Why Crypto Backdoors Wouldn't Work

An anonymous reader writes: Your devices should come with a government backdoor. That's according to the heads of the FBI, NSA, and DHS. There are many objections, especially that backdoors add massive security risks.

Would backdoors even be effective, though? In a new writeup, a prominent Stanford security researcher argues that crypto backdoors "will not work." Walking step-by-step through a hypothetical backdoored Android, he argues that "in order to make secure apps just slightly more difficult for criminals to obtain, and just slightly less worthwhile for developers, the government would have to go to extraordinary lengths. In an arms race between cryptographic backdoors and secure apps, the United States would inevitably lose."

The 90s all over again...

[Austerity+Empowers]

I seem to recall that we went through this in the mid to late 90s, where the government insisted any use of strong cryptography should as a matter of law, have a backdoor for the government. Then suddenly they dropped it, and all of us paying attention knew they got their way by some other means. Now post-Snowden, I guess we know what that was, and they're back to beating this horse all over again.

The answer should be no, with absolutely no further discussion.

Re:The 90s all over again...

[StikyPad]

They didn't get their way through other means really. Mass surveillance doesn't trump encryption -- on the contrary, encryption is the only protection against mass surveillance. I think it was more that encryption just wasn't used for most communications, so they realized it was a moot point. Now that companies are shifting toward end-to-end encryption, it's becoming relevant again.

Re:The 90s all over again...

[UnderCoverPenguin]

I seem to recall that we went through this in the mid to late 90s, where the government insisted any use of strong cryptography should as a matter of law, have a backdoor for the government. Then suddenly they dropped it,

I recall reading that a researcher figured out a way to spoof the "Law Enforcement Access Field" shortly before the US government dropped their push.

Re:The 90s all over again...

I seem to recall that we went through this in the mid to late 90s, where the government insisted any use of strong cryptography should as a matter of law, have a backdoor for the government. Then suddenly they dropped it, and all of us paying attention knew they got their way by some other means. Now post-Snowden, I guess we know what that was, and they're back to beating this horse all over again.

The answer should be no, with absolutely no further discussion.

Still never seen any evidence in the media that this is actually happening. Only crazy anti-government conspiracy theorists that seem to dominate slashdot these days.

Re:The 90s all over again...

[JosKarith]

Does nobody remember the Clipper Chip debacle? - http://en.wikipedia.org/wiki/C...

Funnily enough the sort of person that would be happy to hand law enforcement the spare keys to their house is not the sort of person that law enforcement's interested in investigating... Seems that memories are short in the NSA

Car analogy

[Meshach]

Would it work for the government to have access to everyone's cars? Cars can be used for criminal activities. Ditto for keys; should we have to al give the government access to our homes?

Re:Car analogy

... have access to everyone's cars?

Police and government have promoted remote-controlled kill switches on cars for the last 20 years. Although it exists via General Motors OnStar, it's not practical. That will change with vehicle-assisted driving and driver-less cars.

... give the government access to our homes?

The government already has access via hand-held battering rams and 14 tonne, wheeled wrecking-balls (AKA assault vehicles). Big money and brute force doesn't work on encryption, unless they turn it into rubber-hose decryption (Oblig. XKCD). But the three-letter agencies can't do that 200 times a day, so they want a cheap, simple solution that labels the common people as criminals without rights.

Re:Car analogy

[Meshach]

The government already has access via hand-held battering rams and 14 tonne, wheeled wrecking-balls (AKA assault vehicles). Big money and brute force doesn't work on encryption, unless they turn it into rubber-hose decryption (Oblig. XKCD). But the three-letter agencies can't do that 200 times a day, so they want a cheap, simple solution that labels the common people as criminals without rights.

There are law about that though - a warrant is required for the police to enter my home. DHS is not going to get a warrant to snoop on me.

Re:Car analogy

I heard a scream come from inside your house, and one of the windows is broken, I think that gives me enough cause the break in.

Re:Car analogy

[vux984]

No the car analogy isn't valid, because the police do have access to everyone's cars and homes. They get a warrant. They bring a crowbar. Done.

That's the issue with encryption, they can get a warrant giving them the legal right to get in. But there is no crowbar.

I'm not in favor of this, but we do need to understand it is a somewhat unique situation. Strongly encrypted data is not like other property.

Re:Car analogy

[Jason+Levine]

But warrants are [whining voice]SOOOO HAAARD. You have to show probable cause and all that stuff. It's too much work.[/whining voice]

Plus, [overly paranoid voice]in the time it takes to get a warrant, a criminal could enact another 9-11 or could destroy the evidence that they were planning that.[/overly paranoid voice].

Those are the reasons why law enforcement needs access to stuff without a warrant. The whiny, paranoid reasons why.

Re:Car analogy

[vux984]

But the three-letter agencies can't do that 200 times a day, so they want a cheap, simple solution that labels the common people as criminals without rights.

This is needlessly cynical. I don't dispute the TLAs love mass surveillance. But there is a legitimate concern where law enforcement can justify and obtain a legal warrant for someone's electronic records/communications but not have any way to actually legally act on the warrant.

Ie... if they have your encrypted laptop AND a warrant they ARE allowed to break into it, but they can't. This is a legitimate issue.

"Rubber hose decryption" is not legal, nor should it ever be.

In a sense, encrypted data is like the contents of one's mind more than its like other property; in that there is currently no legal way to ensure they can get at it.

