Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Tech Giants Ask Obama Not To Compromise Encryption

Posted by Soulskill on from the beholden-to-shareholders-vs.-beholden-to-voters dept.

An anonymous reader writes: Two industry bodies which represent Microsoft, Apple, Facebook, IBM, and others, have written to President Obama urging that the U.S. government not seek to legislate "official back doors" into encryption techniques. The Software and Information Industry Association and the Information Technology Industry Council sent the "strongly worded" letter on Monday, saying, "Consumer trust in digital products and services is an essential component enabling continued economic growth of the online marketplace. Accordingly, we urge you not to pursue any policy or proposal that would require or encourage companies to weaken these technologies, including the weakening of encryption or creating encryption 'work-arounds.'" The letter is the latest salvo in a public battle for secure communications, one that has reached the public eye in a way that few security stories do.

59 of 108 comments (clear)

  1. Easier for US gov to call them ISPs? by xxxJonBoyxxx · · Score: 1

    After the last renewal of the Patriot act, wouldn't it just be easiest for the US government to name each of these companies an "ISP" so they'd be compelled to collect information on their (unencrypted) servers?

    1. Re:Easier for US gov to call them ISPs? by Anonymous Coward · · Score: 4, Insightful

      After the last renewal of the Patriot act, wouldn't it just be easiest for the US government to name each of these companies an "ISP" so they'd be compelled to collect information on their (unencrypted) servers?

      And when they ("they" being industry, in a continued response to this attack on privacy) discover the government has done this maneuver and start encrypting said servers/services end-to-end, what will be deemed an acceptable configuration for ISPs then?

      The entire point of industry here is there should be no middle ground when it comes to weakening privacy. Justify your access through proper (read: Constitutional) channels, or piss off. You haven't proven that the abuse of this power is effective at doing anything but crushing consumer confidence.

    2. Re: Easier for US gov to call them ISPs? by MobSwatter · · Score: 1

      They should just be honest and ban all data storage except the one that the government provides. Because that is effectively what they want.

      Are you sure? I think people running around naked which will preclude 'dick pics' or junk pics in general with their credit card numbers tattooed to a visible part of their skin, and all industry in every sector in general dead is what they want. Then they could perhaps get what they really want; default and a global economic reset. Some call that collapse but I'm certain they will blur and fail to properly define that too, kind of like the words 'terrorist' and 'war'.

  2. Amusing... by Anonymous Coward · · Score: 1

    The article lists five representative companies, but the summary omits the second one of the five for some reason.

    1. Re:Amusing... by Dunbal · · Score: 2

      There is no pro Microsoft bias on slashdot. /sarcasm

      --
      Seven puppies were harmed during the making of this post.
  3. TPP by koan · · Score: 3, Interesting

    Why do we need encryption rules in the TPP?

    A key priority for the U.S. semiconductor industry regarding the Trans-Pacific Partnership (TPP) Agreement currently under negotiation has been to introduce rules to prevent restrictions on the import and use of commercial encryption technologies.

    You can bet VPN and other technologies are on the plate too.
    If you Google "encryption and TPP" you will find a link to the PDF without having to fill anything out.
    http://go.semiconductors.org/w...

    --
    "If any question why we died, Tell them because our fathers lied."
    1. Re:TPP by Applehu+Akbar · · Score: 4, Funny

      Large corporations writing a secret treaty that won't be revealed until it has already been voted into law. Mass spying programs overseen by a secret court responsible to nothing and no one.

      Shenanigans like this wouldn't be happening if a Democrat were in office.

    2. Re:TPP by koan · · Score: 3, Insightful

      Shenanigans like this wouldn't be happening if a Democrat were in office.

      You're joking right?
      R or D, new boss same as the old boss, no one gets into any position of power without being vetted and beholden to the status quo.
      There's literally no point in voting.

