Slashdot Mirror
US Government Will Not Force Companies To Decode Encrypted Data... For Now (washingtonpost.com)
Mark Wilson writes: The Obama administration has announced it will not require companies to decrypt encrypted messages for law enforcement agencies. This is being hailed as a "partial victory" by the Electronic Frontier Foundation; partial because, as reported by the Washington Post, the government "will not — for now — call for [such] legislation." This means companies will not be forced to build backdoors into their products, but there is no guarantee it won't happen further down the line. The government wants to continue talks with the technology industry to find a solution, but leaving things in limbo for the time being will create a sense of unease on both sides of the debate.
The EFF has also compiled a report showing where the major tech companies stand on encryption.
Let's be very clear, the moment they require the ability to get into my device is the moment I encrypt everything and everything with user space tools you don't have access to.
Get your PostgreSQL here: http://www.commandprompt.com/
Encryption is either secure, or it's not. And no-one wants to use insecure encryption.
Isn't every single possible state of affairs currently in existence, by definition, "for now"?
Why the unnecessary qualifier?
It's business. It's not some social experiment or protest. They'll go where the money is, because that's why people create companies.
And while you're at it, bring back Clippy!
We can already decide it ourselves.
We accept for now there is public pushback against our planned fascism, for now we will back off on this, but in the future we reserve the right to proceed further with the fascism.
I'm sorry, but if the US government is essentially just saying "fascism is only temporarily on hold", the US is already fucked.
You have nothing to fear if you have nothing to hide; give us your papers please, comrade.
Lost at C:>. Found at C.
Based on the track record of this administration, this means they are pushing full speed ahead on weak and backdoored encryption, but want the spotlight taken off of it. This will probably be a "SURPRISE" executive order.
The pattern for Obama-- and many other politicians-- is this:
1. Voice opposition to X.
2. Announce s/he will engage in discussion with Y, which is a group that is clearly in favor of X.
3. Come back months to years later, claiming s/he doesn't see any reason why X can't be implemented.
4. If Congress doesn't implement it, reminds us s/he has a phone and a pen, and mostly implements it through executive regulation and taxation.
5. Bonus step for Obama: if you oppose X, you're now racist/prejudiced even though you agreed with Obama at step 1.
Gamingmuseum.com: Give your 3D accelerator a rest.
I had all the hash keys printed out in this paper file.
Hmm.
Dang, guess it's missing.
-- Tigger warning: This post may contain tiggers! --
Cool, so this goes for people too then I guess, because corporations equals people and all that idiocy.
You mean Pandora FMS isn't Pandora Free Music Service? Whole-y cow I'm confused.
And two former DIRNSAs agree.
So does ADM Rogers -- except that every interpretation of various US officials' arguments on encryption wildly conflate multiple issues (such as domestic law enforcement, which can and does sometimes have a foreign intelligence connection, and foreign signals intelligence purposes), or utterly misunderstand the purpose, function, and targets of foreign intelligence.
Yes, I know you (not OP, the "royal you") think you know it all, because you have taken things you think of as "proof" utterly out-of-context with zero understanding about things like foreign SIGINT actually works, and have seen 3-4 unrelated pieces of a 1000 piece puzzle, with some of those pieces actually parts of different puzzles, and believe you have the full picture.
People continually and willfully seem to want to forget or ignore that actual, no-shit foreign intelligence targets also -- gasp! -- use things like iPhones, Gmail, Hotmail, WhatsApp, and so on. And, when foreign intelligence targets use these modes of communication, amazingly, we actually want to target them.
If you're an American (or frankly, any innocent person) anywhere in the world who isn't an active member of a foreign terrorist organization or an agent of a foreign power, the Intelligence Community DOES NOT CARE ABOUT and actually DOES NOT WANT your data. Sounds crazy and bizarre for foreign intelligence agencies to care about things like foreign intelligence, I know, but it's true. Weird!