Their desire for a backdoor is pretty reasonable, in a way, but the problem is what they are asking for is a key which is far too much. There is no good solution here.

a) Giving them the power to demand the key is fine, but what if they demand the key of someone who genuinely doesn't have it? Is he guilty and imprisoned for not having something? That's bullshit.

b) Giving them a back door so they can just come and go as they please is giving them far too much power and ripe for abuse.

c) Not giving them a back door and requiring they break has the issue that properly encryption can't currently be broken.

The sanest and only reasonable choice is 'c', but it is not really a solution to the legitimate problem... its just the only one that doesn't trample on the innocent.

Re:Car analogy

the answer to which is, fuck you, do your job.

Re:Car analogy

Which matters little in light of the fact that they're GATHERING the data without a warrant.

You're also ignoring illegal acts like LOVEINT where the illegally-gathered data was also accessed without a warrant.

But like you said, who needs facts when we have narrative, right?

Re:Car analogy

[Agripa]

If law enforcement and national security had not been unconstitutionally seizing and searching everything they could call third party data then there would not be a push for ubiquitous encryption. There was a group at the NSA who pointed out that this would happen damaging their ability to do lawful intercepts if they were caught. Since they were willing to lie about what was going on and break the law before, why would we trust any government only backdoor scheme or what they say now?

It does not matter how any government backdoor system is implemented. They will abuse it sooner or later.

They can read your RAM

They can read your RAM
Intel Active Management Technology
(aka vpro, aka vt)

Re:They can read your RAM

And 3G to continually update the microcode that scans memory for known password signatures.....

http://www.infowars.com/91497/

crypto? is that code for it's called now?

[turkeydance]

doesn't matter anyway. never done 'backdoor'. likely, never will.

Re:crypto? is that code for it's called now?

i tried it but it made my phone stinky

Already FRONT DOORED

Hardly a good example, Android is clearly *front*doored. It even comes with specific spyware apps for the purpose!

For one thing it communicates your location, even without GPS, even with location services turned off, (Google has a separate switch you have to turn it off twice). You'll never be able to stop their Play Location Service unless you root.

All those free messaging services that need all those permissions, you sign up and your contacts list is sent to them.

Then there's the 'cloud backup' that lets you 'backup' to their cloud.

Go see the list of apps installed on a typical android phone and you'll see they can take control of the phone USING ONLY THE VOICE CHANNEL, see all files, all SMSs, all passwords, record voice, video, fake calls, fake messages. There are quite a few of these, DSMLawMo + DSM Forwarding is one (of 3) that came installed on mine.

You think it went away with CarrierIQ?

Re:Already FRONT DOORED

[NotInHere]

Almost fully agree.

All those free messaging services that need all those permissions, you sign up and your contacts list is sent to them.

Suggest a better method. The developers of the popular app TextSecure have posted their thoughts on how to solve this problem, but found no way that both satisfied their needs, scalability, and the user's needs.

All commercial Crypto products have NSA backdoors

Dice selling NSA propaganda again- use a commercial encryption solution from ANY commercial entity (especially Microsoft, Apple, Google etc) and it already has full NSA back-door functionality-- even the so-called end-point encryption solutions.

You are TOLD (in well placed lies across all the mainstream media outlets) the LIE that security services are unhappy about ordinary people suing commercial solutions. I trust you are all familiar with Br'er Rabbit and the briar patch- or what became widely known as REVERSE PSYCHOLOGY.

There are good solutions- Truecrypt is one- which is why the NSA ran a TEN MILLION dollar plus project to collapse confidence in Truecrypt, and paid off key people involved in the original development team.

Publicly disseminated LIES are a key tactic of NSA/GCHQ operations- and this place is just another willing outlet for NSA psy-ops.

Snowden took out the phone batteries

Snowden insisted the journalists remove the battery from their phones and put the phones in the fridge.

That pretty much tells you how useful 'encryption' on Android would be against back doors. None, if you can't protect your speech near the phone you can't protect the password.

Re:Snowden took out the phone batteries

[Pi1grim]

>> Snowden insisted the journalists remove the battery from their phones and put the phones in the fridge.

>> That pretty much tells you how useful 'encryption' on Android would be against back doors.

Not this manure again. What if I told you, that those phones could easily be bugged physically, by adding a little mic with an antenna, that would feed of phone's main battery, sure it requires some legwork, but Snowden is high enough on US's list of targets to actually do soome physical snooping. The whole "take the battery out and put it in the fridge" has nothing to do with magic backdoors that magically activate the phone and turn it into recording device and has everything to do with physical listening devices and malice on the part of phone owner. The little electronic bug works on all phones, doesn't require breaking any encryption, device being turned on and doesn't need to use the crappy mic on the phone.

>> None, if you can't protect your speech near the phone you can't protect the password.

The door to your house won't stop a team of highly trained team of CIA assasins, so why bother locking it, right? Android encryption is used in order to raise the cost of mass snooping where they snoop first and then look for anyone looking guilty enough and to raise the cost of stealing personal information by criminal elements. If they have to spend 1000 bucks to crack one phone and the information is worth 100 on average - then they won't even do it. If it costs 10 cents per device and information is worth a dollar on average - then they will do it. Take a look at botnets and other shady businesses.

If you need to secure yourself from directed snooping by a team of professionals - then this is a completely different game and other measures come into play.

Re:Snowden took out the phone batteries

Snowden insisted the journalists remove the battery from their phones and put the phones in the fridge.

Which is why all the big smartphone manufacturers are moving to designs that don't allow the user to remove the battery. First Apple, then HTC, and now Samsung.

