Slashdot Mirror

← Back to Stories (view on slashdot.org)

Going Dark Crypto Debate Going Nowhere (threatpost.com)

Posted by samzenpus on from the around-in-circles dept.

msm1267 writes: FBI general counsel James Baker reiterated a theme his boss James Comey started months ago, that Silicon Valley needs to find a solution to the "Going Dark" encryption problem. Two crypto and security experts, however, pointed out during a security event in Boston that encryption remains the best defense against the government's surveillance overreach and espionage hacking targeting intellectual property. “If we were able to engineer a mechanism where we’re splitting a key and having a third party escrow it where the government could ask for it, the very next thing that would happen is that China et al will ask for the same solution. And we’re unlikely to give them the same solution,” Eric Wenger, director of cybersecurity and privacy, said. “Complexity kills, and the more complex you make a system, the more difficult it is to secure it. I don’t see how developing a key-bases solution secures things the way you want it to without creating a great deal of complexity and having other governments demand the same thing.”

3 of 111 comments (clear)

  1. end-to-end encrypt it all by Anonymous Coward · · Score: 5, Informative

    There's no reason for normal email, IMs, video chats, web surfing, etc to be available at all to anybody who isn't among the intended recipients.

    These protocols are in the clear for historical reasons: people didn't imagine that the government would be a bad actor. Since they now are, it's time to add strong encryption to all of those things.

    The whole internet needs to "go dark" from the perspective of the Stasi fucks.

  2. Alternate Headline Idea by r-diddly · · Score: 2, Informative

    One Gang of Criminals Claims They're Way Better than the Other Gangs
    Wants Privileged Data Access

  3. Nothing new here by Anonymous Coward · · Score: 2, Informative

    ... we're unlikely to give them the same solution ...

    Bullshit. If anything, the US state department will demand they implement the same flawed solution, or worse, a less secure implementation.

    ... show-up with a court order, and can't get the fruits of surveillance because of encryption.

    Leaving aside the honesty of this statement, a court order doesn't open safes, or reveal where the suspect's off-site storage is either. The real problem is encryption offers near-perfect secrecy for a low, low price, so everyone has it. Plus, the bad behaviour of most governments over the last decade motivates everyone to use it. An information device offers a detailed, easy-to-copy record of the suspect's activities stored in one location. The government wants full access to this strategic convenience and now demands that corporations provide it. (My country just forced all ISPs to save all meta-data.)

    ... "overreach on surveillance and deliberate efforts to weaken cryptographic standards" ...

    This is like demanding a copy of every safe key so that "law enforcement investigations on a local level, and surveillance efforts on national security and terrorism fronts" aren't hampered by the desire for privacy. In addition to enabling abuse by the government, every criminal will attempt to break into the key storage. Recent events reveal that governments aren't able to secure civilian data, making failure of the key storage, inevitable. Or just as bad, a universal back-door (again, recent events reveal corporations won't install quality security on back-doors), will mean the end of all privacy, once the universal key is found.