I guess it's easier to believe that functioning democracies* all are constantly looking for ways to illegally spy on their own citizens who have done nothing wrong, rather than to believe that intelligence work in the digital age where the only distinction is no longer the physical location or even the technology used, but simply the target -- the person at the other end, is actually extremely complicated, and not fun.
* If you don't think the Western liberal democracies of the world are worth a shit, or laugh at the term "functioning democracies" when used in reference to the US, warts and all, that simply means you have lost all perspective of reality, and are part of the problem. And it will be to our peril, because there actually are governments in the world who do spy on their own citizens, and wherein the people don't have anywhere NEAR the level of freedoms we have, no matter how terrible you think we are. And guess what? It's our national security and intelligence apparatus that we use to defend ourselves. If you're now so jaded that you don't actually believe the US and its allies, and their principles, are something worth defending and fighting for, then everything I have said here means nothing to you anyway. Just be advised that your perception of history and reality is fatally skewed.
They won't be "forced" to (for now,) however there may be "incentives" to "cooperate." And like most thinly veiled threats, "if you know what's good for you, you'll do as you're told."
Why does the EFF always complement Apple when they outright lie, mislead, or show genuine incompetence about their products. Apple had the ability to decrypt FileVault, they back up the key to the iCloud, They can decrypt iMessages, they hold all the keys for encryption there, and their iCloud still had vulnerabilities with the back up to a device hack that is still used.
Now I know not to trust Microsoft or Google but at least their honest about their crap.
The Obama administration has announced it will not require companies to decrypt encrypted messages for law enforcement agencies.
Translation: Because the ones that are important to us already have backdoors.
"The government wants to continue talks with the technology industry to find a solution"
Sounds like they want to pull another Room 641A, where they form "partnerships" (see Qwest if you don't cooperate) with the major industry players to build backdoors in secretly.
I guess this works in the same way as the University of Woolamaloo's Rule 2?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Fortunately, the next elections aren't very far and we have a chance to elect somebody, who, for once, gets the modern-day issues and uses mobile devices and e-mail himself — not some dinosaur, who can't even type.
In Soviet Washington the swamp drains you.
Encryption is the solution, not the problem. Sorry government.
Encryption is either secure, or it's not. And no-one wants to use insecure encryption.
Not really. Encryption becomes more secure or more reliably secure as you do more correct things to it--extend key length, salt hashes where used, audit code, improve algorithms, etc... and less secure as other changes are made: faster machines, better algorithms, backdoors, quantum computing, etc...
Nobody wants and few educated people trust the government to read their mail or *preserve the security* of a backdoor, so it gets more resistance in tech circles.
Painting it as black and white is a useful communications tool, but also largely wrong--kind of like the government's position of "you can trust us to do this right!"
And there you have it ladies and gentlemen ... you have nothing to fear if you have nothing to hide.
No. That's not what I said, at all.
What I said was -- all arguments about crypto aside -- was precisely what I said:
If you're an American (or frankly, any innocent person) anywhere in the world who isn't an active member of a foreign terrorist organization or an agent of a foreign power, the Intelligence Community DOES NOT CARE ABOUT and actually DOES NOT WANT your data.
That is in no way, shape, or form akin to saying, "you have nothing to fear if you have nothing to hide." It is not making an argument that the government "should" have your data. It is saying that the Intelligence Community, in the form of the foreign intelligence agencies, does not want your data -- doesn't want to touch it, doesn't want to see it, doesn't want to read it, whether it's encrypted or not. And no, using crypto does not "make you a suspect". (And the FBI doesn't want the data of innocent people, either. What the FBI wishes for is a state of affairs where criminals for whom exist actual individualized warrants wouldn't be able to employ the digital equivalent of an impenetrable fortress, out of reach of the legitimate authority of enforcement mechanisms in a democratic society. But it may have to come to terms with that reality.)
If you believe you defend these things by undermining what they actually mean, then I'm afraid you don't deserve to have these things defended since you've already given up on them.
