption for the users, with an independent organization knowing the master keys and being able to hand over session keys to decode communications to government institutions. It was actually the reason why PGP etc were invented.

    We have a similar situation here: the gov wants to have the keys to encrypted machines. Theoretically, the same arguments can be brought up again: it's bad because the keys may leak, it weakens the encryption because there's another set of keys that can be bruteforced or found in a smarter way, but it's also pretty ineffective: the phones that allow people messing around in their systems (Jolla, Ubuntu phones, rooted Androids) will just have third-party, non-gov-approved encryption in them and criminals (and people not really comfortable with NSA snooping) will subsequently use these.

  11. Re:First for Systemd!!! by Anonymous Coward · · Score: 2, Insightful

    That's the wrong attitude to take. The attitude you SHOULD take is to become one of the data controllers holding part of the key...which you simply delete.

    Problem fucking solved.

  12. No problem by joh · · Score: 2

    If one the parties is the user and he gets to keep HIS part of the key, so that nobody can decrypt his data without him giving up his key, fine.

    Would miss the point though...

  13. Well, that's a load of horseshit by Hizonner · · Score: 4, Insightful

    There's no "centuries-old social compact" or whatthefuck ever, let alone one around warrants.

    • There's no problem getting data access using warrants, no matter how much encryption you have. It's just that you have to get the data from the person who owns them, rather than sneaking through a third party. If the owner doesn't cooperate, you have a process to compel them. You know, just like warrants and other court orders have worked for hundreds of years. It's really unprecedented to be able to get access to somebody's personal papers without that person even knowing it.
    • There's no long-established ability to get access to people's ephemeral communications without physically following them around. That wasn't even possible until the telephone came along. For hundreds of years before that, you had to actually engage and gain people's individual confidence to spy on them.
    • Rogers' agency (the NSA) has never used warrants, not ever. It was given warrantless powers it probably should not have been given, arguably illegally because you can't do it under the constitution. It has then repeatedly gone beyond those already excessive powers over the entire course of its existence. It takes a lot of gall for somebody like Rogers to whine about lawful authority to do anything, let alone about warrants.

    What a sack of shit.

    And, yeah, the idea that you're going to have this magic key that only good guys can use is also technically and operationally impossible... as every single person in the NSA or anywhere else in the federal intelligence or law enforcement agencies knows damned well. I assume they want to create it so that they can steal it and use it for mass attacks. If they don't want me to believe that, well, they need to overcome their decades-long pattern of established behavior.

  14. Re:This also helps other countries... by Phydeaux · · Score: 2

    Really? Republicans? That's what you're going with? Get me if I'm wrong, but didn't a major Democrat (who's running for US President) stop using her State Department provided email account so she could send her mail through a mailserver she controlled, which would not be archived, audited or available to FOIA requests? And then when asked for the mailserver contents, said "hey, we went through it all and there's nothing of interest there. Hey, is that a squirrel over there?" God thing you're posting as AC. Should probably be AI, Anonymous Idiot...

  15. Re:First for Systemd!!! by MobSwatter · · Score: 3, Interesting

    Hell, I gave up unencrypted evidence that was left on my pc for 10 years by my ex wife about a person that works in "Blood Money" before the pricks killed my father, and they did fuckall about it. They want access only to justify a budget, period, they don't really give a fuck about anything else.

  16. Re:Yeah ok by andymadigan · · Score: 2

    Even if it's completely illegal for the NSA to get the other pieces, they'll try. They'll hack in, or they'll snoop into the lives of everyone with access to find something they can use for blackmail...

    Which is why, if this insane policy is enacted, there needs to be another requirement: if the NSA tries to get the other pieces, the director of the NSA gets executed on live TV for treason. So does every official or agent involved in the operation. Same goes for every other government agency.

    Really, though. Hearing the NSA complain that they can't access my private data sounds exactly like complaining they can't bug my apartment. If they want to stop the "turrists" they'll have to learn to do it without creating a worldwide police state.

    --
    The right to protest the State is more sacred than the State.
  17. Old German proverb by Opportunist · · Score: 5, Interesting

    Ist der Ruf erst mal ruiniert, lebt sich's völlig ungeniert.

    It loses a bit in translation, but essentially the meaning is "once your reputation is ruined, you can as well stop having any shame".

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  18. Re:bullshit by Akaihiryuu · · Score: 2

    This exactly. Even IF somehow open source projects were "forced" to include a back door...then knowledgeable people could easily just remove the back door from their copy. And explain to others how to easily do it on some forum hosted outside the US.

  19. A matter of priorities by plsuh · · Score: 3, Insightful

    The US government has lost sight of the larger issue here. The tail (NSA and law enforcement) is wagging the dog.

    The NSA and law enforcement agencies want to be able to intercept anything, since it makes their jobs easier. However, this runs counter to the larger national interest of the United States.

    Which country has the highest level of connectedness and dependence on the Internet? Which country would be worst hurt if a sophisticated attacker was able to penetrate and conduct malicious actions using the systems connected to the Internet? The US, that's who. It is by far in the US's overall national interest to properly secure the Internet and communications infrastructure. Eavesdropping on everyone else is a secondary benefit, in comparison.

    The proper role of the President and the Attorney General is to separate the desire of the NSA and law enforcement to make their jobs easier from the greater benefit to the country as a whole. They need to tell the ambitious underlings "NO" in unequivocal terms, then bitch slap them if they keep whining about it.

    --Paul

  20. NSA wants to put American out of business by duke_cheetah2003 · · Score: 2

    Could you imagine if the NSA actually was permitted to do this? The moment something like this came to be true, every tech company cooperating would simply go out of business. Who would buy anything with a backdoor built into it? I wouldn't.

    Shut down the NSA, to even suggest this is economic armageddon. I don't even need to go anywhere near the freedom and privacy aspects of this, I can appeal the capitalists, this is just bad for business.

  21. The death of american software by LordWabbit2 · · Score: 2

    This is moronic, if this is put in place only Americans will use American software (and then only some of them). NO other country is going to voluntarily use software they know has a "front door" regardless of all the "good intentions" promised by splitting the key up. May as well shoot Microsoft in the foot.

    --
    There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
  22. Re:bullshit by johnwallace123 · · Score: 2

    Reminds me of warnings on grape juice concentrate sold during prohibition: "After dissolving the brick in a gallon of water, do not place the liquid in a jug away in the cupboard for twenty days, because then it would turn into wine."

    Could we get something similar: "After downloading the code, do not remove lines 33-67 of Encrypt.c, as this will disable the legally mandated NSA back doors"

  23. Re:bullshit by JohnFen · · Score: 2

    Could we get something similar: "After downloading the code, do not remove lines 33-67 of Encrypt.c, as this will disable the legally mandated NSA back doors"

    Or... do not compile this code without #defining INCLUDE_BACKDOORS as this will disable the legally mandated back doors.