Re:Snowden took out the phone batteries

a hypothetical backdoored Android

"hypothetical"? Dont make me laugh.

It's about more than that

[monkeyzoo]

Reading the article, it's very intersting. His argument is that you CAN'T backdoor a platform. Summarizing:
1) Say Android rolls over and backdoors the encrypted filesystem.
2) 3rd party apps can use the cryptography library, so Google would also have to backdoor that.
3) Then apps could use a 3rd party crypto library, so gov't would have to compel google to monitor for at least respond to takedown requests for strong crypto 3rd party apps.
4) But apps can easily download and incorporate new code, so Google would have to audit running apps with static and dynamic analysis.
5) Even then, people could use other app stores or sideloads, so Google would have to have an app kill switch option. This would be HUGE INTRUSION and delete apps from people's phones (even innocent people).
6) But how to identify apps? Sideloaded apps could generate a new appID with each download, so Google would have to scan for app characteristics (think antivirus software here).
7) Even if the above worked, browser-based apps could be built that use secure data stores or end-to-end messaging. This would mean the gov't would have to block these web apps, i.e., Internet censorship.

It's just not technically feasible if there is any respect for liberty, not to mention the significant technical challenges involved.

Re:It's about more than that

A war usually solves that issue.

Re:It's about more than that

[Helix_Sky]

I want to start by saying that I'm against these measures but while all that is true, it only gets that bad if you try to enforce 100% compliance. Simply making cryptographic systems without backdoors illegal would have a large deterrent effect. It'd be the equivalent of the fact that locks on your doors don't provide 100% security because windows are so easily broken, but we still lock our doors.

First off making non-breakable crypto illegal would prevent such crypto from being used in traditional commercial products. Second, the government wouldn't have to attack the problem from the front like the article suggested. They could use their NSA spying capability (once gain no a big fan) to look for unauthorized encrypted communications. They already take special note of encrypted data use, and with it being made illegal they could directly legally target the users of such tech. The chilling effect of such a large scale NSA backed takedown would be huge.
 

Re:It's about more than that

Another problem would be that the USA would not be the only country wanting access.
Do phones now become "Zoned" ? How will that impact international travellers ?
Do the phones come with multiple backdoors so each country can access the devices ?
Do Americans travelling overseas want foreign governments to have access to their phones ?
Could China kill Apps that they dont like on any phone in the world ?

What is needed is better police, intelligent, diligent, honest, capable police. What we have is dull thugs who shoot first and ask questions later.
What is needed is a professional police force, independent from political whim. We need a police conduct authority independent of political whim and police
who must investigate EVERY police weapons discharge.
What we need is politicians who are not on the take and use police to enforce their dishonesty.
What we need is honest, intelligent politicians FFS Michelle Bachman.... please, why ?

Re:It's about more than that

[monkeyzoo]

Making strong crypto illegal would only affect those in the US's jurisdiction. It would not affect the most desirable targets (outside US jurisdiction) and would have a chilling effect on demand for US technology products.

Re:It's about more than that

FFS Michelle Bachman.... please, why ?

FFS?

Re:It's about more than that

[twitnutttt]

What is needed is better police, intelligent, diligent, honest, capable police. What we have is dull thugs who shoot first and ask questions later.
What is needed is a professional police force, independent from political whim. We need a police conduct authority independent of political whim and police
who must investigate EVERY police weapons discharge.
What we need is politicians who are not on the take and use police to enforce their dishonesty.
What we need is honest, intelligent politicians FFS Michelle Bachman.... please, why ?

Yes, we do. I would also like a pet unicorn.

Re: It's about more than that

And the even simpler argument. I'm not a U.S. Citizen. Why would I be happy the U.S. Has the ability to backdoor my app?

Re: It's about more than that

[chromeronin799]

And the even simpler argument. I'm not a U.S. Citizen. Why would I be happy the U.S. Has the ability to backdoor my app?

Re:It's about more than that

FFS Michelle Bachman.... please, why ?

FFS?

FerFucksSake

Re:It's about more than that

[myowntrueself]

Making strong crypto illegal would only affect those in the US's jurisdiction. It would not affect the most desirable targets (outside US jurisdiction) and would have a chilling effect on demand for US technology products.

Theres already a chilling effect on demand for US technology products.

I'd like to see a company in a privacy-respecting nation such as Netherlands to release some decent network hardware...

Re:It's about more than that

[myowntrueself]

I believe that the head of the NSA has already indicated that he believes there should be a framework to give, eg the Chinese, access.

Re:It's about more than that

[fustakrakich]

It's just not technically feasible if there is any respect for liberty...

*Ah, there's the rub, isn't it?*

Re:It's about more than that

Government might be able to sell it by mandating government audits of all source code used in applications and only allowing government signed applications (i.e. using cryptography) to run on any consumer level device). It would be insanely expensive, and done properly would even radically reduce viruses and such. Then again, can you really trust foreign countries to build your secure population controlling devices, so you would have to make and build everything here, carefully controlling every aspect of its production. Even then, probably most devices will have weaknesses discovered sooner or later so you will have to have government programs to collect the faulty devices and more money to likely replace them with the current more secure device. Then again, you can do some pretty impressive cryptography with pretty much any application language. No doubt you could even do it in Javascript or even spreasheet macros, so you may have to ban those. Python would likely be out as well, and any other scripting language used to simplify life. You would also have to make sure none of the old open code floating around will run on new devices and likely require some extra level of clearance to even own a device that could create executables. Heck, I wouldn't be surprised if someone could manage to do crypto with opengl shaders, so might need to ban or at least secure them as well. The same with directX shaders. Oh and we have to probably block all non certified foreign web sites and data connections, lest some illicit encryption occur. We probably should just give up teaching anything above basic algebra, and completely ban teaching matrix manipulation or abstract algebra, since you could, given time actually do the work on a pen and paper. We might need to ban those secret decoder rings in cereal boxes too, because you never can be too careful. Anyone with known knowledge of encryption design would of course have to be added onto a watch list, assuming they aren't already. You would also have to backdoor every other form of encryption, lest someone re-purpose it for non approved purposes. After all, your bank or credit card might offer the ability to securely keep notes, and a terrorist could use such a secure method of communication. Even things like medical records and other confidential information would have to be kept with backdoors, since any secure form of storage could be re-purposed.