Talk about missing the point. You are basing your entire argument on a false premise, and false assumption of what you believe my argument to be; namely, that we should be giving up our rights in order to protect them. Not only am I not making that argument, I am making the precise opposite: that if you believe those rights are important, you need to understand that we can and do take steps to execute military and intelligence actions against our adversaries, whether they be terrorists or nation-states.
You crow about all these rights you think you and Americans, collectively, have "given up", when in reality, nothing substantive has actually changed (oh, I realize you think it's changed, and that you're living in a borderline police state). You believe your rights are being trampled, when you are, from a real and practical standpoint, more free while living in organized, civil society than any other people throughout history -- at least as free as is possible without living in a vacuum with no connection to humanity.
You hold out WWII codebreakers as heroes, practically idolizing them, and vilify the modern day equivalent, while ignoring the reality that US adversaries coexist in the same web of global digital communications as we do, utilizing the same devices, systems, services, networks, operating systems, encryption standards, and so on, and then act surprised when elements of the US government actually dare develop ways to exploit those systems, just because Americans also happen to use them -- totally misunderstanding the landscape.
This is exactly what I am talking about when I say people need to gain some perspective on history, or reality. Either would do.
"Adobe has not built ‘backdoors’ for any government—foreign or domestic—into our products or services. "
Wrong. Adobe has built *lots* of backdoors - for government and others. Just not on purpose.
You can keep your encryption.
- Barack Obama
I actually looked at the report that a link was supplied to (sorry, I know that isn't usually done around here). All I can take from it is that everyone reported on is trying to play nice. If I were to believe it, even Microsoft. It is interesting to see the names that are not mentioned (such as Cisco and Google). But I was expected a much more open and honest report from EFF. Both to name the bad actors and to point out where companies who make blanket statements about their embracing of user privacy may not be living up to those statements. Just quoting what nice things some companies want to say about themselves is not a "report".
I'm an American. I love this country and the freedoms that we used to have.
What exactly is the problem[sic] they're trying to solve?
Twinstiq, game news
I'd use a Chinese encryption system with a back door before I'd use an American one with a back door. Simply put Chinese laws have no jurisdiction where I live and American laws do. That being said, I'd prefer that China read my email over America. I think that the govt. realizes this. Hypothetically speaking, if you were an American and you could pick that either the Chinese or American govt. could decrypt your email that shows tax cheating, which one would you prefer have access?
so they will not force companies to build in back doors, but will continue talks about about forcing them... that seems... idk.. double talkish
The last I heard there was a pen register standing order in effect for ALL cell phone metadata for all the major US carriers. It was only recently renewed in September. Unless there was an active exception for "Dave Schroeder, NSA apologist" I would say your argument falls apart. If they "DOES NOT WANT" my data, maybe they shouldn't be asking for it. Or retroactively changing laws to make what was illegal when it was secret, to be legal now that everyone knows.
Yeah, and guess what?
Smith v Maryland (1979) says that phone call records, as "business records" provided to a third party, do not have an expectation of privacy, and are not covered by the Fourth Amendment. And the only data within that haystack that we care about are the foreign intelligence needles. I know that's difficult to comprehend, but it's the law of the land, unless and until SCOTUS reverses that ruling. And they very well may.
Until that happens, "We're pretty aggressive within the law. As a professional, Iâ(TM)m troubled if I'm not using the full authority allowed by law." -- General Michael Hayden
Phone calls fine, But my location when I made that call? Because I certainly did not provide that to any third party.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
until they can arrange\utilise another 9\11 type crysis!
Thing is, I don't trust the intelligence agencies. We know that some LOVEINT was going on at the NSA, but not how much (I'm not naive enough to think that the problem was accurately reported). We know that the FBI has infiltrated perfectly innocent organization, so the three-letter entities aren't limiting themselves to the probable guilty.
Also, if there's a backdoor the government can use, there's a backdoor that someone else can discover and use against me.
As far as WWII codebreakers go, I seem to remember they were cracking Japanese, German, and Italian cryptosystems. Not US or UK.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
but their corporate buddies and paymasters do !
This may have been true at one time. Since the USA PATRIOT Act, with its relaxation on sharing of information between intelligence and law enforcement agencies, it is no longer true if it ever was. We have intelligence information used for drug busts, and then that fact covered up through "parallel construction". That pretty much blows your claim out of the water. This is not individual abuse; this is official practice.
Now any time I hear about a criminal caught due to an "anonymous tip" or through some supposed routine process, I have to wonder -- is that really a story invented to cover up the use of intelligence data for law enforcement purposes? And some of the time, it will be.
Actually, with triangulation, you probably did. Albeit not willfully or knowingly for most people.
Do not misconstrue this as my accepting or advocating these policies of data collection. I do not like them, not one bit. I'm simply responding to point out that you probably did, in fact, provide that information even if you didn't want to. GPS data may even be appended - I don't know. If it is then they should make that clear as I am sure there are situations where you're not actually able to be triangulated such as in my home area where there are only two towers and, further out, but a single tower within reach.
"So long and thanks for all the fish."
Suppose they had decided the other way. Just what company would have been required to crack GnuPG? The Coca Cola company? Chevrolet? The New York Times? Point guns at whatever innocent peoples' faces that you want to, and you're still not going to magically give them the ability to bruteforce AES.
Now suppose they approach someone (again, with gun in hand: "obey me or else I will murder you") and ordered them to produce a fork of GnuPG with a backdoor. Ok, that might work. But what incentive does everyone have, to use that fork? You can produce all the crippled crapware that you want, but even the people who bother to install it, just do it by mistake.
The issue isn't going to be revisited; it's a permanent victory because there's no reasonably plausible way that things can go any other way.
"Believe me!" -- Donald Trump
So, practically speaking, what does that mean? If we're all in agreement that the intelligence community doesn't want access to my data, but they do want the tools to be able to read the data of foreigners who use the same types of systems I use, some practical problems fall out of that:
1) It means that anybody who isn't a member of the US Intelligence Community who does want my data would likely have access to it through the same channels.
2) I have only the assurances of a group of people who are not particularly transparent that they aren't accessing my data anyway.
An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
Yeah, and guess what?
Smith v Maryland (1979) says that phone call records, as "business records" provided to a third party, do not have an expectation of privacy, and are not covered by the Fourth Amendment. And the only data within that haystack that we care about are the foreign intelligence needles. I know that's difficult to comprehend, but it's the law of the land, unless and until SCOTUS reverses that ruling. And they very well may.
Until that happens, "We're pretty aggressive within the law. As a professional, Iâ(TM)m troubled if I'm not using the full authority allowed by law." -- General Michael Hayden
And when the full authority of the law is insufficient to do whatever they want, they will search until they find a creative lawyer to offer a legal opinion to redefine what the law really means and justify whatever they want to do. http://www.newyorker.com/magaz...
You might also want to update your sources, Mr. apologist. The 2nd U.S. Circuit Court of Appeals ruled the law overseeing data collection could not be interpreted to have permitted the NSA to collect a "staggering" amount of phone records, contrary to claims by the Bush and Obama administrations. Lucky for them, Congress amended the law, moving the goalposts in mid game.
https://www.aclu.org/legal-doc...
Hopefully, you will find this as easy to comprehend as the Smith v Maryland case. And before you start wiping the brown off your nose and begin frothing at the mouth with another justification, I know it hasn't made it to the Supreme Court yet. Hopefully, you noticed Governor Jerry Brown signed the California Electronic Communications Privacy Act law yesterday. That should give you a clue that you are on the wrong side of this issue.
Reading the linked list of "company policies", I found a few snakes in the grass. Before anyone jumps and yells "You can't draw conclusions just because they're being vauge!"... YES I can, yes I will, and yes I should. These are major company policy announcements and an opportunity to add significant value to a company's products. If they're being vague here, they're hiding something or they are profoundly stupid. BOTH are good reasons not to do business with them.
Adobe
Adobe has not built 'backdoors' for any governmentâ"foreign or domesticâ"into our products or services.
And thank you very much for that. Although you really don't have that much data on me or any of my information...
Amazon
we oppose legislation mandating or prohibiting security or encryption technologies that would have the effect of weakening the security of products, systems, or services our customers use, whether they be individual consumers or business customers.
Um.... why didn't you have anything to say about whether or not you have back doors? Oh, probably something to do with that gag order. ok then.
Apple
We also refuse to add a backdoor into any of our products because that undermines the protections weâ(TM)ve built in. And we can't unlock your device for anyone because you hold the key â" your unique password. We're committed to using powerful encryption because you should know the data on your device and the information you share with others is protected.
YEAH! That's how you do it. The article author loved that response.
Well said, just what I wanted to hear from you. You're only doing what you legally have to, and aren't just forking my data over to anyone that flashes a badge.
Dropbox
Governments should never install backdoors into online services or compromise infrastructure to obtain user data. We'll continue to work to protect our systems and to change laws to make it clear that this type of activity is illegal.
In other words, we've already given in to the government and have installed back doors, but we're trying to find a legal way to get rid of them.
Microsoft
As we have said before, there are times when law enforcement authorities need to access data to protect the public. However, that access should be governed by the rule of law, and not by mandating backdoors or weakening the security of our products and services used by millions of law-abiding customers. This should concern all of us.
Ditto. We're already doing it to you, but trust us, we don't like doing it, and neither should you.
Pinterest
Pinterest opposes compelled back doors and supports reforms to limit bulk surveillance requests.
Are we seeing a trend yet?
Slack
Slack opposes government-mandated âoeback-doorsâ of any kind but particularly a government-mandated requirement that would compromise data security.
Yes we've heard that from several of you now. I'd really rather hear about your actions than your words.
Snapchat
Privacy and security are core values here at Snapchat and we strongly oppose any initiative that would deliberately weaken the security of our systems.
So do we. Which is why we don't want to do business with you either.
Sonic
Finally, we are stating for the record our position regarding compelled inclusion of back doors, deliberate security weaknesses or disclosure of encryption keys. Sonic does not support these practices.
Um, the government doesn't care WHAT you do or don't support. They tell you do to it and you either take them to court or you say "yes, massa, right away, massa". Looks like another silver-tongued cop-out.
OK this is getting repetative. Here's the rest:
Tumblr ... urg
Wickr
Wordpress
Yahoo
We'll fight the laws that allow them to do so,
We
I work for the Department of Redundancy Department.
Dear 'Muricans.
At what point will the people in your country stop peaching online to other people about your "freedoms", "the flag", unconditional troop worship, your precious constitution, your libertarian founders, "don't tread on me", the "rebel flag", "mah guns" etc etc.
Seriously at what point will you realize that's not the country you live in any more and a BIG reason more people outside your country are less free as well (TPP being the latest and greatest example).
Government: Decode the data!
Internet company: we can't!
Government: Decode the data!
Internet company: we can't!
.
.
.
Nice thing about strong encryption - it's hard to break!
Wow - that's some mental blind spots. Frankly, that's all I can think of. Either you're a troll or you're insufferably stupid.
Which is nonsense, of course.
The Fourth protects "The right of the people to be secure in their persons, houses, papers, and effects," and if telephones had been available then, they surely would fall under "papers" or "effects." The language is vague enough that they can pretend communications don't count, but back then, handwritten notes and letters were the only tangible forms of communications available.
It's none of the government's business whom I talk to, when I talk to them, and about what, until they have probable cause to suspect a crime.
>(or frankly, any innocent person) anywhere in the world who isn't an active member of a foreign terrorist organization or an agent of a foreign power, the Intelligence Community DOES NOT CARE ABOUT and actually DOES NOT WANT your data.
What you are missing, is who the intelligence community of the People's Socialist Democratic Republic has determined to be an active member of a foreign terrorist organization, or an agent of a foreign power.
Furthermore, you are also assuming that the intelligence community of the People's Socialist Democratic Republic will always operate within the parameters of the law of the People's Socialist Democratic Republic. History, however, has repeatedly demonstrated that the People's Socialist Democratic Republic enforces laws only against its internal enemies, and not against internal friendlies.
How about this compromise:
You can't see the unencrypted data, but you can search it. (It remains encrypted on one side.) You can ONLY see information of what you are looking for, and it will be limited in size/scope. You do NOT get the full picture.
To me, this would work: Law Enforcement can use their reasonable suspicion to search for relevant information, and if it matches, it returns that information back, or nothing at all. So, if I wanted to know someone visited a certain website at a certain date/time, I can supply that in the search. If and only if that data exists in those records, will I get it back.
It's like saying you can't come into my house without a warrant, and that warrant has to describe specifically what you're looking for. If you find ANYTHING that's unrelated to the search, you aren't allowed to use it against me in the purpose of the warrant.
Tinfoil hat time :D
If they announced the legislation then the people they would want to watch would simply avoid American services and hardware like the plague. Which gets them nowhere fast. Institute the policies in some super double secret session while saying that you have backed down from those very same policies, all while throwing out a bunch of nondisclosure agreements with the people who are installing the backdoor. Would probably be the best case scenario for them.
The Obama administration has announced it will not require companies to decrypt encrypted messages for law enforcement agencies.
My prediction is that they are saying this publicly while in the process of making "secret laws" to force the tech companies to do it secretly.
The US does not have a Fascist government, "for now".
The US does not have an Anarchist government, "for now".
The US does not have a Communist government, "for now".
The US is not a police state, "for now".
The US does not have a state religion, "for now".
Smith v Maryland (1979) says that phone call records, as "business records" provided to a third party, do not have an expectation of privacy, and are not covered by the Fourth Amendment. And the only data within that haystack that we care about are the foreign intelligence needles. I know that's difficult to comprehend, but it's the law of the land, unless and until SCOTUS reverses that ruling. And they very well may.
It's not the law of the land. The Supreme Court does not get to decide what rights are retained by the people under the 9th Amendment, or reserved to the people under the 10th Amendment.
By definition, only the people get to decide that.
Anything else would create a contradiction in the legal system, and contradictions in the legal system are ALWAYS unethical practice of law (not mention direct violations of the oaths the judges swear to uphold the Bill of Rights, oaths that are preconditions to holding any senior position of public trust or responsibility).
Congress gets to write the federal laws, and the President gets to sign them, but those laws are still only valid if they don't violate rights retained by the people. We have a republic, but it is a very limited one.
That fact that the public is quite upset over what the government has been doing is more than sufficient to establish that a 9th/10th Amendment right is in play.
Smith v Maryland (1979) was a colossal blunder (and not the first made by SCOTUS, just look at the history of slavery or of discrimination, many Supreme Court decisions completely ignore legal ethics issues which is why the US legal system is such a mess).
The Nuremberg Precedent comes into US law under the 9th and 10th Amendments, as another right retained by the people. As such, all government law enforcement officials, all legislators, and all executives are required to recognize Smith v Maryland as invalid. No such person can defend an action by saying "the superior in my hierarchy said it is ok to do something" when that something violates fundamental rights: civil hierarchies (including judicial hierarchy) are no different from military ones in this respect.
Also, the OP is LYING. The DO COLLECT ON EVERYBODY. Then they lie about it.
In their twisted reality, "collecting everything into a 'lockbox' and then googleing in the lockbox does not mean we collect against everybody".
Surely they do. Surely they are traitors to Magna Charta and surely the are Mohammedics and Commies deep inside.