Slashdot Mirror
Why Governments Lie About Encryption Backdoors (vortex.com)
Lauren Weinstein says there are smart people in government, "who fully understand the technical realities of modern strong encryption systems and how backdoors would catastrophically weaken them," but asks So why do they continue to argue for these backdoor mechanisms, now more loudly than ever? The answer appears to be that they're lying to us. Or if lying seems like too strong a word, we could alternatively say they're being 'incredibly disingenuous' in their arguments. You don't need to be a computer scientist to follow the logic of how we reach this unfortunate and frankly disheartening determination regarding governments' invocation of terrorism as an excuse for demanding crypto backdoors for authorities' use.
I don't understand why people believe a single word from the (US) government. Every time, on nearly every topic but especially security / military, what they say turns out to be not true.
The government simply got used to being able to see everything at all times. Now that we can create blind spots, they are paranoid and lashing out.
Good-bye
smart people aren't in government. smart people don't need to beg the public for votes to get a paycheck.
We've read the "Government does this, the Government doesn't do what it should, and the Government is corrupted etc." so many times it becomes both tiring and old, especially since most of it is just us - the people - voicing our opinions about things we've "heard" about, and even if it was true - we do basically NOTHING about it...but talk.
That said...even if you elected someone else - the power of knowledge is too tempting for ANYONE to resist. Therefore the way is OPEN SOURCE all the way. The safest way is actually no secrets in any source or any software, keep everything open - and then no one will be able to put in back doors or abuse bugs that are unknown as everyone will be able to peek inside and help fixing it.
What we need to do is to stop this endless paranoid game of "who do you trust?" and start producing results and solutions. We can do this together...the "gorberment" can't do anything about it, if anything - they should keep to what they do best (whatever that is) and leave the technology to enthusiasts like us, WE - the people - will pretty much make sure your privacy is safe because we'll all end up using open source software.
The only thing "goberment" is achieving with this crazy "who do you trust?" game is making sure would-be terrorist keep digging a deeper hole to hide in and grow a HUGE database of every persons private lives - kept - for their interpretation, with the kind of knowledge and power NO man should hold.
What you do with your computer or in your home - isn't government business no matter what the cause is. If you don't have the freedom to think freely, voice your opinions at will - then you don't have any freedoms at all.
Now, if they ever outlaw open source, then we'll be in trouble (or rather - they will).
What this world is coming to - is for you and me to decide.
The measures are so absurd because they want the counter solution when we object to seem reasonable to the masses. If we don't agree with either solution we'll be paraded as being unreasonable. They use terrorism as the reason, but the real agenda is quite different. For instance the real agenda might be to get congress to pass legislation that'll require users to surrender there encryption keys upon request. The UK already has such legislation. Just because they say they are targeting terrorism doesn't mean they actually are. It's more likely that they're aiming for complete and utter control over the tiny handful of scenarios where they don't have it now in criminal cases. Crimes not necessarily being where actual laws were broken, but rather people in places of power are upset. So for instance had Ross Ulbricht done a better job protecting his system and upon entry the computers power was cut then they'd not be at a loss for evidence as they could just force him to reveal said password. Ross Ulbricht's Silk Road Market Place irritated people in power. Why? Maybe those senators had a political motive or connections to drug kingpins who Ross Ulbricht was competing with (and those kingpins might not have had the technical tools to target Ross Ulbricht directly).
It's more like trying to "manage expectations".
Il n'y a pas de Planet B.
Why Governments Lie About Encryption Backdoors
The sole purpose of government is to create more government and individuals within that government are only interested in increasing their own personal power over others. They see their own citizens as enemies of these goals, to be crushed under boot heel.
Words to remember from James Burke:
All that is necessary for the triumph of evil is that good men do nothing (Attributed, but disputed).
The people never give up their liberties but under some delusion (Speech at a County Meeting of Buckinghamshire (1784))
Whenever a separation is made between liberty and justice, neither, in my opinion, is safe (Letter to M. de Menonville (October 1789)).
Neither the few nor the many have a right to act merely by their will, in any matter connected with duty, trust, engagement, or obligation ( Appeal from the New Whigs to the Old (1791)).
Evils we have had continually calling for reformation, and reformations more grievous than any evils.
There are many more apporiate to the current state of American politics, look them up on wikiquotes. https://en.wikiquote.org/wiki/Edmund_Burke
Serious question here......how would that work from a technical perspective?
Presumably they want to have a "master key" that would unencrypt any iPhone drive, but each user has to have their own unique key, as well. What kind of encryption algorithm lets either of two keys unencrypt something?
"First they came for the slanderers and i said nothing."
Because the smart people don't drive the commentary, they just stand there in the background face-palming them selves.
Honestly government isn't any different from enterprise:
The Techs & Scientists give management a clear answer on a subject, stipulating all the factors and issues with a stance that the boss is taking, providing alternate approaches & data that shows what they want is irrelevant anyway.
The PHB doesn't like what he's hearing so just goes out and says what he thinks, regardless of the facts. "Well that's what I've promised the client, so you'll have to deliver"
Do you think that politicians & leaders in the "security" services are any different ?
In the old days, you could attack one thing. You could defend one thing. But, that doesn't map well to the internet. Now, we all talk to each other. We all use the same methods of defense. When one actor attacks another, the attack is exposed, analyzed, and re-used. Now, when somebody attacks, they increase the cost of defense for everybody. When somebody comes up with improved defense, we all learn how to increase the cost of attack for everybody.
For over a decade, several branches of the US government have focused almost all their energy on attacking others across the internet. The result is an internet where compromise and breach are daily events. Somehow, our protectors don't see that they are crafting the tools of our demise and handing them to our enemies. If we are honest, we are more to blame for the great compromise at the OPM than our attackers. If we had spent the last decade on creating and encouraging defense, then breach would be difficult and rare.
Now, our governments are blindly following the tradition of attack. They wish to attack the protocols we use to determine identity and create security. They don't see or care that everybody else will do likewise. They don't see the great devastation that will follow.
Then only criminals will have guns and encryption.
The logic is absolutely inescapable with these scenarios: The US government is working with criminals and will thus help them to succeed.
Criminal gangs can get their hands on various encryption programs. Backdoors on hardware won't make a damn worth of difference.
Governments lie about needing encryption back doors precisely because they don't need them.
The late Ben Bradlee of the Washington Post has recalled: ... [documented] hidden away in the Pentagon Papers..."
"I guess it started for me with Vietnam, when the establishment felt it had to lie to justify a policy that, as it turned out, was never going to work
https://www.washingtonpost.com...
It seems to me we (the electorate) keep sending the people who are best at it, because they keep telling us what we want to hear, back in.
Keep asking the encryption question and you'll find out how far away from a democracy we've drifted. And when our government gives up with the b.s. stories and lays down the law, they'll do it with armed troops.
Have gnu, will travel.
The simple truth is that while unbreakable encryption is out there in the form of books or papers with the math, most people -- bad guys included -- are lazy and just going to use what the simple, convenient stuff. (The back-doored stuff.)
They fall into the trap of thinking "there are so many people using Facebook chat, the authorities will never find MY stuff in all that noise". In many cases they end up using simple code-book substitution and trivial code names. Instead of Abdul al-Hazred, they'll use "Mr. White". Instead of the Twin Towers they'll use "Faculty of Commerce". They think they're being clever because THEY would never catch this stuff.
I've had this argument with gov't lawyers and it boiled down to me saying "but this is trivial to bypass -- smart bad guys would just use X", and them responding "yeah, but we'll catch the stupid ones and there are a TON of those".
Anyone who has studied the history of crypto knows it is damn near impossible to get it right every last time, much less develop it without bugs. Even WITH source code samples, algorithms and coding skills people who have been doing this for a lifetime screw it up. Thus, "the horse has escaped the barn" isn't really an honest argument. That horse is going to trip of its own volition fairly quickly.
The popular cryptographer and author Bruce Schneier in his blog recalled a conversation with fellow crypto expert Matt Blaze of the University of Pennsylvania, who said the publication of the Snowden documents would begin a âoenew dark age of cryptography, as people abandon good algorithms and software for snake oil of their own devising.â
Learning HOW to think is more important than learning WHAT to think.
One possible explanation is that the government already has all the access they need. Asking for, and failing to get approval for, backdoors in software and encryption systems is just a farce to give us a false sense of security.
Misdirection. Legerdemain. The "backdoors" are already there. The encryption is already broken. The network is already hacked.
(1) Aldrich Ames;
(2) Kim Philby;
(3) J. Edgar Hoover; and
(4) the State of Alabama (NAACP v. Button).
Sooner or later the Supreme Court is going to revisit the Fourth Amendment as it relates to wireless communications. Perhaps the feds are trying to shape the course of public opinion in this regard.
Because to work in government, the primary qualification you need is to be a complete psychopath.