All of this would of course be a death bell to freedom far more final and complete than any so called reduction in the amount of guns we can purchase, but yes with enough massive oversight and wasted money it might be possible to severely limit what encryption technologies are available. Many low level criminals and such likely wouldn't get around it. The really high level criminals might actually find the back doors and start criminal enterprises the are unmatched in the modern world. The back doors that were put in for our protection could then be used to so easily control and manipulate society and if you think it would just be for organized crime, you are clueless.

The manipulation of what voters see could so easily be included in subtle ways. Change as little as one percent of an election, and guess what, the honest guy is replaced by the corporate lackey. Given that you will of course have to contract out to corporations for all of the secure software and hardware. It might be an amazing coincidence that their candidate wins the next election...

Surrendering our guns is generally treated as the beginning of the end, but I'd argue that surrendering our ability to truly communicate privately and securely is so much worse.

Re:It's about more than that

[ShanghaiBill]

8) People will only buy tech made outside of America, costing America jobs and draining away expertise.

Re:It's about more than that

Pretty much this really. They cannot win, they will ALWAYS lose.

And the main reason they will always lose is they will have to break every single system that makes anything useful to anyone ever.

All they will do is push actual savvy and less tech-savvy terrorists further and further AWAY from technology completely. That is the worst thing they could do.
At least the generic moron criminals will end up getting caught most times, the smart ones are always going to get away from you unless you record the universe, or force microphones on to every single person alive. Good luck with that.

Researching new hardware to gain an advantage on processing power is the only realistic goal, and breaking encryption standards to pieces, or installing spyware.
But trying to ban things or embed backdoors is just going to cause a spiral of chaos that leads to their eventual loss. And worse, we will have to deal with it!

Re:It's about more than that

Or they could just criminalise customer usage of non-backdoored crypto.

Re:It's about more than that

[Buck+Feta]

A war usually solves that issue.

Isn't Iran hiding some crypto of math construction?

Re:It's about more than that

3) Then apps could use a 3rd party crypto library, so gov't would have to compel google to monitor for at least respond to takedown requests for strong crypto 3rd party apps ...

And this is where you get off track. The whole point is to backdoor enough of the system that there's a means to collect 90% of the information from 99% of people. There is no presumption for a "technically feasible" way to collect 100% of the necessary information from 100% of the people. If there were--and presuming we had a just system in place to use the information--, then we'd have a way to catch all criminals who planned terrorist attacks, or really anything, with an Android phone. Instead, at best the hope is to get large bits and pieces that narrow down the list of who to monitor and monitor as best as one can in as many ways as one can (since not everything is done with smart phones, anyways).

Honestly, the whole point is precisely that pervasive surveillance is key. It's not that any sort of surveillance must be 100% effective. Because that's a useless definition of the word "work".

Re:It's about more than that

It'd be the equivalent of the fact that locks on your doors don't provide 100% security because windows are so easily broken, but we still lock our doors.

Locks only keep honest burglars out. Having worked in physical security... as you said: windows are easily broken. A disturbing number of sliding windows can just be pushed up and out of their frames. Roof tiles are easily lifted for ceiling access. Doesn't matter how good the locks are doors that open out can have their hinge pins lifted out.

Re:It's about more than that

[johanw]

" a privacy-respecting nation such as Netherlands"

Ouch... You don't live in The Netherlands, do you? We have, like most western countries, our share of privacy attacks from the government. Mostly to satisfy the tax service, like storing all license plates of cars who drive on the highways or park in a private parking garage (to catch drivers of a leasecar who claim they use it only for business and don't pay the extra income tax). And there is discussion about forcing people to give up their encryption keys if the police wants them, ignoring laws that you have the right to remain silent (except when...).

Re: It's about more than that

SNAP.

Why should the US Government be able to cripple/spy on my phone when I did not purchase it from an American company, do not live in America or communicate with American agencies?

In fact, under EU law - it is almost certainly illegal for the US government to spy on my personal data when I'm in the EU, and a naturalised EU resident.

Is the US willing to force US law on the entirety of the EU?

Re:It's about more than that

I'd like to see a company in a privacy-respecting nation such as Netherlands to release some decent network hardware...

Very roughly speaking, The Netherlands apparently wire-taps about 100 to 150 times as much, per capita, as the USA does.

From: https://edri.org/edrigramnumber2-14wiretap/

"According to a report by the German Max Planck Institute for Foreign and International Criminal Law, Italy and the Netherlands are the wiretap champions of the Western world. ...
The report concludes that Italy has the highest number of wiretaps per capita, 76 per 100.000 inhabitants. The Netherlands follow closely on the second place with 62. The statistics show a remarkable low figure for the Anglo-Saxon countries. The USA apply only 0,5 wiretaps for the given number of inhabitants."

Re:It's about more than that

Netherlands did not learn anything after the war. Most Jews were killed in Netherlands as the administration of people was well organized, complete and up-to-date. It was extremely easy for the Germans to find anyone they did not like. In the years after the war, privacy was a big topic and all databases were separated.

Nowadays everything is tied together; taxes, social security, medical records, school records, communication, housing, licensing, travel and police, even religion, race and color still gets recorded. In Netherlands 1984 is already there.

Everyone gets a social security ID by birth and anyone above 12 years of age needs to carry a biometric ID with picture and RFID.
It is almost impossible to travel anonymously in Netherlands, camera's register license plates and faces, for train, metro or bus you have to buy an RFID chip-card where the machine takes a picture if you pay cash.
Netherlands is the only western country where every phone call gets recorded (they claim storage is of meta-data is 12 months and content is only 48 hours unless one of the callers is under surveillance).
Netherlands is the only western country where meta-data of every URL and e-mail gets recorded (with a mandatory storage paid by operators if 12 months).
Every house mandatory gets a "SMART" electricity meter.
Netherlands provides all air-travel information in advance to the USA and maybe other countries.

Still the police is unable to find the criminals that make those fake 50 euro bills or prevent kids leaving to fight in Syria. Because all those systems only track abiding citizens because criminals/terrorists know they have to cover their face if they get a train ticket and know to get a burner-phone and use TOR to use the internet.

It is only a matter of time before there is another war or criminals/terrorists make use of those databases to do targeted attacks on citizens. Netherlands will be one of the countries that suffers most.

The only good thing about privacy in Netherlands is they abolished electronic voting (after some serious hacks), although there are voices to bring it back.

Re:It's about more than that

[MooseTick]

"surrendering our ability to truly communicate privately and securely "

Ever heard of talking in person? They can't ever take that away.

Re:It's about more than that

[RockDoctor]

Don't forget (8) and upwards : people use something other than Android. Even something from outside the country, or at least outside the reach of the US govt.

invalid premise

[chill]

Two words: key escrow. Google "secret sharing" for interesting details and concepts.

Re:invalid premise

[XanC]

Did you read the article?

Re:All commercial Crypto products have NSA backdoo

Blockquote... [Citation needed]

Silly Rabbit.

[MAXOMENOS]

Just make encryption that isn't ridiculously easy to crack illegal, or subject to severe regulation and taxation. Get an expert devoid of care for privacy (say, Dorothy Denning) to endorse the law on the Sunday Morning talk shows. Cast anyone who cares about secure encryption as a bitter and deranged malcontent. Tell people it's for the Common Good.

Problem solved.

Re:Silly Rabbit.

Guess how we can tell you didn't read the article?

Re:Silly Rabbit.

[whoever57]

Tell people it's for the Common Good.

I think you mean the "greater good"

The author forgot one other option.

[BitterOak]

I just read the entire article and the author forgot one other solution: the British solution Instead of putting the burden on app developers to include backdoors, or on Google to block apps that don't, put the burden on end users to turn over their keys to police when asked. I'm not saying I like this solution, but it is a solution the author of the article didn't consider. If you make the sentence for non-cooperation long enough, it doesn't really matter if the police find what they're looking for: they can just lock you up for not handing over the keys.

Re:The author forgot one other option.

[pushing-robot]

They could do that, but it wouldn't be a backdoor.

Re:The author forgot one other option.

[Nonesuch]

I just read the entire article and the author forgot one other solution: the British solution Instead of putting the burden on app developers to include backdoors, or on Google to block apps that don't, put the burden on end users to turn over their keys to police when asked. I'm not saying I like this solution, but it is a solution the author of the article didn't consider. If you make the sentence for non-cooperation long enough, it doesn't really matter if the police find what they're looking for: they can just lock you up for not handing over the keys.

In the USA, this would likely require a constitutional amendment, it is widely held that the Fifth Amendment "Right Against Self-Incrimination" protects the right not to divulge an encryption key.

Re:The author forgot one other option.

[steelfood]

Only they can't do that.

Here on the other (this) side of the pond, we have constitutional protections from self-incrimination. Which means that we can't be compelled to reveal something that we choose not to. And if it happens, the evidence acquired by such means can (and likely would) be thrown out in court.

Now, these protections don't extend to stupidity, so the cops usually get what they want anyway. Which is all the more reason why circumvention of strong encryption and mass surveillance largely is unjustified and should be fought against tooth and nail. It has no bearing on successfully catching real criminals, but it certainly will pick up undesired thinking.

Re:The author forgot one other option.

Only they can't do that.

Here on the other (this) side of the pond, we have constitutional protections from self-incrimination. Which means that we can't be compelled to reveal something that we choose not to. And if it happens, the evidence acquired by such means can (and likely would) be thrown out in court.

Now, these protections don't extend to stupidity, so the cops usually get what they want anyway. Which is all the more reason why circumvention of strong encryption and mass surveillance largely is unjustified and should be fought against tooth and nail. It has no bearing on successfully catching real criminals, but it certainly will pick up undesired thinking.

Yet, you can be compelled to open a safe, a safety deposit box, produce your company's books.. the list is endless. Currently, it depends on which circuit court you are in as to whether or not you will be in contempt of court for not producing your encryption keys. It should be noted that contempt of court has no minimum nor maximum time associated with it. it is usually "you are in contempt of court until such time as you produce ". So the question becomes which gets you more time in jail contempt or the crime they want the key to your crypto for...

So, in the US if you are presented the right paperwork you have to produce your keys.

Re:The author forgot one other option.

Assuming you even have them. An emergency wipe of an encrypted file system only needs to delete the key from the device. Similar to how phone encryption works (so i hear). Showing evidence that a key has been destroyed and is beyond recovery would thwart that.

Of course, they might just grab the laptop while it's booted and logged in too.

Re:The author forgot one other option.

[Fwipp]

Or nab you on destruction of evidence. It's kinda a crime.

Re:The author forgot one other option.

[93+Escort+Wagon]

Simple enough - just require that all phones in the US use a fingerprint scanner for unlocking. The courts seem to be ruling that police can require you provide your fingerprint for phone access.

Which, by the way, is a good reason to restart your iPhone the moment you think you just might get some unwanted attention from the constabulary.

Re:The author forgot one other option.

[dcollins117]

In the USA, this would likely require a constitutional amendment...

... and a government that recognizes constitutional authority and the limits it places on government actions. First things, first.

Re:The author forgot one other option.

Encryption keys are evidence of what exactly?

Re:The author forgot one other option.

[BitterOak]

In the USA, this would likely require a constitutional amendment, it is widely held that the Fifth Amendment "Right Against Self-Incrimination" protects the right not to divulge an encryption key.

If you had read the article you link to (and I just did) you'd see that it does not conclude the same thing you do. Instead the article points out that it is far from a settled question on whether or not a defendant or suspect can be compelled to decrypt files. The Supreme Court has yet to deal with that issue directly, and the Circuit Courts of Appeal that have considered the issue have adopted a standard in which the government must first show they know the location and existence of encrypted data. If they've seized a suspect's phone, they certainly can know these two things, so the Fifth Amendment, under that analysis, would offer no real protection.

Re:The author forgot one other option.

[l0n3s0m3phr34k]

"I'm sorry Officer, my fingerprint scanner doesn't work...my wife got fingernail polish remover on it and melted it a bit" or whatever excuse you want to use after purposely disabling / ruining that hardware. Problem solved!

Re:The author forgot one other option.

[currently_awake]

You are assuming the goal is to gather evidence for a police investigation. For that purpose your suggestion works. However if you assume the goal is to spy on everyone all the time, then your suggestion won't work.

Re:The author forgot one other option.

It's only evidence when it actually exists, and they find/access it.

Re:The author forgot one other option.

[Mathinker]

> and existence of encrypted data

I don't think it's possible to reliably show that encrypted data certainly exists. I also do not think it is always possible to prove that someone has the capability of decrypting data --- Bruce Schneier has proposed a scenario for people crossing borders where a long random key is used which is sent to the destination ahead of time so that any request for a decryption key could be truthfully answered with "I don't have the key". Assuming the trusted third party has been instructed to destroy the key in the case that the traveler is delayed, that scenario is indistinguishable from the scenario where the person is lying.

Re:The author forgot one other option.

How do the British handle TrueCrypt, with hidden volumes within hidden volumes?

Re:The author forgot one other option.

What you're missing is that you have to know specific information relevant to the case at hand is encrypt on that device. In that regard it's no different from ordering a defendant to provide the combination to a safe that is known to have criminal evidence inside.

"On the day of Gelfgatt’s arrest, after being informed of his right to remain silent, he told the authorities that he was able to decrypt his computers but would not do so.
As the MSJC ruled:

        During his postarrest interview with State police Trooper Patrick M. Johnson, the defendant stated that he had performed real estate work for Baylor Holdings, which he understood to be a financial services company. He explained that his communications with this company, which purportedly was owned by Russian individuals, were highly encrypted because, according to the defendant, "[that] is how Russians do business." The defendant informed Trooper Johnson that he had more than one computer at his home, that the program for communicating with Baylor Holdings was installed on a laptop, and that "[e]verything is encrypted and no one is going to get to it." The defendant acknowledged that he was able to perform decryption. Further, and most significantly, the defendant said that because of encryption, the police were "not going to get to any of [his] computers," thereby implying that all of them were encrypted.

        When considering the entirety of the defendant's interview with Trooper Johnson, it is apparent that the defendant was engaged in real estate transactions involving Baylor Holdings, that he used his computers to allegedly communicate with its purported owners, that the information on all of his computers pertaining to these transactions was encrypted, and that he had the ability to decrypt the files and documents. The facts that would be conveyed by the defendant through his act of decryption—his ownership and control of the computers and their contents, knowledge of the fact of encryption, and knowledge of the encryption key—already are known to the government and, thus, are a "foregone conclusion." The Commonwealth's motion to compel decryption does not violate the defendant's rights under the Fifth Amendment because the defendant is only telling the government what it already knows."

So basically those who don't know their rights and how to keep their mouths shut may end up in a sticky situation.

Re:All commercial Crypto products have NSA backdoo

Let me save the GP the trouble of responding:

blah blah Google it yourself, blah blah not doing your homework for you even though I know it's really my homework, blah blah I refuse to understand burden of proof, blah blah hypocritical accusation of laziness, blah blah u r sheeple.

Since When...

[Stormy+Dragon]

...has the fact a program simply won't work deterred the Government from attempting it anyways?

Device access

Just because there may be open "app" warfare continuing on the devices, doesn't mean that sanctioned device access offers no value whatsoever.

There are plenty of use cases where access to the mundane contents of a device offer valuable information over and above whatever may be stored in "deep crypto". Especially in cases involving people that simply would no be using deep crypto.

Consider the phone of a murder victim, one that was killed for a mundane emotional reason rather than some nefarious terrorist plot.

The State already has access to pretty much everything but the contents of your head and other protected conversations. It can access your house, your safes, your safe deposit boxes, your bank records, phone records, medical records, etc. etc. The State is allowed to do irreparable damage to gain access to these things. It can burn your safe open, kick your door open, carve your mattress open with a knife, disassemble your car to it's component bits. All with no compensation for damages rendered. And all under guise of authority through lawful procedures (i.e. warrants).

Frankly, you phone should not be exempt from this process.

Have the factories key escrow the devices, require physical access, and a jtag connector causing destruction of the phone (well, the case), and I'd have no problem with it at all.

If you then put some deep crypto on top of that layer, then fine. The factory encryption keeps the phone "safe" from generic ne'er do wells. But the State, society has the access it needs in order to perform the criminal investigations we, the people, have charged them to do.

If I have a photo of my killer on my phone, I sure wouldn't mind them having that information. Anyone else can be offered to submit their pass code, or basically be told "Well, ok, we're going to destroy your phone then and get the information anyway." Just like everything else.

And yes, I'm wary of the state as much as anybody, but unless we're going to roll back all of the other things that the State has access too during criminal investigations, I don't see why a cell phone should be any different.

Re:Device access

[Damarkus13]

The issue is that I shouldn't have to trust the escrow service. Hell, even RSA lost a master key DB, and their entire reputation is built around security.

Only evildoers use crypto

If you have something to hide, maybe you should stop being evil. I, for one, welcome our omnipotent crypto destroying overlords.

Preaching to the Converted

Seriously, no matter what this Stanford researcher's credentials, or reputation, or logic, or merits. The Three Letter Agencies have said they want a back door, does anyone doubt they will do everything in their power to get it? Does anyone think their political masters will say no? Does anyone believe the average citizen will understand what this is about or care?

Also, didn't the GHGQ ask for exactly the same thing? Which hints that every partner in the Five Eyes likely also wants this.

The default position of any spy agency is to ask for more information. All Your Base Are Belong To Us, that's how they think. And if questioned why, they blather on about how you don't need to know, they have the authority, and what business is it of yours anyway? "If you don't have anything to hide you won't mind being spied upon" is the BS rationale for it all.

When in reality, it's creepy, violates reasonable expectations of privacy, usurps due process, is certainly unconstitutional, and creates a mammoth opportunity for abuse of power for all the wrong reasons. Oh, and the Three Letter Agencies can never quite get their facts straight about how effective all this spying is. Not that this ultimately matters much. Be careful about arguing minor secondary issues of effectiveness, when the primary issues are unconstitutionality, followed by due process and privacy. It's just that the final insult in this farce is that an illegal spying program also cannot be proven effective.

Re:Preaching to the Converted

[Damarkus13]

Does anyone believe the average citizen will understand what this is about or care?

Thankfully we don't have to depend on the average citizen. Any sort of backdoor has risk management people sweating. For once, big business is on our side.

Encrypt More

[duke_cheetah2003]

Seems to me, everytime they talk about this kind of thing, it does exactly what I want. Raise crypto awareness. Keep trying guberment. The more you preach for backdoors, the more people you make aware of the usefulness of crypto. Streisand effect anyone?

Why Crypto Backdoors Wouldn't Work

[grep+-v+'.*'+*]

to make ... apps just slightly more difficult ... and just slightly less worthwhile ... the government would have to go to extraordinary lengths.

Ahh, well there's your problem: you expect resource restrictions and common sense from government.

"the government would have to go to extraordinary lengths" Really!?! When has that ever stopped them from doing anything?

baseband.

Encryption is often placebo; no cellular phone will ever be secure the way things are going... do the research- you'll find they already have their backdoor for most devices. uefi, efi- are suspect as well, but I've not come across anything nearly as condemning as what's trivially possible with cheap hardware and known baseband hacking. -the feds don't have to hack it- it's built in...

WINDOWS = INSECURITY

Because all you fucking morons, are still running windows and don't learn.

I love how this discussion can even happen, with hundreds of comments, and people still do not want to mention the common vector / denominator to all these attacks: WINDOWSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS

Re:WINDOWS = INSECURITY

This is not a Windows issue, you retard. This affects all platforms and all operating systems.

You know nothing about security, you don't want to learn about it, and you don't want anyone else to learn.

no

The answer is asbolutely fucking no! What fucking liberal asstard would even post this. We are guaranteened a 4th amendent right and protection. I will defend it with my life if nescesary because nobody has the man balls to do it anymore.

Obligatory XKCD

[rsilvergun]

Surprised nobody posted this yet.

It's already in progress

[Antique+Geekmeister]

Examine carefully the 'Trusted Computing' hardware and software components for new computers. Governmental agencies already have access to not only the escrowed keys, but to the master keys used to revoke and authorize other new keys. For personal security, it's quite troubling.

The NSA doesnt need a backdoor

It already has access built into the CPU at a machine level, is my guess.

Re:The NSA doesnt need a backdoor

Intel AMT.

The only way around this is murder, lots of it, untill the feminist empire is gone.

See Obamacare

It's working; my insurance stocks have gone up magnificently, to the order of 6x the market.

suckers

Criminals are dumb

[iamacat]

Lots have been caught with plaintext browser history on their hard drives listing Google queries like "how to dispose of a body". That despite tools to clear or not record such history are easily available. To such end, having a half hearted, optional key escrow may do a lot of good. Let smartphones be encrypted by default, with a copy of the key encrypted with a public key of a cloud company that has an excellent security record. Then if someone forgets their password, and shows up at Apple or Verizon store with a valid ID, they can have their vacation photos back. So can law enforcement if they produce a valid and narrow scope search warrant.

