Slashdot Mirror
FBI Slammed On Capitol Hill For "Stupid" Ideas About Encryption
blottsie writes: At a hearing in Washington, D.C., on Wednesday, the FBI endured outright hostility as both technical experts and members of Congress from both parties roundly criticized the law enforcement agency's desire to place so-called back doors into encryption technology. "Creating a technological backdoor just for good guys is technologically stupid," said Rep. Ted Lieu (D-Calif.), a Stanford University computer science graduate. "That's just stupid. Our founders understood that an Orwellian overreaching government is one of the most dangerous things this world could have," Lieu said.
At the risk of being down-modded: ... it is the people that allow them to get away with this stupid shit in the first place.
Sure would be nice if this were the new climate in D.C. instead of their current 1984 theme.
How stupid must your plan be if politicians actually call it stupid?
i thought once I was found, but it was only a dream.
I just can't believe that an agency that (voluntarily, no less) works out of a headquarters named in J Edgar Hoober's 'honor' would have some ideas about encryption that are anything other than technologically cutting edge and fourth amendment compliant. They should probably just stick to doing their...special...brand of forensic science and leave policy to people who don't goose-step to the short bus every morning.
"Creating a technological backdoor just for good guys is technologically stupid," said Rep. Ted Lieu (D-Calif.), a Stanford University computer science graduate.
How is "a technological backdoor" restricted to just the good guys? I don't think we need to go to the Orwellian level to demonstrate how misguided such a notion is. The fact that bad guys will likely gain access as well should be sufficient.
The term was Orwellian, which constitutes a few things..
"Orwellian" is an adjective describing the situation, idea, or societal condition that George Orwell identified as being destructive to the welfare of a free and open society. It denotes an attitude and a brutal policy of draconian control by propaganda, surveillance, misinformation, denial of truth, and manipulation of the past, including the "unperson" – a person whose past existence is expunged from the public record and memory, practised by modern repressive governments. Often, this includes the circumstances depicted in his novels, particularly 1984.
While I don't think our founding fathers understood the concept of an "unperson" or manipulating the past, they did understand how Colonial rule worked which by all accounts came close to being Orwellian.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Since the revelations of Snowden have effectively changed nothing, does it even matter that members of Congress are publicly against the actions of the arm(s) of government that gathers the secrets?
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
No, the founding fathers had seen some pretty bad behavior from kings and tyrants, and were people who understood the big picture.
They certainly didn't anticipate everything, but they sure as hell tried to lay the groundwork for trying to formulate how to prevent this crap.
And then people got all scared and lost their shot and decided "oh, fuck all those constitutional protections, we're scared".
The problem with the FBI is they moronically believe that if they poke holes in crypto that it would still have any value. Because they're too fucking concerned about getting this information they can't stop to think that if there are holes for them, there's holes for anybody else to use.
What the FBI et al are basically saying amounts to "everybody should leave their house unlocked in case we need to go in, and we will go 'la la la' and pretend that nobody else will do this".
The FBI are either collectively too fucking stupid, or too fucking fascist to comprehend that crypto only really works if you don't punch holes in it.
But, hey, between law enforcement hiding how often they use that Stingray thing, and the "manaul of institutional perjury" which is parallel construction -- maybe it's time we stopped treating them as anything but a corrupt organization which needs a serious culling?
Fire 'em, arrest 'em, hang 'em -- it doesn't matter. These clowns have decided the law doesn't apply to them, so they don't deserve to be treated like the good guys.
Lost at C:>. Found at C.
Access to a time machine would explain why y'all think the founding fathers are prescient I guess.
Or Orwell read the founding fathers, among others who had similar concerns. And Orwell more concisely portrayed the problem to the public and so the phrase Orwellian gets attached. No time machine necessary. :-)
from TFA, on "a back door just for the good guys": "Our founders understood that an Orwellian overreaching government is one of the most dangerous things this world could have"
Yes, agreed. But besides that, having the back-doors only available "for the good guys" is problematic for a number of other reasons, including:
a) "the good guys" in this administration may be replaced by "less than good guys" in the next administration
b) It only takes one "not so good guy" in the organization to take advantage of a back door for nefarious purposes (perhaps with the best of intentions)
c) The existence of a back door "just for the good guys" assumes that there is no exploit that anyone could figure out with today's technology up to the technology available up to the retirement of the last piece of equipment that contained that particular back door (which might be decades). When you design a system, do you take into account the technology that will become available to break into it 20 or 30 years in the future?
d) That the "keys" for such a universal back door would be so valuable that they would inevitably be sold by someone with access to the highest bidder, or because of political or religious motivations.