In fact, the US government has been pretty straightforward about what they want, which is a backdoor into encryption, and they have admitted that this will weaken security and put millions of Americans at greater risk of identity theft, fraud and hackers in general. They have been less willing to admit the possiblity of government abuses of such a backdoor, but if pressed they will probably concede that oversight is needed there too. Now, the US federal government argues that we should do this so that they can protect us from bad people and that whatever we give up in the way of privacy or protection against financial crimes is worth the trade off. Now, most of us here on Slashdot disagree strongly with that assertion and many of us are also skeptical that such a backdoor is even technically possible without rendering such compromised encryption essentially useless. However, I don't think that the government has lied about their position. They've laid out their position and I say again that I don't agree with it. However, that's not the same as the government lying about it. It's an important distinction to make.
https://en.wikipedia.org/wiki/Dual_EC_DRBG
"One of the weaknesses publicly identified was the potential of the algorithm to harbour a backdoor advantageous to the algorithm's designers—the United States government's National Security Agency (NSA)—and no-one else. In 2013, the New York Times reported that documents in their possession but never released to the public "appear to confirm" that the backdoor was real, and had been deliberately inserted by the NSA as part of the NSA's Bullrun decryption program."
Note, this encryption patent is owned by Blackberry, whose CEO admitted its phone is backdoored recently. His "lawful intercept capability", for governments that want to spy on your phone because your a terrorist. Or more likely some important politicians, or foreign government worker, or have company secrets for a company competing with the US... you know "lawful".
As Friedman said:
... that believes ad blockers are unethical.
And when someone call Lauren out on his absolute stupidity they get censored.
I never felt that the reason they gave, which was to catch the most dangerous terrorists, was ever a realistic goal... Whenever someone advocates this, it is either because they are simply too ignorant to realize the actual implications of what they are saying, or else it is because they (possibly sincerely) feel that the number of people who are too incompetent to be able to get away with committing crimes if encryption is not as readily available, but would otherwise be able to get away with committing them if they had easy access to strong encryption technologies is somehow a sizable portion of the people who commit crimes.
File under 'M' for 'Manic ranting'
The Bill of Rights recognizes that the government needs to be kept at arm's length, to be limited in its power. In the last few decades, we've been slowly giving more and more power to the government, sometimes in the name of "national security," (Patriot Act) sometimes in the name of "fairness for all" (Affordable Care Act). We've been taught to let the friendly folks at Washington take care of us. Now we're starting to see the dark side again. The government is saying, "Trust us with your data!"--either when they take it secretly (NSA/Snowden) or when they demand it publicly (backdoors). Maybe it's time for a digital Bill of Rights. The problem is, the government isn't just going to sit down and let go of the power they already have.
"Since the ruling class is usually safe from terrorists, and in bed with criminals, I’m guessing that “political opponents” will get the most spying."
http://pjmedia.com/instapundit...
For government, terrorism just makes them look bad - but political opposition can remove them from power. That's why encryption hysteria ALWAYS is about protecting government from the citizens. We need to stop electing lefty governmental flunkies like Clinton, Bush, and Obama, and start to reduce the size and power of government. The Democrats and the "mainstream" Republicans are in this together, against "We, the People". We need to elect small government conservatives and Libertarians, not communists, socialists and progressives.
so you're saying the government you don't trust or like is going to reign in the corporations who act in ways you don't like
you're a stark-raving lunatic but that's okay - the world needs people like you
Corporations can exclude you, as owner, as vendor, as employee, as customer and as third-party.
Corporations have absolutely NO accountability, and can dissappear in a puff of smoke together with the bulk of the money.
The environmental and health impacts stay forever.
Captcha:
maniac
The people who ask questions like this are the disingenuous ones: they too must be smart and they too must understand that the smart people in government - yes, they're there, in fact, they meet them at conferences and stuff - are in no position to seek out the news-media like that. And they too must understand that people have jobs that include assignments and not meeting them can mean that you get fired. People in governments have jobs to do. Some of those do it in front of cameras, others in front of computer monitors. They aren't the same jobs. To act like you don't understand this difference, is to pervert the discussion. Purposely. I'm firmly in favor of strong encryption, but articles like this don't help the cause.
Religion is what happens when nature strikes and groupthink goes wrong.
Uh, replaced by who again? I'd like to meet this entity, rather than just reference the John Lennon LSD version. Or, do I need LSD first?
As long as humans are involved, it will have some degree of corruption. I'd wager a lot on that. The only way to rid all corruption would be extreme inspections by informed citizens, which is time consuming and unrealistic. The cost of inspections grows greater than the cost of corruption. It's like an immune system so large it turns its owner into a slow useless blob.
Table-ized A.I.
It is opinion.
I do not claim it is wrong.
I am not denigrating the author.
It is, however, just an opinion published on someone's blog. Hence the disclaimer (if you read all the way to the bottom.)
Slashdot is supposed to publish news for nerds, and this is not that.
Never trust a man in a blue trench coat, Never drive a car when you're dead
That is why you cannot trust a politician.
Politics is derived from:
poly = many
tics = blood sucking parasites.
Democracy is derived from the street observation:
Dem are crazy
Sent from my ASR33 using ASCII
Because government workers don't give a shit when their laws and regulations fuck over the common man who under threat of force must pay the government workers wages
There's another dimension to this story, which gets lost in the critically important discussion regarding privacy, but it's money.
If a government got their way and were able to impose the types of control that is now being argued for, it would require a vast amount of new infrastructure to be developed. For example, there would need to be a key escrow system; there would need to be the means of storing all data being transmitted between citizens, there would need to be vastly more money spent on all of this.
Populations across the Western World have - entirely rightly - reached the point of "No More! Not In My Name!" with respect to on-going armed conflict [another very effective way of shifting vast amounts of money from the public purse to the private pockets [of a few]. A shawdowy, unknown threat that is so pervasive that everything done to counter it must be kept secret is an absolutely perfect scenario for spending vast amounts of money on "something". This "spending" is one of the key elements in western [I guess capitalist] society - the government [at the top] takes money in taxes. It then spends that money buy buying things to stimulate the economy and generate more productivity that in turn raises more taxes...
Maybe - this is just a thought - what we're seeing here is a shift in strategy away from spending government trillions on the munitions side of the military-industrial complex and towards spending it on information technology.
Some will ask: "Well, if this is the purpose, why not invest in science, medicine, technology, space exploration?" Two thoughts: Kennedy tried that and the results were not as successful as some hoped; but also, investment made in a technology and apparatus that *strengthens* the control of government will always be most appealing to the decision-makers. As others have [correctly] pointed out, all of what is being discussed services to weaken the citizen and strengthen the state - not always a good thing. I'm also reminded [and sorry, can't find the reference] of a story reported from the Snowden files. IIRC, there was an email from 2 [Booze Allen] employees, discussing a proposal being put to the NSA. One was saying something to the effect, "Look, even if we can find a way to complete the technical build so that we harvest all this data, there is *no way* anyone is going to sift through it and find something of value!" to which the reply was something to the effect, "Look, it doesn't matter - let them make the decision. Our job is to give them a proposal and, if they take it, sell them whatever they ask for..." Now, if anything like that is even partially representative of what has happened [or is happening] then it may help to explain why governments are so keen to roll out so much more technology... Or is this entirely wrong?
"The Law" does not apply because a law is only effective if you have someone who can dispense punishment or gives the "fear of god" to the person who is willing to test the limits (parent v.s. child) but in this case who is the "boss" of the "government" people may say that the general public is the "boss" but the public only has the ability to forfeit power every 2 to 4 years depending on the "post" held by the "offical" and there are even "untouchable" staff that are not elected so they fear nothing really... so in truth that's why the government has the ability to do what it wants also the courts are really a reactive "clean up the mess" after the fact and has no direct effect on who is "in power" (they can't be removed from power by the court). am i even close to the right train of thought?
I'd be more impressed by that argument if the U.S. Government actually behaved in accordance with the Constitution. It hasn't done that in a VERY long time.
From the article:
So it seems clear that the real reason for the government push for encryption backdoors is an attempt not to catch the most dangerous terrorists that they're constantly talking about, but rather a selection of "low-hanging fruit" of various sorts: Inept would-be low-level terrorists [...]
Yes, this is exactly who the government wants to get to -- inept low-level terrorists who aren't knowledgable or trained enough to consistently use secure/ISIS approved software and instead use the standard communications software that came with their cell phone or computer, because that's what is convenient and familiar to them.
And that isn't nothing, given that one of the big threats is "self-radicalizing individuals" who by definition won't be be elite ISIS commandos but rather otherwise-regular people who decided one day to prepare and commit an atrocity.
While I don't think mandating a government back door to all encrypted communications is a viable solution, let's not pretend the government doesn't have a valid use case here -- being able to monitor the communications of those people would give the government an opportunity to stop them before their big day.
I don't care if it's 90,000 hectares. That lake was not my doing.