At the same time, people can install custom ROMs that support encryption that is potentially impractical to crack. That's important for many reasons including personal freedom and keeping country's technological edge by encouraging people to develop and understand software. Whistleblowers will get to keep their privacy, and so will a few criminal masterminds. But chances are, the later will have dumb associates who will set their password to 12345. I think a bet that smart people are generally also well intentioned is a good one for our society to make. In the meantime, we don't have to make life of the next Scott Peterson too easy.

Re:Criminals are dumb

"... with a copy of the key encrypted with a public key of a cloud company that has an excellent security record."

Reminds me of the saying about motorcyclists, that "There are two kinds, those that have wrecked and those that will wreck". Kinda like cloud companies with important data and getting compromised/cracked/breached/insertYourFavoriteTerm.

No thanks on the key escrow.

Re:Criminals are dumb

[iamacat]

That's not most people's risk profile. An average user is more likely to have personal data lost or stolen from their personal devices than a cloud provider with a professional IT department. Even in terms of legal risk, you could be jailed for contempt of court for failing to produce documents in what is otherwise a civil matter. Or not have access to favorable evidence.

You absolutely should have legal right to run whatever software you want. I just disagree with article's premise that most criminals would go install custom ROMs and sideload apps. Anyone with enough wits and self control to do this consistently is likely smart enough to achieve their goals in legal ways.

Re:Criminals are dumb

[Mathinker]

> make life of the next Scott Peterson too easy

Had never heard of him, and after searching I discovered that he is on death row, even though there was no "hard" evidence that he murdered his wife. Could you explain, then, how he is a good example to use to justify weakening encryption for all of society? His case would seem to be exactly the opposite --- a good example how, even if encryption of all our devices were impregnable, most criminals are stupid and it wouldn't help them anyway (hey, that's even the subject of your post!)

Here's why Crypto backdoors won't work...

Leaks like this just tell people that that need to encrypt their shit using third party software. There will always be Third Party crypto software out there, and this will only encourage it to get stronger. You basically can't install a backdoor on much of the crypto software out there, because people of means can see the code (Open Source.) That's kind of the point. I'm in favor of the crypto concept...my phone is encrypted, and I don't even have anything to hide. It's more to piss the NSA off than anything, and because I can, and to make it so that if anyone stole my phone, it would be a brick. I'm not afraid of the NSA...I'm afraid of Industrial hackers, and even then, I don't put stuff on my phone that is sensitive. Joke's on them...all they'll find is porn. And, frankly, my taste in porn is questionable.

There's a simple solution

It only takes the courage to implement it: all crypto technology must be endorsed by the government, then it's only a matter of seeking out the black sheep. Using non-government approved cryptography? Automatic 20 years sentence. Possession of non-government approved crypto tools? Automatic 20 years sentence. Developing tools to circumvent surveillance? Automatic 40 years sentence. Discussing such tech? Minimum 50'000$ fine the first time, 5 years sentence after that. Make a couple of high-profile examples and the rest will behave. As for the rest of the world... Well, they seem so eager to trade sith us, I'm sure they will get the message. :)

Captain Obvious

"Your devices should come with a government backdoor"
is NOT equal to
"Walking step-by-step through a hypothetical backdoored Android"

Government backdoor means hardware has been laced with "funny" instructions, something like the Pentium bug, but less obvious. Who knows of the trick can interpret the skewed results to crack crypto with magnitudes less effort, but those left in the dark still think it is really 256 or 2048 bits strenght.

I would think this is already the situation. Most microchips are designed in Haifa and they put in HW backdoors for use by Mossad / Unit 8200, as well as american use (since they really depend on goodwill for the 10 billion dollars / year US military aid package, including F-35 JSF, Apache attack helicopters, AMRAAM missiles, ammunitions, parts for nukes, misc. supplies, etc.)

The asians are only doing the fab part, they don't really fully understand the logic design of microchips they make. I think only France has a truly US/IL-independent microelectronics design and manufacturing capability from the ground up, but they have huge cost problems and the produce only goes into military tech like the SPECTRE module in the Rafale.

Cops don’t give a fuck about shit...

I found three decomposed corpses buried under my old house the other day. I called up the local po-po, told them what I found, and they said “Well, bring ’em on in, & we’ll take a look at ‘em."

Thats why I always laugh at CSI

[bobjr94]

The neighbor has a camera, hack into his internet and lets see it.

First, you need his IP address, then is his router even port mapped to his camera to allow internet viewing and what port, what brand is his brand and model is the camera so you can get the right viewing software and what about the username and password he likely has to access the cameras ? Or does a CSI team have universal backdoor access to all devices.

Give me 5 seconds....Ok Im in, Im pulling up lastnight's video now....

Congressional Hearing

Yesterday, there was a congressional subcommittee hearing regarding crypto backdoors. Congress members asked the witness panel a variety of questions related to unintentional vulnerabilities, identifying good/bad guys, economic impact, application development impact, global political impact, and whether it is even possible to design and create such a system. The "Clipper Chip" was cited. There was indirect mention of a former NSA employee. Long story short, it did not go particularly well for law enforcement or the government position in this round, but there will be others.

The witness panel, prepared written testimony, and video of that hearing can be found here: http://oversight.house.gov/hearing/encryption-technology-potential-u-s-policy-responses/