The FBI might be better served by just being better at cyber break-ins than anyone else. This would allow them to do the monitoring they desire, and have the added benefits of making them work for access, rather than just go fetch passwords out of a safe, and develop some in-house expertise that could be used against real cyber criminals.
Now that I think of that last part, if we really want the FBI to understand about cyber security, it's important from an evolutionary point to never give them easy access to anything.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
The FBI should have no trouble pulling it off then.
Its the fucking clipper chip fiasco all over again. Doomed to repeat the past....
Oh, I think that they understood the concept very well. It's not exactly new; the Romans used it as did the Greeks in a few cases.
Good, inexpensive web hosting
The best part about legislating what kinds of technology people can use is that only legal entities must abide by the law.
So, the "good companies" or "good individuals" who agree with you are now penalized by having back-doors while anyone "bad" is "free" to use solid and effective tools.
Bullet, meet foot.
If they do, the US is probably suffering badly for it.
Think who has the most intellectual property. Ponder who does the most research. Consider that spying is cheaper than researching. Know that a backdoor does not care who is using it.
And now ponder what using this backdoor in the computers of a US corporation by a Chinese corporation could do to the GDP of either country.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Considering that the US still retains the 2nd, very obviously it can.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
People do enjoy saying that; but that doesn't seem to change the more or less total absence of any repressive measures, activities, or persons being literally shot down. Maybe whoever pinged a few rounds off the NSA's windows deserves some credit for effort; but he's pretty lonely. Hell, the last person to even unnerve the DC area was probably the beltway sniper, and he was some shithead gunning for his ex wife or something. Seriously guys, let's see some blood of patriots and tyrants, or the admission that guns are a fun hobby; but spare us the empty chest-beating nonsense.
The FBI doesn't care if they break the entire purpose of Crypto. They would like the world without crypto at least in their day job. You do something foolish in assuming they don't understand that it would break the entire purpose of crypto. They likely understand that all too well.
No, Orwell visited fascist Spain, and wrote a fictionalized version set in a venue English speakers could identify with. (I've heard that it's called 1984 because he was reporting on 1948.)
I think we've pushed this "anyone can grow up to be president" thing too far.
He is probably the most effective example in reasonably contemporary history. Which isn't terribly impressive given that most people couldn't actually tell you what he was for or against, his activities had no visible effect on any federal activity he was against, and he ended up getting executed, and his main assistant sent to ADX Florence to rot more or less without controversy.
Also (like most people who want to get some asymmetric warfare done) he didn't bother with the abject futility of a gun battle against superior forces, and opted for explosives and stealth instead.
Definitely the best example available; but not...exactly...a striking demonstration of effectiveness.
Indeed. There are 4 boxes to use in the defense of liberty, and they need to be used in order. Right now we are at the soap box stage. Next is the ballot box stage, and there isn't a lot being done there now. Then the jury box - much like the ballot box, not a lot going on there, and there needs to be. The last choice is the ammo box, a desperate measure.
If 1946 is contemporary enough, you may want to read up on the Battle of Athens - http://jpfo.org/filegen-a-m/at...
I think McVeigh was a terrorist - there are LOTS of other targets out there for "an attack against the government" or even a particular branch or department of the government where there would've been a lot less civilian "sucks to be you" casualties esp with the daycare center.
Don't blame me, I voted for Kodos
... is just too much.
Imagine Apple builds iPhones with a back door. That phone will not sell in any other country, right? If Apple wants to sell to Japan, Apple will have to put a Japanese backdoor into those devices.
The Japanese will prohibit Apple from selling those to people in the US.
Apple will have a brazillion adaptations of its iPhones to make every country happy and that's just not going to happen.
We can bet our asses that some company somewhere will meet US market demand for clean encrypted phones and that company will be the new market leader.
For those reasons, and the argument that back doors are are open doors, the FBI will not prevail.
And, for what it's worth, the FBI, NSA, and CIA are subject to personnel back doors like Manning and Snowden.
It little behooves the best of us to comment on the rest of us.
I'd like to see them slammed for their down-syndrome-level comment about Polish collaboration with the NAZIs. Von Braun anyone? They should be renamed the Federal Bureau of Manipulation.
Bravo for Representative Lieu, but he misses the whole point. The encryption doesn't matter if a Government is so big will harm you even when it is trying to do good. The problem is not the backdoors, it is the elephant in the room - a Government that is just to big and increasingly centralized. More Government power **necessarily** means citizens lose liberty. And the Democrats and Establishment Republicans are both bad at growing Government (and the associated debt).
Power needs to be devolved back to States, municipalities and citizens. The Internet makes this possible. We don't need a centralized government that is appropriate for 20th Century industrialism when a 21st Century de-centralized system acts more responsively and less wastefully to local needs (and local Government is small enough it cannot harm you to the same degree the Feds can).
This story reminds me that it's time to go throw the EFF another $20.
https://www.eff.org/
You are welcome on my lawn.
Did you not see the recent scandal about the FBI forensic lab techs who lied on the stand? One guy's hair was matched to a fucking dog.
Right now we are at the soap box stage.
Peoples have been saying that forever, ignoring that fact that we did try all but the last one on multiple occasion and they didn't work. With that denial attitude, we will always be at the soap box. This is what coward want, look brave without risking supporting terrorists.
Also that daycare center was literally government hit-men hiding behind children. Face it, when the Palestinian complain that Israel bombed children (daycare center), the immediate response is that Hamas should not have use them for human shield. It is only fair to apply the same judgement here. If these children where that precious, armed government agents shouldn't have hidden behind them.
what was the lesson of FREAK ???
I agree this is stupid. Sometimes, though, I like to think of the best arguments I can for the other side's position. In other words, come up with reasons I might be wrong.
In this case, I'd have to admit that ANY time I send an encrypted message, it should always have a way for the good guy to read the message. For example, suppose I use https to send a secure request to bank.com. That must have a way for the good guy, bank.com, to read the message. There's no technical reason it can't be encrypted such that TWO good guys have keys, bank.com and the Good Guy Bureau.
In fact, standard encryption as used by tls does almost that - two people ALREADY have the key which is used to encrypt the message. The sender has the key and so does the receiver. The shared key is then encrypted by another key generated such that two parties can know it, without either ever transmitting it. Mathematically, one could certainly add the GGB key to the algorithm.
It could be just as unbreakable as the current encryption standards, though those do depend on keys being kept secret. The Good Guy Key probably wouldn't actually be kept secret for long. That's the huge failing that makes it a non-starter from a purely technical perspective- that we'd all be screwed if the FBI's key were ever revealed or cracked. Various attempts at DRM show that widely-used keys are always cracked.
I smell hope :)
There are many kinds of dystopia. Another example from pop culture would be Zombieland.
Orwell believed that the advancement of technology, combined with government control, would lead to a particularly frightening dystopia. One where the government would use technology (mostly mass surveillance and control of information repositories) to control thought and knowledge. That's why I prefer the technology industry maintain a healthy antagonism with the government. The fact that the (UK) government castrated the inventor of the modern computer and drove him to suicide helps, plus the government's continual attempts to screw over and/or control the technology industry (patents, DMCA, NSA, etc.).
What really worries me is "tech" companies that want to help the government, like Palantir. I'm sure there are others.
The right to protest the State is more sacred than the State.
Is it stupid? Yes no doubt about that...They want this and they will get it one way or another.
No, they won't. When you have have Congress telling you how stupid you are, that's a clue that you aren't going to get what you want. The FBI knows it's a moronic idea too, they are doing this to plant the idea that the reason they appear incompetent and ineffectual is that their hands are being tied. Without a ready excuse, the next time a bad event happens they might have to admit that they made mistakes or that they are incapable of doing the job they are tasked with.
The few Republican and Libertarian politicians that are willing to stand up to big brother, don't see anything wrong with Citizen United vs FEC and Money as Speech.
I am no Democrat. Some of them like Citizen's United vs FEC too.
Just being honest...a crooked Democrat would be better than anyone in either the Republican or Tea Party system that has been 100% co-opted by the 9% who can donate millions and billions.
There is a reason the Koch brothers are giving money to Republican Walker, he totally will let business do anything and everything they want in the name of a free market that is anything but FREE. Who would have thought 2 business men would give more money ($2 Billion) in the 2016 Presidential election? More money then the entire Republican party spent in 2012!
Do you really think the 9% are not buying anything? Walker's biggest money givers in his state received no/lower fees/penalties due to their bad business practices if not out right kickbacks...you will just be hard pressed to prove it and when you do it, good luck getting that message out.
Do your homework people, stop electing Republicans, Tea Parties and Libertarians who care more about redistributing wealth to the 9% than passing legislation to bring you jobs, make your life better and improve the American economy.
You want organic growth...its called good paying jobs! Well over $15 per hours. Remember $15 per hour = poverty in most large communities.
There was a reason that one company in Seattle declared their minimum wage to be $70K per year (google it). That's $34 per hour folks. His reason, he said he wanted his employees to come to work and be focused on work not bills they could not pay. That a person in Seattle could not live on $40K per year comfortably. That's $20 per hour folks.
THINK about it! Some people get it.
I am not a Democrat, but I know what the Republicans, Tea Party and Libertarians are selling? Tired of them redistributing the wealth to a rich few.
Organic Growth = Increasing Supply (Salaries) = Increasing Demand (being able to afford to buy). Now that is capitalism that could make a difference in a positive way.
Sad that none of the political parties get it 100% today.
Please stop voting for those that by their very system will not allow change! We can afford business as usual any more unless you want to end up like Greece! Wouldn't the 9% love that!
Please tell me this is the most subtle and nuanced ironic post ever posted on slashdot. Because almost every sentence in it seems to be a carefully crafted opposite of reality.
You can actually find plenty of 'unpersons' in the Egyptian pharaohs carving out any references of some of their disliked predecessors out of all the monuments they could find. Leading to plenty of perplexing datation problems for historians.
Non-Linux Penguins ?
I don't understand how those lab technicians are not in jail for criminal incompetence.
Non-Linux Penguins ?
Yes, I know. There's enough cases listed on the Wikipedia page that I linked to from many ancient cultures, but I thought that it was better to encourage readers to follow the link and maybe learn something than to have me re-write all of the known cases.
Good, inexpensive web hosting
The founding fathers are more enlightened than big brother, they loved us all and foresaw all eventualities, yes I love the founding fathers.
If you think someone isn't free to have a different definition of "freedom" you may be a tyrant.
Mandatory encryption backdoors pretty much means we become a backwards island as nobody else will willingly use our crypto. It's already become a valid concern over networking gear from US companies since the NSA has been shown to subvert them, when people are buying chinese gear because it's a better option security wise than US gear you have a serious image issue.
No sir I dont like it.
That's what he gets for making his toupee out of his pet's fur.
I'm too lazy to compose a creative sig.
Who in America still considers the FBI, NSA, or CIA to be "the good guys" anymore?
I agree this is stupid. Sometimes, though, I like to think of the best arguments I can for the other side's position. In other words, come up with reasons I might be wrong.
In this case, I'd have to admit that ANY time I send an encrypted message, it should always have a way for the good guy to read the message. For example, suppose I use https to send a secure request to bank.com. That must have a way for the good guy, bank.com, to read the message. There's no technical reason it can't be encrypted such that TWO good guys have keys, bank.com and the Good Guy Bureau.
In fact, standard encryption as used by tls does almost that - two people ALREADY have the key which is used to encrypt the message. The sender has the key and so does the receiver. The shared key is then encrypted by another key generated such that two parties can know it, without either ever transmitting it. Mathematically, one could certainly add the GGB key to the algorithm.
It could be just as unbreakable as the current encryption standards, though those do depend on keys being kept secret. The Good Guy Key probably wouldn't actually be kept secret for long. That's the huge failing that makes it a non-starter from a purely technical perspective- that we'd all be screwed if the FBI's key were ever revealed or cracked. Various attempts at DRM show that widely-used keys are always cracked.
Why bother with all that? The FBI walks in (or calls) the bank, and they hand over all your information just trying to be "helpful." This happens ALL THE TIME at ISPs and banks. Why do all the technical stuff to achieve it?
I am a sub-contractor for a project that burns data onto encrypted FIPS compliant hard drives. If the FBI gets their way that puts us in breach of contract with another government agency.
"understood that an Orwellian overreaching government is one of the most dangerous things this world could have".
If they did then that would be incredible foresight (since 1984 was published in ~175 years after they set up their government structure).
Wow, that alternate reality you live in is scary. I'll stick to the real world where none of that stuff actually happened.
Other people have corrected your incredible lack of understanding of the economy, so let me try on the Middle East.
When Bush left office, the Iraqi government was far from stable, and was propped up by the US military presence. Obama withdrew on Bush's schedule, and we had the entirely predictable disaster. The only way to stop it would have been to leave an army of occupation in Iraq indefinitely, which would have been a wonderful advertisement for Muslim terrorist organizations. Iran isn't going to openly use nukes, since the actual decision makers aren't batshit insane and they know what would happen if they did. Pakistan has had the ability to send nukes more or less covertly to terrorist organizations for a long time.
Oh, and your beliefs on race relations and riots also bear little resemblance to the reality I'm more or less in.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
The Palestinians put legitimate military targets in areas with daycare centers, which is a violation of international law. The US put legitimate government organizations in areas with daycare centers, which is perfectly normal and legal. Israel bombing Palestinian military sites is legal, while detonating a private bomb isn't. Want any more reasons why your comparison is stupid?
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
The law is clear, and that's not a matter of opinion. If you can't tell the difference between an office of bureaucrats and a bombardment rocket launcher, well, that's your problem
You do not put actual weapons around child care centers. You do put routine government functions there. Got that?
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes