Slashdot Mirror
FBI Slammed On Capitol Hill For "Stupid" Ideas About Encryption
blottsie writes: At a hearing in Washington, D.C., on Wednesday, the FBI endured outright hostility as both technical experts and members of Congress from both parties roundly criticized the law enforcement agency's desire to place so-called back doors into encryption technology. "Creating a technological backdoor just for good guys is technologically stupid," said Rep. Ted Lieu (D-Calif.), a Stanford University computer science graduate. "That's just stupid. Our founders understood that an Orwellian overreaching government is one of the most dangerous things this world could have," Lieu said.
too much.
At the risk of being down-modded: ... it is the people that allow them to get away with this stupid shit in the first place.
Sure would be nice if this were the new climate in D.C. instead of their current 1984 theme.
Access to a time machine would explain why y'all think the founding fathers are prescient I guess.
How stupid must your plan be if politicians actually call it stupid?
i thought once I was found, but it was only a dream.
I just can't believe that an agency that (voluntarily, no less) works out of a headquarters named in J Edgar Hoober's 'honor' would have some ideas about encryption that are anything other than technologically cutting edge and fourth amendment compliant. They should probably just stick to doing their...special...brand of forensic science and leave policy to people who don't goose-step to the short bus every morning.
"Creating a technological backdoor just for good guys is technologically stupid," said Rep. Ted Lieu (D-Calif.), a Stanford University computer science graduate.
How is "a technological backdoor" restricted to just the good guys? I don't think we need to go to the Orwellian level to demonstrate how misguided such a notion is. The fact that bad guys will likely gain access as well should be sufficient.
Is it stupid? Yes no doubt about that.
Do they care? Nope.
They want this and they will get it one way or another.
Since the revelations of Snowden have effectively changed nothing, does it even matter that members of Congress are publicly against the actions of the arm(s) of government that gathers the secrets?
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
from TFA, on "a back door just for the good guys": "Our founders understood that an Orwellian overreaching government is one of the most dangerous things this world could have"
Yes, agreed. But besides that, having the back-doors only available "for the good guys" is problematic for a number of other reasons, including:
a) "the good guys" in this administration may be replaced by "less than good guys" in the next administration
b) It only takes one "not so good guy" in the organization to take advantage of a back door for nefarious purposes (perhaps with the best of intentions)
c) The existence of a back door "just for the good guys" assumes that there is no exploit that anyone could figure out with today's technology up to the technology available up to the retirement of the last piece of equipment that contained that particular back door (which might be decades). When you design a system, do you take into account the technology that will become available to break into it 20 or 30 years in the future?
d) That the "keys" for such a universal back door would be so valuable that they would inevitably be sold by someone with access to the highest bidder, or because of political or religious motivations.
The FBI might be better served by just being better at cyber break-ins than anyone else. This would allow them to do the monitoring they desire, and have the added benefits of making them work for access, rather than just go fetch passwords out of a safe, and develop some in-house expertise that could be used against real cyber criminals.
Now that I think of that last part, if we really want the FBI to understand about cyber security, it's important from an evolutionary point to never give them easy access to anything.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
... who never saw a gun control bill he didn't like. the dystopia envisioned by Orwell cannot happen without first disarming the people.
The FBI should have no trouble pulling it off then.
Its the fucking clipper chip fiasco all over again. Doomed to repeat the past....
The best part about legislating what kinds of technology people can use is that only legal entities must abide by the law.
So, the "good companies" or "good individuals" who agree with you are now penalized by having back-doors while anyone "bad" is "free" to use solid and effective tools.
Bullet, meet foot.
I for one am totally psyched for ClipperCrypt
... is just too much.
Imagine Apple builds iPhones with a back door. That phone will not sell in any other country, right? If Apple wants to sell to Japan, Apple will have to put a Japanese backdoor into those devices.
The Japanese will prohibit Apple from selling those to people in the US.
Apple will have a brazillion adaptations of its iPhones to make every country happy and that's just not going to happen.
We can bet our asses that some company somewhere will meet US market demand for clean encrypted phones and that company will be the new market leader.
For those reasons, and the argument that back doors are are open doors, the FBI will not prevail.
And, for what it's worth, the FBI, NSA, and CIA are subject to personnel back doors like Manning and Snowden.
It little behooves the best of us to comment on the rest of us.
I'd like to see them slammed for their down-syndrome-level comment about Polish collaboration with the NAZIs. Von Braun anyone? They should be renamed the Federal Bureau of Manipulation.
Bravo for Representative Lieu, but he misses the whole point. The encryption doesn't matter if a Government is so big will harm you even when it is trying to do good. The problem is not the backdoors, it is the elephant in the room - a Government that is just to big and increasingly centralized. More Government power **necessarily** means citizens lose liberty. And the Democrats and Establishment Republicans are both bad at growing Government (and the associated debt).
Power needs to be devolved back to States, municipalities and citizens. The Internet makes this possible. We don't need a centralized government that is appropriate for 20th Century industrialism when a 21st Century de-centralized system acts more responsively and less wastefully to local needs (and local Government is small enough it cannot harm you to the same degree the Feds can).
This story reminds me that it's time to go throw the EFF another $20.
https://www.eff.org/
You are welcome on my lawn.
what was the lesson of FREAK ???
I agree this is stupid. Sometimes, though, I like to think of the best arguments I can for the other side's position. In other words, come up with reasons I might be wrong.
In this case, I'd have to admit that ANY time I send an encrypted message, it should always have a way for the good guy to read the message. For example, suppose I use https to send a secure request to bank.com. That must have a way for the good guy, bank.com, to read the message. There's no technical reason it can't be encrypted such that TWO good guys have keys, bank.com and the Good Guy Bureau.
In fact, standard encryption as used by tls does almost that - two people ALREADY have the key which is used to encrypt the message. The sender has the key and so does the receiver. The shared key is then encrypted by another key generated such that two parties can know it, without either ever transmitting it. Mathematically, one could certainly add the GGB key to the algorithm.
It could be just as unbreakable as the current encryption standards, though those do depend on keys being kept secret. The Good Guy Key probably wouldn't actually be kept secret for long. That's the huge failing that makes it a non-starter from a purely technical perspective- that we'd all be screwed if the FBI's key were ever revealed or cracked. Various attempts at DRM show that widely-used keys are always cracked.
I smell hope :)
When Bush left office, the Middle East was pretty safe, and had a functional democracy in Iraq.
The economy of the U.S. was on an upswing, and the U.S. had vastly less debt.
Now the middle east is blowing up all over, soon very literally when Iran achieves nuclear weapons. The economy is tanking again, the national debt is monstrously high, there are not infrequent waves of rioting and looting in many major cities. Race relations are at an all time low, in part because so many criticisms these days are countered with "you only disagree with me because I am black", an argument that trickles down to the population at large. It makes it impossible to talk about real instances of racism when so many things that are not, are labeled as such.
Civilians in other countries certainly don't feel much safer since instead of discriminating troops locking down an area or fighting other troops, we have vastly increased drone strikes that often harm innocents.
I'm not sure in what way you can possibly justify saying Obama is even a little better than Bush in terms of safety and hope, since there is now so much less of both than when Bush left office.
So much so, that a common sight now is posters of Bush smiling with the words "Miss me yet?" emblazoned underneath...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The few Republican and Libertarian politicians that are willing to stand up to big brother, don't see anything wrong with Citizen United vs FEC and Money as Speech.
I am no Democrat. Some of them like Citizen's United vs FEC too.
Just being honest...a crooked Democrat would be better than anyone in either the Republican or Tea Party system that has been 100% co-opted by the 9% who can donate millions and billions.
There is a reason the Koch brothers are giving money to Republican Walker, he totally will let business do anything and everything they want in the name of a free market that is anything but FREE. Who would have thought 2 business men would give more money ($2 Billion) in the 2016 Presidential election? More money then the entire Republican party spent in 2012!
Do you really think the 9% are not buying anything? Walker's biggest money givers in his state received no/lower fees/penalties due to their bad business practices if not out right kickbacks...you will just be hard pressed to prove it and when you do it, good luck getting that message out.
Do your homework people, stop electing Republicans, Tea Parties and Libertarians who care more about redistributing wealth to the 9% than passing legislation to bring you jobs, make your life better and improve the American economy.
You want organic growth...its called good paying jobs! Well over $15 per hours. Remember $15 per hour = poverty in most large communities.
There was a reason that one company in Seattle declared their minimum wage to be $70K per year (google it). That's $34 per hour folks. His reason, he said he wanted his employees to come to work and be focused on work not bills they could not pay. That a person in Seattle could not live on $40K per year comfortably. That's $20 per hour folks.
THINK about it! Some people get it.
I am not a Democrat, but I know what the Republicans, Tea Party and Libertarians are selling? Tired of them redistributing the wealth to a rich few.
Organic Growth = Increasing Supply (Salaries) = Increasing Demand (being able to afford to buy). Now that is capitalism that could make a difference in a positive way.
Sad that none of the political parties get it 100% today.
Please stop voting for those that by their very system will not allow change! We can afford business as usual any more unless you want to end up like Greece! Wouldn't the 9% love that!
(to the FBI) You get a car! (to the hacker's who will obviously exploit this in no time) You get a car! (the people in general) Go eat a DICK!
Watching their key logger vomit when it got put on a mazak nexus cnc was fricking hilarious too. that and listening to the rf keys click on an am radio.
Mandatory encryption backdoors pretty much means we become a backwards island as nobody else will willingly use our crypto. It's already become a valid concern over networking gear from US companies since the NSA has been shown to subvert them, when people are buying chinese gear because it's a better option security wise than US gear you have a serious image issue.
No sir I dont like it.
Who in America still considers the FBI, NSA, or CIA to be "the good guys" anymore?
I agree this is stupid. Sometimes, though, I like to think of the best arguments I can for the other side's position. In other words, come up with reasons I might be wrong.
In this case, I'd have to admit that ANY time I send an encrypted message, it should always have a way for the good guy to read the message. For example, suppose I use https to send a secure request to bank.com. That must have a way for the good guy, bank.com, to read the message. There's no technical reason it can't be encrypted such that TWO good guys have keys, bank.com and the Good Guy Bureau.
In fact, standard encryption as used by tls does almost that - two people ALREADY have the key which is used to encrypt the message. The sender has the key and so does the receiver. The shared key is then encrypted by another key generated such that two parties can know it, without either ever transmitting it. Mathematically, one could certainly add the GGB key to the algorithm.
It could be just as unbreakable as the current encryption standards, though those do depend on keys being kept secret. The Good Guy Key probably wouldn't actually be kept secret for long. That's the huge failing that makes it a non-starter from a purely technical perspective- that we'd all be screwed if the FBI's key were ever revealed or cracked. Various attempts at DRM show that widely-used keys are always cracked.
Why bother with all that? The FBI walks in (or calls) the bank, and they hand over all your information just trying to be "helpful." This happens ALL THE TIME at ISPs and banks. Why do all the technical stuff to achieve it?
I am a sub-contractor for a project that burns data onto encrypted FIPS compliant hard drives. If the FBI gets their way that puts us in breach of contract with another government agency.
"understood that an Orwellian overreaching government is one of the most dangerous things this world could have".
If they did then that would be incredible foresight (since 1984 was published in ~175 years after they set up their government structure).