Slashdot Mirror
FBI Slammed On Capitol Hill For "Stupid" Ideas About Encryption
blottsie writes: At a hearing in Washington, D.C., on Wednesday, the FBI endured outright hostility as both technical experts and members of Congress from both parties roundly criticized the law enforcement agency's desire to place so-called back doors into encryption technology. "Creating a technological backdoor just for good guys is technologically stupid," said Rep. Ted Lieu (D-Calif.), a Stanford University computer science graduate. "That's just stupid. Our founders understood that an Orwellian overreaching government is one of the most dangerous things this world could have," Lieu said.
too much.
At the risk of being down-modded: ... it is the people that allow them to get away with this stupid shit in the first place.
Sure would be nice if this were the new climate in D.C. instead of their current 1984 theme.
Access to a time machine would explain why y'all think the founding fathers are prescient I guess.
How stupid must your plan be if politicians actually call it stupid?
i thought once I was found, but it was only a dream.
I just can't believe that an agency that (voluntarily, no less) works out of a headquarters named in J Edgar Hoober's 'honor' would have some ideas about encryption that are anything other than technologically cutting edge and fourth amendment compliant. They should probably just stick to doing their...special...brand of forensic science and leave policy to people who don't goose-step to the short bus every morning.
"Creating a technological backdoor just for good guys is technologically stupid," said Rep. Ted Lieu (D-Calif.), a Stanford University computer science graduate.
How is "a technological backdoor" restricted to just the good guys? I don't think we need to go to the Orwellian level to demonstrate how misguided such a notion is. The fact that bad guys will likely gain access as well should be sufficient.
Is it stupid? Yes no doubt about that.
Do they care? Nope.
They want this and they will get it one way or another.
Since the revelations of Snowden have effectively changed nothing, does it even matter that members of Congress are publicly against the actions of the arm(s) of government that gathers the secrets?
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
from TFA, on "a back door just for the good guys": "Our founders understood that an Orwellian overreaching government is one of the most dangerous things this world could have"
Yes, agreed. But besides that, having the back-doors only available "for the good guys" is problematic for a number of other reasons, including:
a) "the good guys" in this administration may be replaced by "less than good guys" in the next administration
b) It only takes one "not so good guy" in the organization to take advantage of a back door for nefarious purposes (perhaps with the best of intentions)
c) The existence of a back door "just for the good guys" assumes that there is no exploit that anyone could figure out with today's technology up to the technology available up to the retirement of the last piece of equipment that contained that particular back door (which might be decades). When you design a system, do you take into account the technology that will become available to break into it 20 or 30 years in the future?
d) That the "keys" for such a universal back door would be so valuable that they would inevitably be sold by someone with access to the highest bidder, or because of political or religious motivations.
The FBI might be better served by just being better at cyber break-ins than anyone else. This would allow them to do the monitoring they desire, and have the added benefits of making them work for access, rather than just go fetch passwords out of a safe, and develop some in-house expertise that could be used against real cyber criminals.
Now that I think of that last part, if we really want the FBI to understand about cyber security, it's important from an evolutionary point to never give them easy access to anything.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
... who never saw a gun control bill he didn't like. the dystopia envisioned by Orwell cannot happen without first disarming the people.
The FBI should have no trouble pulling it off then.
Its the fucking clipper chip fiasco all over again. Doomed to repeat the past....
The best part about legislating what kinds of technology people can use is that only legal entities must abide by the law.
So, the "good companies" or "good individuals" who agree with you are now penalized by having back-doors while anyone "bad" is "free" to use solid and effective tools.
Bullet, meet foot.
I for one am totally psyched for ClipperCrypt
... is just too much.
Imagine Apple builds iPhones with a back door. That phone will not sell in any other country, right? If Apple wants to sell to Japan, Apple will have to put a Japanese backdoor into those devices.
The Japanese will prohibit Apple from selling those to people in the US.
Apple will have a brazillion adaptations of its iPhones to make every country happy and that's just not going to happen.
We can bet our asses that some company somewhere will meet US market demand for clean encrypted phones and that company will be the new market leader.
For those reasons, and the argument that back doors are are open doors, the FBI will not prevail.
And, for what it's worth, the FBI, NSA, and CIA are subject to personnel back doors like Manning and Snowden.
It little behooves the best of us to comment on the rest of us.
I'd like to see them slammed for their down-syndrome-level comment about Polish collaboration with the NAZIs. Von Braun anyone? They should be renamed the Federal Bureau of Manipulation.