      --
      "If any question why we died, Tell them because our fathers lied."
    3. Re:TPP by zlives · · Score: 1

      i think you misspelled Democrates

    4. Re:TPP by sjames · · Score: 1

      Someone is in office, and he is a member of the lost and wandering political zombie party that was the Democratic party when it was still alive.

  4. Last step: TV ads by gnasher719 · · Score: 3, Interesting

    I think if they can't manage to convince politicians how dangerous their plans are, there will be some TV adverts that tell the lay person in an easy to understand way what is going on and what the risks are.

    If the same message is brought to people in adverts by Apple, Google, Microsoft, Facebook, Amazon, eBay, and they all tell you that the politicians want to mess up your life, that would get people's attention. Not just on Slashdot.

    1. Re:Last step: TV ads by denis-The-menace · · Score: 1

      Won't happen.

      Why would crooks mention that they have done something.

      And that something is hard to understand.

      --
      Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
  5. Back doors = Security Weaknesses by StandardCell · · Score: 4, Insightful

    No matter how well intentioned the government may be in requesting a crypto back door, all it does is open up a hole for potential criminals and state actors to steal information from individuals and corporations alike. Unless the government was somehow able to indemnify and protect all parties involved, there should be no back doors. End of story.

    1. Re:Back doors = Security Weaknesses by Anubis+IV · · Score: 5, Insightful

      Regardless of if the government was somehow able to indemnify and protect all parties involved, there should be no back doors. End of story.

      FTFY.

    2. Re:Back doors = Security Weaknesses by Anonymous Coward · · Score: 3, Insightful

      Well intentioned? Even if it worked perfectly so only the government had access, WHO THE FUCK TRUSTS these 'good guys'!

      NSA/CIA spies on Senate and nobody is prosecuted, FBI does bulk tracking wiretapping, and nobody prosecuted. Obama asks court to ignore legal rulings, we're heading into Presidential elections where every candidate has a big NSA file on him, and an out of control General capable of leaking it if they voice opposition to the spy machine.

      No good guys there.

      Even if it was for law enforcement only ...
      In the last few days alone, we've had policeman shoot a man in the back at close range with a kill shot, simply because he had headphones on and didn't hear an order to take his hands out of his pockets. We've had another attack kids at a pool party, luckily they stopped him before he killed one of them. Another in a long long long list of people shot, choked, or killed in dubious or illegal circumstance, with police officers acting as executioners.

      Who the fuck trusts the good guys because the police have killed far more innocent people than terrorists, and the spy machine has undermined democracy far more than China or Russia.

      Even a perfect backdoor is a bad backdoor if it lets the police (statistically more likely to kill you than a terrorist), access to your private data.

    3. Re: Back doors = Security Weaknesses by Anonymous Coward · · Score: 3, Insightful

      Especially when government can't keep its own data safe. Someone will break in and steal the private keys in days... rendering encryption useless worldwide.

  6. The Folly of Government by tmosley · · Score: 5, Insightful

    Wow, these idiots actually think that they will be the only ones with access to these back doors? They'd be hacked in minutes, and every secret that every American company had would be in the hands of the Chinese, Russians, and independent hackers.

    These idiot authoritarians need to be taught that their idiocy KILLS American business. But then, I guess they don't care. They think they can just print their way to prosperity.

    1. Re:The Folly of Government by houstonbofh · · Score: 1

      They have not realized that the encryption they use is purchased on the open market... Onec they realize their own secrets are at risk, this shit will change fast!

    2. Re:The Folly of Government by Jason+Levine · · Score: 2

      Exactly this. Even if we were to make the huge assumption that US law enforcement would only use their double-secret encryption backdoors for good, it would only be a matter of time before $RANDOM_HACKER figured out how to get into that backdoor. If you add "law enforcement only back doors" into encryption, you might as well just unlock the front door and put down a welcome mat.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    3. Re:The Folly of Government by tmosley · · Score: 1

      Not just that, but anyone who ever had access to those back doors would be able to use them (or sell access to them). Mighty tempting way to pay off those student loans.

    4. Re:The Folly of Government by kwbauer · · Score: 1

      "These idiot authoritarians need to be taught that their idiocy KILLS American business." What do you think Obama meant when he said that he "wants to fundamentally change American society?"

    5. Re:The Folly of Government by rtb61 · · Score: 1

      The things Obama likely thought about. Do I look good, do I look sincere, is my voice pitched right, how much is this speech earning me, what's for dinner, I'm bored, suckers, I wonder what I will be paid to say next, Hillary is lame ass and is going to lose etc. etc. etc. So what he meant, he meant nothing at all, just a public speaking event with message from his handlers delivered to a gullible public.

      --
      Chaos - everything, everywhere, everywhen
  7. Not much the US can do. by bytesex · · Score: 4, Insightful

    Most of the recently proposed crypto algorithms aren't American. The cat is out of the bag - crypto is an academic subject now, and everyone's participating.

    --
    Religion is what happens when nature strikes and groupthink goes wrong.
    1. Re:Not much the US can do. by pak9rabid · · Score: 1

      They could make using such technologies illegal. That sure as shit would scare a lot of businesses from using them right there.

    2. Re:Not much the US can do. by Impy+the+Impiuos+Imp · · Score: 1

      Export ban perhaps, using the sophistry of defining encryption as munitions. But internal to the US I believe the Supreme Court has already ruled freedom of speech includes the right to speak encrypted.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    3. Re:Not much the US can do. by Lost+Race · · Score: 1

      Sneak a few pages into the secret commercial treaty du jour requiring every government to outlaw encryption. Problem solved!

  8. Re:Brace yourselves Canada by houstonbofh · · Score: 1

    How about Iceland? Lots of privacy, and plenty of cooling for data centers... Either way, when exports become hard, companies can just leave.

  9. Oh, they're so *cute* thinking they matter. by gestalt_n_pepper · · Score: 2, Interesting

    A government that does this:

    http://www.theguardian.com/wor...

    is simply no longer interested in the rule of law other than to further their handler's interests.

    So, request away! Ask for a pony while you're at it.

    --
    Please do not read this sig. Thank you.
  10. Re:Too Late... by houstonbofh · · Score: 1

    Not backdoored, just vulnerable. That happens as science progresses. That 1024 bit key that was secure a few years ago, is not secure today. What is good enough moves each year, but people and companies do not.

  11. Weak encryption = No encryption. No exceptions. by sjbe · · Score: 4, Insightful

    Weak encryption is effectively the same as no encryption. Encryption has no value unless it cannot be broken. You cannot make encryption only weak for the "good" guys. It simply doesn't work that way and wishing will not make it otherwise. Any government official that argues in favor of weak encryption is either ignorant of how encryption works or is corrupt/self-serving and just wants their job to be easier without regard to the consequences.

    Yes I am fully aware that "bad" guys having access to strong encryption presents certain challenges. However weakening your own encryption to the government can spy on the populace will not EVER solve that problem.

  12. Re:Brace yourselves Canada by hey! · · Score: 2

    Would Canada under Harper and the Conservatives be that much better? His government brought forth the Protecting Children from Internet Predators Act which did not mention children or predators anywhere but in the title, and would have expanded government surveillance powers had the bill not been stopped by public outcry.

    Scotland would have been a good choice had the independence referendum passed. So I guess now you're going to have to learn Swedish.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  13. This is just P.R., folks. by Anonymous Coward · · Score: 1

    What else are these companies going to say? Public statements and actions like this are meaningless.

    In the marketplace of encryption, all it takes is one covertly compromised new algorithm that beats the competition for commercial use. The compromise itself must be computationally hard to detect, and there are approaches to that. Bottom line, however, is that I don't see how anything industry says could have the slightest bearing on whether this asymmetry is pursued.

    1. Re:This is just P.R., folks. by JackieBrown · · Score: 1

      They could say nothing and stay quiet. They could not bring the matter to the public light.

      Companies that make money in trust have an invested interest against this (just like the public should.)

  14. Ask Obama? by xdor · · Score: 5, Insightful

    What is this, the Third Reich?

  15. Re:Brace yourselves Canada by ColdWetDog · · Score: 3, Funny

    How about Iceland? Lots of privacy, and plenty of cooling for data centers... Either way, when exports become hard, companies can just leave.

    Why not Iceland?

    Too many damned diacritical marks for one thing.

    --
    Faster! Faster! Faster would be better!
  16. Back doors are weak for everyone by sjbe · · Score: 2, Insightful

    Are you saying that backdoor'ed encryption is a mathematical impossibility, or that it won't work in practice because the backdoor key will eventually leak due to hacking, rogue employees, etc?

    It is almost certainly a practical impossibility and I'm confident it is a mathematical impossibility too. A key is either possible to crack in a reasonable amount of time or it isn't. There is no middle ground. You can hand a key to whomever you like but if you create the backdoor by weakening the encryption then it is weak for everyone who would be interested in cracking said encryption. If the NSA can figure it out, so can others. Furthermore, each additional party you had a key to creates another vector for attack which is the practical problem. Even if the encryption were somehow secure we know from experience that keeping the systems that store the keys secure presents some security challenges that we are in no danger of solving.

    1. Re:Back doors are weak for everyone by Anonymous Coward · · Score: 1

      if you create the backdoor by weakening the encryption

      What if you create a backdoor by creating an encryption method that accepts 2 decoding keys instead of one? Obviously the encryption is now twice as easy to bruteforce, but this doesn't seem to be a big deal. Are you worried about this factor of two, or is the theoretical weakening more severe?

    2. Re:Back doors are weak for everyone by Gr8Apes · · Score: 1

      What if you create a backdoor by creating an encryption method that accepts 2 decoding keys instead of one? Obviously the encryption is now twice as easy to bruteforce, but this doesn't seem to be a big deal. Are you worried about this factor of two, or is the theoretical weakening more severe?

      There is now a key that is under the door mat, so to speak. Do you feel safe enough to leave your house key under the door mat, with an arrow pointing to it?

      --
      The cesspool just got a check and balance.
    3. Re:Back doors are weak for everyone by Chris+Mattern · · Score: 1

      The point here is that the backdoor could be a second key instead of a way to break your key. Assuming that second key is also resistant to breaking then you haven't introduced any vulnerabilities to an outsider--assuming that the second key is kept secure. And that, it must be admitted, is a pretty damn big if.

    4. Re:Back doors are weak for everyone by Steve+B · · Score: 2

      The point here is that the backdoor could be a second key instead of a way to break your key. Assuming that second key is also resistant to breaking then you haven't introduced any vulnerabilities to an outsider--assuming that the second key is kept secure. And that, it must be admitted, is a pretty damn big if.

      That makes it an exercise in futility, easily defeated by hacking the system to substitute some other second key (which could be random gibberish, since it's not actually used, just put in to defeat the backdoor).

      --
      /. If the government wants us to respect the law, it should set a better example.
    5. Re:Back doors are weak for everyone by Ormy · · Score: 1

      I think you're conflating two concepts or methods of undermining encryption. One method is variations on a 'back-door' (like a master key in a physical key/lock situation), the other is 'weakening' the encrytion by somehow limiting the passkey length/complexity. I think you're referring to the second method when you say it's a practical impossibility and I agree with you. I also think the point is moot because all the attempts (successful or not) so far have been via the first method, back-doors, and probably will be in the future. But your original point still stands, weak (and backdoored) encryption is effectively no encryption, no exceptions. This is because "it won't work in practice because the backdoor key will eventually leak due to hacking, rogue employees, etc" as the AC put it in his reply to you.

    6. Re:Back doors are weak for everyone by Agripa · · Score: 1

      That makes it an exercise in futility, easily defeated by hacking the system to substitute some other second key (which could be random gibberish, since it's not actually used, just put in to defeat the backdoor).

      That was essentially the flaw in the Clipper Chip which used key escrow in the form of a law enforcement access field (LEAF). The hash protecting the LEAF was only 16 bits allowing a easy brute force attack which could forge a new valid looking LEAF.

      http://en.wikipedia.org/wiki/C...

      Use a strong cryptographic hash so the LEAF cannot be forged.

  17. Re:Brace yourselves Canada by ArcadeMan · · Score: 1

    https://openmedia.ca/blog/bill...

    --
    Get free satoshi (Bitcoin) and Dogecoins
  18. Blind sight. by PenguinJeff · · Score: 1

    They are just making this hubub to throw people off. They have key loggers and ways to view your screens that can not be detected with normal means. Using some other form of network that is hard to spot. Don your tin foil hats cause they can read brain waves too. Who really knows? With all the things I have read on USB and viruses being able to bridge air gaps; I don't know, it could very well be as advanced as I am making fun of. Mosquito sized drones and all.

    1. Re:Blind sight. by Steve+B · · Score: 1

      They are just making this hubub to throw people off. They have key loggers and ways to view your screens that can not be detected with normal means. Using some other form of network that is hard to spot. Don your tin foil hats cause they can read brain waves too. Who really knows? With all the things I have read on USB and viruses being able to bridge air gaps; I don't know, it could very well be as advanced as I am making fun of. Mosquito sized drones and all.

      That's true, and it shows that the ONOZ OMG TERRAISTS!!1! rhetoric is a pack of lies. You've listed (setting aside the facetious "tin foil hats" part) some techniques available to the government for monitoring legitimate targets of suspicion. However, it wants to snoop on everybody, and those techniques don't scale large enough to make that possible.

      --
      /. If the government wants us to respect the law, it should set a better example.
  19. I remember storys like this about USSR ... by rbgnr111 · · Score: 4, Informative

    when I was a kid, this is the sort of thing I would expect to hear of the USSR... now it's here...
    it seems to me that if they force backdoors or weak security, wouldn't that hurt most us based IT security vendors?... wouldn't that force any that wanted to sell internationally to relocate outside the US?
    what is the point of any encryption at all if there is a backdoor built in, or it's weak to begin with....

    1. Re:I remember storys like this about USSR ... by rbgnr111 · · Score: 2

      the terrorism angle on this is a bunch of BS... unless your in the middle east, the odds of being killed or hurt by a terrorist attack are up there with getting hit by lightning... your actually more likely to drown in your own bathtub than have a terrorist kill you.
      all this really equates to the boogyman might jump out from under your bed... so don't use encryption

  20. Re:Weak encryption = No encryption. No exceptions. by hankwang · · Score: 1

    "You cannot make encryption only weak for the "good" guys. It simply doesn't work that way and wishing will not make it otherwise"

    The broken elliptic-curve random generator actually had such a feature: it was likely that the NSA has a secret key that could be used to recover the internal state of the random generator. However, recovering this secret key was impossible for all practical purposes.

    For encryption, one could demand that encrypted data includes a header that contains the key to decrypt the data, that key being encrypted using a public key provided by the "good guys". Voila, the good guys can decrypt your data and the bad guys cannot.

    --
    Avantslash: low-bandwidth mobile slashdot.
  21. Re:Brace yourselves Canada by butchersong · · Score: 1

    I've always been infatuated with Iceland and have spent some time trying to get a handle on the language. If you can learn to speak it you are a better man than me.

  22. This will never happen anyway by butchersong · · Score: 1

    I am pretty paranoid about this stuff usually and I know there have been similar measures in the UK already but there is absolutely no way this would survive or even make it to a law in the US. The encryption falls under free speech and it would devastate US tech companies overseas.

  23. Re:Brace yourselves Canada by Anonymous Coward · · Score: 1

    Suppose I should have expected people taking the post seriously.
    Wouldn't have to learn swedish though, since it's my mothers tongue.
    Unless you throw your passport away and claim to be from Syria there is no use coming here.

    Guess we are stuck with
    http://en.wikipedia.org/wiki/Principality_of_Sealand

  24. "Misuse" of Encryption by ChromaticDragon · · Score: 4, Interesting

    Anyone else catch the nonsensical bomb-threat at the White House yesterday?

    I was passing a TV set to CNN and that was the focus. I've not seen much about it otherwise.

    But they evacuated the Press Room once or twice.

    Eventually somebody stood at a podium to opine about how we all need to address this issue of Encryption because it hinders their ability to catch the bad guys when the bad guys "misuse" encryption.

    I was incredibly offended at the very idea. It's so stupid - you either use it or you don't. Using encryption to keep the feds from looking over your shoulder and reading your communications is not "misuse". It's the entire purpose and absolutely correctly used as such. And in the context of the US, it would seem we have the 1st, 4th and 5th amendments to consider.

    Not only was I disgusted at this moment of sheer propaganda, I found myself very inclined to believe the entire thing was completley staged.

  25. Re:Too Late... by Zero__Kelvin · · Score: 1

    The gap you speak of is a myth. Your belief that the NSA has superior intelligence and skills is nothing but blind faith in a bullshit myth. In order to work for the NSA you have to be stupid enough to work for the NSA. Everybody seems to miss that fact for some reason.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  26. Re:Brace yourselves Canada by BitterOak · · Score: 1

    I'm afraid the situation is not that much better up here.

    At least not as long as Stephen Harper and his Progressive Conservatives are still in power, a center right party.

    The fact that they are "center right" has nothing to do with the present issue. I'm not aware that any Canadian government, current or previous, has even suggested the idea of restrictions on encryption or mandatory back doors in consumer products. In the U.S., the idea typically comes when Democrats are in the White House. (Remember the Clipper chip? That was under Clinton's administration.)

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
  27. Re:Brace yourselves Canada by BitterOak · · Score: 1

    U.S. American tech company immigrants are coming, with their educations and disposable incomes.

    As a Canadian, I would welcome this. We are also well educated here (the University of Waterloo has a world class computer science program) and any infusion of tech capital would be a good thing. I'd be very happy to work alongside American immigrants in the tech sector. I think there'd be plenty of jobs to go around.

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
  28. There are no secrets by clovis · · Score: 2

    Have they forgotten that we had multiple people over the years trying to sell/give away nuclear weapons secrets from the very beginning of the program?
    And I bet for every person that would sell nuclear weapons secrets, you could find a thousand that would sell backdoor encryption keys.
    How can they possibly imagine that no one could be found to divulge the backdoor for a few million dollars?

    For one thing, certain Wall Street firms would have the backdoor keys within days, if not hours.
    And if money didn't work, those firms aren't at all afraid to use their ex-FIS/GRU employees to do whatever it takes.

  29. Am I the only one ... by sgunhouse · · Score: 1

    ... who noticed that the summary says "secure communications", not secure devices or secure storage? Maybe their lawyers are thinking the right to be secure in their papers and persons would cover that, but the government doesn't seem to think that way.

  30. Re:Brace yourselves Canada by kwbauer · · Score: 1

    Now don't go getting all technical and pointing out history and such. Actual facts often destroy the liberal narrative.

  31. Re:Weak encryption = No encryption. No exceptions. by Fnord666 · · Score: 1

    Weak encryption is effectively the same as no encryption

    I disagree. Weak encryption is significantly worse because it is misleading. At least with no encryption you know that your information is unprotected. With weak encryption you run the risk of being misled into believing that your information its protected when, in fact, it is trivially accessible.

    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables