Slashdot Mirror
US Government Will Not Force Companies To Decode Encrypted Data... For Now (washingtonpost.com)
Mark Wilson writes: The Obama administration has announced it will not require companies to decrypt encrypted messages for law enforcement agencies. This is being hailed as a "partial victory" by the Electronic Frontier Foundation; partial because, as reported by the Washington Post, the government "will not — for now — call for [such] legislation." This means companies will not be forced to build backdoors into their products, but there is no guarantee it won't happen further down the line. The government wants to continue talks with the technology industry to find a solution, but leaving things in limbo for the time being will create a sense of unease on both sides of the debate.
The EFF has also compiled a report showing where the major tech companies stand on encryption.
Let's be very clear, the moment they require the ability to get into my device is the moment I encrypt everything and everything with user space tools you don't have access to.
Get your PostgreSQL here: http://www.commandprompt.com/
Encryption is either secure, or it's not. And no-one wants to use insecure encryption.
We accept for now there is public pushback against our planned fascism, for now we will back off on this, but in the future we reserve the right to proceed further with the fascism.
I'm sorry, but if the US government is essentially just saying "fascism is only temporarily on hold", the US is already fucked.
You have nothing to fear if you have nothing to hide; give us your papers please, comrade.
Lost at C:>. Found at C.
Based on the track record of this administration, this means they are pushing full speed ahead on weak and backdoored encryption, but want the spotlight taken off of it. This will probably be a "SURPRISE" executive order.
The pattern for Obama-- and many other politicians-- is this:
1. Voice opposition to X.
2. Announce s/he will engage in discussion with Y, which is a group that is clearly in favor of X.
3. Come back months to years later, claiming s/he doesn't see any reason why X can't be implemented.
4. If Congress doesn't implement it, reminds us s/he has a phone and a pen, and mostly implements it through executive regulation and taxation.
5. Bonus step for Obama: if you oppose X, you're now racist/prejudiced even though you agreed with Obama at step 1.
Gamingmuseum.com: Give your 3D accelerator a rest.
I had all the hash keys printed out in this paper file.
Hmm.
Dang, guess it's missing.
-- Tigger warning: This post may contain tiggers! --
Because this isn't over as an immediate issue - it's not something we can forget about until an event forces it back into the arena of debate. The consideration of appropriate policy is still an issue, only one approach has been ruled out - the same ends may yet be sought by other means.
Isn't every single possible state of affairs currently in existence, by definition, "for now"?
Why the unnecessary qualifier?
My first guess is accidental honesty. And I don't believe them anyway.
Obviously, if the ISP holds the encryption keys and the user has no control, then the ISP can access everything _and_ decrypt the data for the Government. "We won't decrypt" could simply mean that they may just hand over the key and containers separately. This meets the verbiage they just gave us, but does not mean your data is secure. It only changes who and where your data gets decrypted.
So Facebook, Apple, Google, Amazon, Microsoft, etc.. all tell you that your data is encrypted at rest. Did you give them the public key to use?/p>
If you don't encrypt it yourself, and you don't control the private key then you can expect that this statement was smoke.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Because the threat of the government coming in and demanding everyone install a government approved backdoor on their encrypted data is real.
That threat is the difference between "You're alive!" and "You're alive, for now!"
If I have been able to see further than others, it is because I bought a pair of binoculars.
Trust me, if Congress wakes up and starts working on a bill to protect encryption, Obama will escalate "for now" and suddenly decry Congress for being anti-law enforcement, and vow to veto.
Gamingmuseum.com: Give your 3D accelerator a rest.
Alive. Free. Protected by the Constitution. Not living under a fascist government.
"For now".
Enjoy those freedom fries, suckers.
Lost at C:>. Found at C.
To go a little further into what the OP is saying, the "for now" seems to be a criticism that there is not a law outlawing the requirement. This is a false premise. A law is not permanent. It is only in effect until another government comes along and changes it. Even a constitutional amendment can be changed (see prohibition). In effect everything a government does is "for now". The only difference is how easy it is to make a change. With no law it is very easy. With a law it is a bit harder. With a constitutional amendment it is very hard.
If you don't understand that everything a government does is "for now" you have a problem.
And there you have it ladies and gentlemen ... you have nothing to fear if you have nothing to hide.
If you believe you defend these things by undermining what they actually mean, then I'm afraid you don't deserve to have these things defended since you've already given up on them.
If Americans are saying "well, gee, it's OK if the government has the ability to trample my rights, but it's OK because terrorists", then it's time to stop fucking pretending you have these things left to defend ... and the US should get on with failing utterly so the rest of the world can stop pretending you're not full of shit.
Because increasingly Americans seem to think them being the enemy of the freedoms of everybody on the planet is OK.
Here's a hint, it isn't.
Everything you said screams "we as Americans have already give up, but as long as we have the illusion of security we don't give a fuck about the underlying principles".
So, please, if you're going to abandon those principles, don't talk about defending them. Because it's either delusional or dishonest. Everything about this undermines those principles American claim to cling to.
Lost at C:>. Found at C.
If you're an American (or frankly, any innocent person) anywhere in the world who isn't an active member of a foreign terrorist organization or an agent of a foreign power, the Intelligence Community DOES NOT CARE ABOUT and actually DOES NOT WANT your data. Sounds crazy and bizarre for foreign intelligence agencies to care about things like foreign intelligence, I know, but it's true.
You would think. And, if the government lived up to our ideals for it, that would be true. Why would a government want to spy on their own citizens?
But in the real world, history shows us that sometimes governments decide that they do want to spy on their own citizens. They decide that some citizens are "dissenters" and need to be spied on. They decide that court orders and civil rights don't apply to them. They make "enemy lists" and try to dig out dirt to discredit the enemies. They wiretap reformers and try to blackmail them.
Encryption is either secure, or it's not. And no-one wants to use insecure encryption.
Not really. Encryption becomes more secure or more reliably secure as you do more correct things to it--extend key length, salt hashes where used, audit code, improve algorithms, etc... and less secure as other changes are made: faster machines, better algorithms, backdoors, quantum computing, etc...
Nobody wants and few educated people trust the government to read their mail or *preserve the security* of a backdoor, so it gets more resistance in tech circles.
Painting it as black and white is a useful communications tool, but also largely wrong--kind of like the government's position of "you can trust us to do this right!"
"Adobe has not built ‘backdoors’ for any government—foreign or domestic—into our products or services. "
Wrong. Adobe has built *lots* of backdoors - for government and others. Just not on purpose.
If you're an American (or frankly, any innocent person) anywhere in the world who isn't an active member of a foreign terrorist organization or an agent of a foreign power, the Intelligence Community DOES NOT CARE ABOUT and actually DOES NOT WANT your data.
Really? I'm a bit surprised that NSA employees are allowed to enter into relationships and/or marriages with active members of foreign terrorist organizations or agents of a foreign power. [The article says that one incident has occurred per year -- a more accurate statement would probably be that one incident has _been detected_ each year.] And with what foreign terrorist organization or foreign power was Albert Einstein associated?
If you're an American (or frankly, any innocent person) anywhere in the world who isn't an active member of a foreign terrorist organization or an agent of a foreign power, the Intelligence Community DOES NOT CARE ABOUT and actually DOES NOT WANT your data.
Then why are they collecting it? Why is the fact that they are collecting it so secretive? Why then, do they share this data with other TLAs? Are we just supposed to forget that NSA officials used the data they collected to spy on their love interests?
I've built a lot of databases in my day and I never put data in a database that I did not intend to use. You see, there would be no point in doing that.
If, as you say, the Intelligence Community DOES NOT WANT our data why are they working so hard to obtain it.? Why should American taxpayers pay to be spied on? The government is supposed to work for us, on our behalf, based on our shared goals. It must also act with strict adherence to the principles set forth in the US Constitution, and stop making up highly questionable "interpretations" of law to try to justify highly illegal actions.
If you're an American (or frankly, any innocent person) anywhere in the world who isn't an active member of a foreign terrorist organization or an agent of a foreign power, the Intelligence Community DOES NOT CARE ABOUT and actually DOES NOT WANT your data. Sounds crazy and bizarre for foreign intelligence agencies to care about things like foreign intelligence, I know, but it's true. Weird!
Strange because our laws on encryption would mean fuck all to anyone except an American citizen.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
Phone calls fine, But my location when I made that call? Because I certainly did not provide that to any third party.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
This may have been true at one time. Since the USA PATRIOT Act, with its relaxation on sharing of information between intelligence and law enforcement agencies, it is no longer true if it ever was. We have intelligence information used for drug busts, and then that fact covered up through "parallel construction". That pretty much blows your claim out of the water. This is not individual abuse; this is official practice.
Now any time I hear about a criminal caught due to an "anonymous tip" or through some supposed routine process, I have to wonder -- is that really a story invented to cover up the use of intelligence data for law enforcement purposes? And some of the time, it will be.
Yeah, and guess what?
Smith v Maryland (1979) says that phone call records, as "business records" provided to a third party, do not have an expectation of privacy, and are not covered by the Fourth Amendment. And the only data within that haystack that we care about are the foreign intelligence needles. I know that's difficult to comprehend, but it's the law of the land, unless and until SCOTUS reverses that ruling. And they very well may.
Until that happens, "We're pretty aggressive within the law. As a professional, Iâ(TM)m troubled if I'm not using the full authority allowed by law." -- General Michael Hayden
And when the full authority of the law is insufficient to do whatever they want, they will search until they find a creative lawyer to offer a legal opinion to redefine what the law really means and justify whatever they want to do. http://www.newyorker.com/magaz...
You might also want to update your sources, Mr. apologist. The 2nd U.S. Circuit Court of Appeals ruled the law overseeing data collection could not be interpreted to have permitted the NSA to collect a "staggering" amount of phone records, contrary to claims by the Bush and Obama administrations. Lucky for them, Congress amended the law, moving the goalposts in mid game.
https://www.aclu.org/legal-doc...
Hopefully, you will find this as easy to comprehend as the Smith v Maryland case. And before you start wiping the brown off your nose and begin frothing at the mouth with another justification, I know it hasn't made it to the Supreme Court yet. Hopefully, you noticed Governor Jerry Brown signed the California Electronic Communications Privacy Act law yesterday. That should give you a clue that you are on the wrong side of this issue.
I have no doubt that the majority of the uses of the data are perfectly legitimate, but it seems to me that "taken seriously" is a bit of an overstatement here. Unless something has changed fairly recently, I think we have good reason to suspect that the generally good behavior of NSA employees has more to do with the fact that most people are decent and honest than with detailed oversight. A couple of disturbing things from that report:
1) While the number of "substantiated" abuses appears to be small, it seems like the cases that were substantiated were caught more out of good luck than through the inevitable grinding gears of ubiquitous oversight. That makes me wonder if those 12 cases were really most of the story or if they were just the fruit that hung low enough to pick with the tools they have. Given the details of the stories, I suspect that we're not even picking low hanging fruit in these investigations. Just harvesting what's on the ground.
2) "Written warnings" to people found to have abused the system sounds pretty thin. Perhaps the story needs more details, but it seems hard to come up with an example of "abuse" that shouldn't lead a loss of a security clearance.
When oversight of people with powerful tools comes up, we always hear a lot of rhetoric about how they're already hamstrung and they're really honorable and it's only just a few bad apples and we'll just have to deal with that. The same song and dance comes out whenever people ask questions about abuse of authority by police. Just a few years ago, nobody with the power to do anything seemed to believe that the police could possibly do nefarious things and then use their authority and general lack of transparency to cover them up. Thanks to ubiquitous cell phone and body cameras, we're starting to realize that people are people, and they'll often do whatever they can get away with.
I'm willing to believe that the NSA's record is much better than that of the average police force, but I'm also inclined to believe that we're still at the very early stages of getting the whole story on abuses.
An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"