Bravo for Representative Lieu, but he misses the whole point. The encryption doesn't matter if a Government is so big will harm you even when it is trying to do good. The problem is not the backdoors, it is the elephant in the room - a Government that is just to big and increasingly centralized. More Government power **necessarily** means citizens lose liberty. And the Democrats and Establishment Republicans are both bad at growing Government (and the associated debt).
Power needs to be devolved back to States, municipalities and citizens. The Internet makes this possible. We don't need a centralized government that is appropriate for 20th Century industrialism when a 21st Century de-centralized system acts more responsively and less wastefully to local needs (and local Government is small enough it cannot harm you to the same degree the Feds can).
This story reminds me that it's time to go throw the EFF another $20.
https://www.eff.org/
You are welcome on my lawn.
what was the lesson of FREAK ???
I agree this is stupid. Sometimes, though, I like to think of the best arguments I can for the other side's position. In other words, come up with reasons I might be wrong.
In this case, I'd have to admit that ANY time I send an encrypted message, it should always have a way for the good guy to read the message. For example, suppose I use https to send a secure request to bank.com. That must have a way for the good guy, bank.com, to read the message. There's no technical reason it can't be encrypted such that TWO good guys have keys, bank.com and the Good Guy Bureau.
In fact, standard encryption as used by tls does almost that - two people ALREADY have the key which is used to encrypt the message. The sender has the key and so does the receiver. The shared key is then encrypted by another key generated such that two parties can know it, without either ever transmitting it. Mathematically, one could certainly add the GGB key to the algorithm.
It could be just as unbreakable as the current encryption standards, though those do depend on keys being kept secret. The Good Guy Key probably wouldn't actually be kept secret for long. That's the huge failing that makes it a non-starter from a purely technical perspective- that we'd all be screwed if the FBI's key were ever revealed or cracked. Various attempts at DRM show that widely-used keys are always cracked.
I smell hope :)
Wow. I can't believe you signed your name to that.
Holy crap, that is the dumbest thing ever. It is like you know nothing at all about the beginnings of ISOs and won't let that stop you from having an opinion.
The few Republican and Libertarian politicians that are willing to stand up to big brother, don't see anything wrong with Citizen United vs FEC and Money as Speech.
I am no Democrat. Some of them like Citizen's United vs FEC too.
Just being honest...a crooked Democrat would be better than anyone in either the Republican or Tea Party system that has been 100% co-opted by the 9% who can donate millions and billions.
There is a reason the Koch brothers are giving money to Republican Walker, he totally will let business do anything and everything they want in the name of a free market that is anything but FREE. Who would have thought 2 business men would give more money ($2 Billion) in the 2016 Presidential election? More money then the entire Republican party spent in 2012!
Do you really think the 9% are not buying anything? Walker's biggest money givers in his state received no/lower fees/penalties due to their bad business practices if not out right kickbacks...you will just be hard pressed to prove it and when you do it, good luck getting that message out.
Do your homework people, stop electing Republicans, Tea Parties and Libertarians who care more about redistributing wealth to the 9% than passing legislation to bring you jobs, make your life better and improve the American economy.
You want organic growth...its called good paying jobs! Well over $15 per hours. Remember $15 per hour = poverty in most large communities.
There was a reason that one company in Seattle declared their minimum wage to be $70K per year (google it). That's $34 per hour folks. His reason, he said he wanted his employees to come to work and be focused on work not bills they could not pay. That a person in Seattle could not live on $40K per year comfortably. That's $20 per hour folks.
THINK about it! Some people get it.
I am not a Democrat, but I know what the Republicans, Tea Party and Libertarians are selling? Tired of them redistributing the wealth to a rich few.
Organic Growth = Increasing Supply (Salaries) = Increasing Demand (being able to afford to buy). Now that is capitalism that could make a difference in a positive way.
Sad that none of the political parties get it 100% today.
Please stop voting for those that by their very system will not allow change! We can afford business as usual any more unless you want to end up like Greece! Wouldn't the 9% love that!
Please tell me this is the most subtle and nuanced ironic post ever posted on slashdot. Because almost every sentence in it seems to be a carefully crafted opposite of reality.
The economy of the U.S. was on an upswing, and the U.S. had vastly less debt.
Either you are trolling, or you were in a coma for all of 2008. The economy was in free fall at the end of Bush's term. It did not start to recover until well into Obama's first year in office. And you actually think the economy is worse now, than it was back then?
... a common sight now is posters of Bush smiling with the words "Miss me yet?" emblazoned underneath...
not even a little bit!
(to the FBI) You get a car! (to the hacker's who will obviously exploit this in no time) You get a car! (the people in general) Go eat a DICK!
Watching their key logger vomit when it got put on a mazak nexus cnc was fricking hilarious too. that and listening to the rf keys click on an am radio.
Mandatory encryption backdoors pretty much means we become a backwards island as nobody else will willingly use our crypto. It's already become a valid concern over networking gear from US companies since the NSA has been shown to subvert them, when people are buying chinese gear because it's a better option security wise than US gear you have a serious image issue.
No sir I dont like it.
Who in America still considers the FBI, NSA, or CIA to be "the good guys" anymore?
I agree this is stupid. Sometimes, though, I like to think of the best arguments I can for the other side's position. In other words, come up with reasons I might be wrong.
In this case, I'd have to admit that ANY time I send an encrypted message, it should always have a way for the good guy to read the message. For example, suppose I use https to send a secure request to bank.com. That must have a way for the good guy, bank.com, to read the message. There's no technical reason it can't be encrypted such that TWO good guys have keys, bank.com and the Good Guy Bureau.
In fact, standard encryption as used by tls does almost that - two people ALREADY have the key which is used to encrypt the message. The sender has the key and so does the receiver. The shared key is then encrypted by another key generated such that two parties can know it, without either ever transmitting it. Mathematically, one could certainly add the GGB key to the algorithm.
It could be just as unbreakable as the current encryption standards, though those do depend on keys being kept secret. The Good Guy Key probably wouldn't actually be kept secret for long. That's the huge failing that makes it a non-starter from a purely technical perspective- that we'd all be screwed if the FBI's key were ever revealed or cracked. Various attempts at DRM show that widely-used keys are always cracked.
Why bother with all that? The FBI walks in (or calls) the bank, and they hand over all your information just trying to be "helpful." This happens ALL THE TIME at ISPs and banks. Why do all the technical stuff to achieve it?
The economy was on an upswing in 2008, but the Democrats and their mass media machine kept telling people "the sky is falling!" because of the housing bubble which would have only affected bankers. Confidence in the economy fell. Then comes Obama, and the media decided to try and inspire confidence in the economy again, only to find out that's hard. Obama campaigned on Hope, so people started out hopeful in his first term. After all this time, people are less hopeful now than when Bush was in office. Republicans are unhappy. Tea Partiers are literally afraid of being gathered up into FEMA camps for reeducation. Poor Democrats are rioting. Rich Democrats want the poor Democrats to riot so they can claim a crisis. They hold back the cops until things get really bad. Hope is rare today.
I am a sub-contractor for a project that burns data onto encrypted FIPS compliant hard drives. If the FBI gets their way that puts us in breach of contract with another government agency.
"understood that an Orwellian overreaching government is one of the most dangerous things this world could have".
If they did then that would be incredible foresight (since 1984 was published in ~175 years after they set up their government structure).
Wow, you fell for it. The housing bubble was just spin to distract from what Wall Street was really doing, packaging up worthless loans and selling them as triple-A rated financial instruments. I'd suggest looking up what a credit default swap is, and what a CDO is, and why there were trillions of dollars tied up in these things. Or, start asking yourself why Lehman Brothers failed, or Bear Stearns. Those guys had zero real estate holdings -- why were they left holding the bag? If you're not overly invested in television you could try opening a book, there are a number of good dissections of the 2008 crisis (Wikipedia has a relatively poor article on the matter). I recommend The Big Short by Michael Lewis.
Your grasp of politics and finance is shallow and counterfactual. It's an impressive achievement, actually: a masterpiece of drivel. Please stay away from soapboxes, podia, and/or voting booths.
Wow, that alternate reality you live in is scary. I'll stick to the real world where none of that stuff actually happened.
Other people have corrected your incredible lack of understanding of the economy, so let me try on the Middle East.
When Bush left office, the Iraqi government was far from stable, and was propped up by the US military presence. Obama withdrew on Bush's schedule, and we had the entirely predictable disaster. The only way to stop it would have been to leave an army of occupation in Iraq indefinitely, which would have been a wonderful advertisement for Muslim terrorist organizations. Iran isn't going to openly use nukes, since the actual decision makers aren't batshit insane and they know what would happen if they did. Pakistan has had the ability to send nukes more or less covertly to terrorist organizations for a long time.
Oh, and your beliefs on race relations and riots also bear little resemblance to the reality I'm more or less in.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes