Slashdot Mirror

← Back to Stories (view on slashdot.org)

Obama Administration Explored Ways To Bypass Smartphone Encryption

Posted by samzenpus on from the this-is-the-most-transparent-administration-in-history dept.

An anonymous reader writes: According to a story at The Washington Post, an Obama Administration working group considered four backdoors that tech companies could adopt to allow the government to break encrypted communications stored on phones of suspected terrorists or criminals. The group concluded that the solutions were "technically feasible," but they group feared blowback. "Any proposed solution almost certainly would quickly become a focal point for attacks. Rather than sparking more discussion, government-proposed technical approaches would almost certainly be perceived as proposals to introduce 'backdoors' or vulnerabilities in technology products and services and increase tensions rather [than] build cooperation," said the unclassified memo. You can read the draft paper on technical options here.

8 of 142 comments (clear)

  1. If they can break it, ANYONE can break it by kheldan · · Score: 4, Insightful

    ..and at that point it's useless. By all means, try to break it; if you can then that means it needs to be improved.

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
  2. It IS a backdoor by phantomfive · · Score: 5, Informative

    would almost certainly be perceived as proposals to introduce 'backdoors'

    Yes, that is exactly the definition of a backdoor: a way to bypass the owner's security measures. Any suggestion that it isn't would mean that the government is the owner of the device, not you or me.

    --
    "First they came for the slanderers and i said nothing."
  3. Obama is All About Transparency! by Irate+Engineer · · Score: 5, Insightful

    Unfortunately he was thinking of one-way glass with the ability to look into our affairs.

    --

    Left MS Windows for Linux Mint and never looked back!

    Vote for Bernie in 2016!

  4. The backdoors are already in place by Anonymous Coward · · Score: 5, Informative

    Transceivers are often hooked directly into sensors such as microphones, and run very complex proprietary firmware that is given undue privileged access to the rest of the system's resources.

    Furthermore, for nearly 15 years, Intel as been quietly introducing an entire, higher-priority computing system within your consumer laptops and desktops and probably now your tablets and smartphones: This is known as the Intel Management Engine, specifically the Intel Active Management Technology. If your computer's Intel sticker lists "vPro", then you've probably got it!

    It's frightening stuff.

    These systems involve their own little processors, memory, storage, network interfaces, and proprietary operating systems; as long as the machine is plugged into a power source and wired network—even if the user thinks that it's switched "off"—that little computer within "your" computer can be contacted and used to access the rest of the machine, including your storage drives (hard disks, SSDs, etc.), RAM, main CPU, GPU, etc. It has higher priority than "your" system, can take control of the display and keyboard/mouse/touchpad input so that Intel's AMT can provide VNC access from the moment the main system's boot process begins. It can do all of this while your system is running, including reading your private encryption keys from your RAM or twiddling bits on your hard disk.

    Any attempt to remove or alter the proprietary software and hardware that composes the AMT can be made to and likely will be made to brick your system or make it otherwise unusable.

    1. Re:The backdoors are already in place by Kjella · · Score: 5, Informative

      True we can't know everything it can or can't do without a full read on the capabilities from Intel but I trust that if it were capable of offline access by anyone as you claim it would be public knowledge and wouldn't have made it very far.

      Part of AMT is remote management, including being able to boot a server that lost power, reboot a frozen machine, wake machines for nightly patching and so on. Obviously it can't reach a machine that doesn't have power, but from the moment you plug in a vPro machine it's live even when it's "off". Maybe it's not public knowledge but you only need to read the advertisement:

      Find It. Fix It. Anywhere
      Intel(R) Active Management Technology provides remote management over wired or wireless networks across devices. Access clients through a secure channel irrespective of power or OS state, address issues while user is online, patch, repair, and upgrade operating systems and applications, and inventory client-side software and hardware.

      Of course it's only supposed to talk to your puppet master inside your enterprise and only when it's enabled. But if you had a secret knock backdoor to access AMT on any computer, even when it is allegedly disabled - and perhaps even on CPUs that don't advertise the feature since it's probably there in silicon - that would be the mother of all back doors.

      --
      Live today, because you never know what tomorrow brings
  5. Re:I predict the future of a government API by rahvin112 · · Score: 5, Interesting

    The paper covers this with a caveat that most encryption software is open source, freely available and has no central authority that can be compelled. The result of this is that even is some key recovery system is mandated users could simply encrypt their own data underneath the compromised encryption and render the device inaccessible and defeat the entire purpose of the law and international accords.

    This caveat is actually on the first page of the document as a "technological limitation".

  6. Re:I predict the future of a government API by Attila+Dimedici · · Score: 4, Insightful

    You seem to be missing the same thing the idiots trying to get this in place miss. If this gets implemented, it won't just be the governments with access...and because the people trying to implement this will want to be able to spy on people in government, it will be on government computers. If this gets implemented (and it may already be partially implemented), the world will get very ugly indeed, including for the people proposing it.

    --
    The truth is that all men having power ought to be mistrusted. James Madison
  7. practically true. Interesting theory $10 million b by raymorris · · Score: 4, Interesting

    For purposes of making policy, we should absolutely assume that if the government can get in, so can the bad guys. (Ignoring the fact that sometimes the government IS the bad guys).

    Having said that, it's an interesting intellectual exercise to consider that's not NECESSARILY true. For example, each year the encryption could be increased with a longer key, such that at any given time it costs about $1 million in computer time to decrypt a phone. The government could easily spend a million, or ten million, to decrypt Bin Laden's laptop, but nobody is going to spend a million or ten million to decrypt yours or mine.

    I'm not suggesting that's actually a good idea in terms of policy , just an interesting puzzle to think about.

    Also, years ago we thought it was impossible for you and, who have never met before, to publicly post messages to each other in such a way that nobody else could decrypt them - without ever talking privately to share an encryption key. Now, we use Diffie-Hellman every day to do exactly that, as part of https. We thought it was impossible to share a secret on a public forum (or network) without everyone else on the forum being able to read the secret, but we were wrong. Diffie and Hellman invented a way. Theoretically, it's entirely possible to invent something that allows access only to authorized individuals, with a public audit trail. We haven't invented it yet. Block chains like Bitcoin uses suggest that encryption can be tied to a publicly accessible log, so we know whose data they decrypted, or at least how many they did.