Clinton Hints At Tech Industry Compromise Over Encryption

An anonymous reader writes: At the Democratic presidential debate last night, Marques Brownlee asked the candidates a pointed question about whether the government should require tech companies to implement backdoors in their encryption, and how we should balance privacy with security. The responses were not ideal for those who recognize the problems with backdoors. Martin O'Malley said the government should have to get a warrant, but skirted the rest of the issue. Bernie Sanders said government must "have Silicon Valley help us" to discover information transmitted across the internet by ISIS and other terrorist organizations. He thinks we can do that without violating privacy, but didn't say how. But the most interesting comment came from Hillary Clinton. After mentioning that Obama Administration officials had "started the conversation" with tech companies on the encryption issue, one of the moderators noted that the government "got nowhere" with its requests. Clinton replied, "That is not what I've heard. Let me leave it at that." The implications of that small comment are troubling.

No Backdoorts

There should be zero back doors, ever. The government has ways to get information. In any event, want access to a mobile phone would likely be after the fact. And, if the government suspects someone, they have ways of listening in without compromising everyone. This kind of thing should be targeted. For suspected terrorists, a chair and a rubber hose works well.

Re:No Backdoorts

In a post-Snowden world, only the naive would believe anything other than:

1) Backdoors exist.
2) Backdoors are kept secret.
3) The government routinely uses backdoors for big-data style tracking (and to gain superior market insight for insider trading).
4) The only data that remains secret is data over which you have superior end-to-end control.

The government will never accept a backdoor-free industry. Never.

Re:No Backdoorts

[kheldan]

The government will never accept a backdoor-free industry. Never.

Then ironically enough they will be the authors of their own destruction -- and all of us along with them!

Organizations like Daesh (I refuse to call them a 'State' because that's a bad joke), while complete assholes and utter animals, have proven that they have some tech savvy people in their ranks; what makes the U.S. Government think for a even a second that they won't have their own backdoor-less encryption? Of course the obvious answer here is that this isn't at all about stopping 'terrorists', it's about having complete and utter authoritarian, nigh-unto dictatorial control over the U.S. citizenry. I don't want to believe it but what else are we to believe? These idiotic politicians we elect must have tech advisors, they must be screaming in their ears that 'backdoors' in encrytion renders it as useless as using duct-tape to secure the front door of your house against burglars, and I'm supposed to believe that they're just shining these advisors on as 'alarmist' or something? LOL, no, it's corruption plain and simple I'm afraid. The Tree of Liberty has been rotting from the inside out for many many decades now, and we're seeing the end-stages of the disease that is killing Liberty and Justice in this country. At this rate it won't be long before we're considered just as bad if not worse than the Russian Federation, mainland China, or for all I know, Syria under the Assad regime. Meanwhile the Bread and Circuses are used to mollify and distract 99% of the U.S. population, they're clueless, and will look at you with a confused look on their faces, and fearful that you're just some crazed person -- then they go post on Facebook about it, like good little robots.

Re:No Backdoorts

[HiThere]

If you haven't noticed that things have gotten significantly worse over the last 15 years, then you haven't been watching.

This may not be "the end is near", but it's certainly an enabling intermediate step.

The biggest problem with backdoors

[jdavidb]

The biggest problem with backdoors is not that they weaken encryption, although that's terrible. The biggest problem is that even with a warrant government shouldn't even know this stuff. ISIS or Daesh or whatever the heck they called it never endangered me. Never has, never will. But "my" government endangers me every day by getting involved in these situations and by making them worse. And now, conveniently, the fix for their screwups, according to them, is for me to sacrifice my liberty and weaken my technology.

I'd say "no thanks," but I don't get a choice. So instead I'm like the guy at a traffic stop having my car searched by an officer without probable cause. I won't resist you doing this to me, but I do not consent.

Re:The biggest problem with backdoors

[gstoddart]

The biggest problem with backdoors is not that they weaken encryption, although that's terrible.

No, that is the damned problem.

There is NO technical means by which you can have a backdoor which is only usable by one government. Once you build in that kind of defect it stands a good chance of being exploited by anybody else -- other governments, hackers, criminals, and even the very terrorists you claim to be fighting.

And if the idiots in the US government feel the rest of the world should have weakened crypto for your security ... well, then the US government is an actively hostile entity to our security and liberty.

The belief that government should have unfettered access to everything we do, and that we should trust them is idiotic. Because it's not just one entity who potentially can gain access.

What they're saying is they want a skeleton key for every lock, and they're stupidly claiming nobody would ever abuse that and nobody but them could get to it.

Any product which builds in this for the US government should expect every other government to demand access to the same back door, and should also expect people in every other country to stop buying it.

This isn't a solution, and it never can be. You want access, you get a warrant, and compel people to give you the password.

But pretending you can access it but nobody else can indicates you're a moron who doesn't understand the technology. Once you weaken it, you have weakened it for anybody who can figure out how. That's doesn't leave anybody else with any measure of security.

The US government cannot create this without also understanding they've given a means to everyone else to hack into everything in the US by figuring out the way it works.

Re:The biggest problem with backdoors

[Jason+Levine]

Even if we could somehow assume that the government would only use its backdoors for good (an assumption that has no foundation in reality, mind you, but let's run with it for now), then there are still two problems with government backdoors.

First, any government backdoor is going to be a backdoor that criminals use. It's only a matter of time. So even if I were to trust a politician who said "We'll only use this for good", my question would be "and how are you going to stop the criminals who will use your backdoor as well?"

Secondly, even if we assume that the current government is populated by saints, you can't guarantee that the next government will be. Or the one after that. My standard question for those who want to give the government more power is "How would feel if a member of the other party was in charge and used this power?" If the person is a Republican, I would them to imagine President Hillary Clinton with that power. If the person is a Democrat, I ask about President Donald Trump wielding it. If you wouldn't want the opposing party using that power, then the only logical response is to keep the government from having that power entirely.

Re:The biggest problem with backdoors

[Jason+Levine]

And if any politician says "Well, we'd only use it for good", then (besides not believing a single word they say) I'd ask "what about the next administration? And the one after that? Can you guarantee that they'll only use it for good also? What's to stop them from abusing it?"

Re:The biggest problem with backdoors

[gstoddart]

It's simple existence opens up a huge list of problems.

If they think it's a backdoor solely for their purposes, they're delusional and too stupid to understand the technology.

And, just like all of the spy powers they gave themselves which they said would only be used for terrorism ... now they routinely use it for other forms of law enforcement (think Parallel Construction, aka institutionalized perjury).

The lie starts with the belief they and only they can access it. And then it snowballs into every way in which it will be misused.

But the reality is, we should stop at the whole idea there is any form of security once it's got a big gaping hole in it .. everything from banking to computer security is so utterly undermined with a backdoor it isn't funny. There isn't any security as soon as you have a backdoor. Not for anybody.

And the existence of such a back door makes it the single most valuable secret on the planet. It would be a shockingly short period of time before dozens of entities had access to it.

The big lie is that you can have any technical means to do this without throwing it wide open. Then it's just a matter of who is abusing it ... because the act of creating this backdoor means it's only a matter of time before there's no security at all.

You might as well pass a law that says pi is 3 -- because it means you're just as ignorant about reality.

You don't get it, do you?

[Opportunist]

By requiring backdoors, you hurt your economy. Because nobody, not even US companies, and you may not even dream about foreign companies, will host any kind of content willingly in a country where any country on this planet has access to their secrets.

Yes, I wrote any country. Not just the US. Because one thing is certain: These keys are valuable. Valuable enough that it will be no issue to find someone (read: governments or corporations) willing to pay big sums to get the keys and people weak enough to take the offer.

There is no such thing as a "US government only" backdoor. Never has been, never will be. Require it and watch your IT industry falter.

Translation

[should_be_linear]

H. Clinton: "Google, Facebook and Apple are lying to you about your "enhanced privacy". Again. And I like it!".

Way to build trust

[DarkOx]

Clinton replied, "That is not what I've heard. Let me leave it at that."

Lets see Mrs. Clinton is not currently serving in privileged to information government role. These are conversations that would have taken place after she left office. So some how she is being fed information she can't or won't share with the rest of us. Yet we are supposed to trust her and vote for her. Screw that. She is the ultimate insider. People always accused the GOP of solving things in the back room while the old men smoke cigars. Maybe there is truth in that maybe not. What is clear is that HRC is very much a part of that old boys club, no matter what she has between her legs.

She can't be trusted, full stop. A vote for Hillary is a vote against your interests because the only interests Hillary has is in what is good for her.

Walled Garden

[phantomfive]

For those who don't understand why a walled garden is bad, here is one of the reasons.
If you owned root on your device, you could encrypt it yourself.

Who owns the backdoor?

[Richard_at_work]

One thing I have yet to see any US candidate address is just who owns this back door and who acts as gatekeeper? Is it supposed to be US government only? Does North Korea get to have a peep under the covers? If not, why not? What do the candidates think about Russia requiring its own back door? How about Syria?

I doubt the scope they are thinking about extends much beyond the US, so why does the US get to think it has a right to my private data as an EU citizen? Because I might potentially, possible, maybe be a terrorist? Thats not good enough.

Also, how are these candidates proposing to make the terrorists use the backdoored encryption, rather than generally known and accepted as secure off the shelf libraries and vb.net UI front ends?

The right way to do it

[Okian+Warrior]

The elephant in the room, the thing that no one is talking about, is that there's a right way to do this.

If you have someone you suspect, you can peek into their system specifically using targetted means. Execute a "sneak and peek" search warrant and install a keylogger, for instance. Bug their house, tap their phone, put a tail on them, and so on.

All of these measures are effective, but they require warrants and reasonable evidence.

Also, the danger from terrorists is vanishingly small, compared to a lot of other dangers in daily life. Focusing on the backdoors is simply not warranted from the amount of danger that ISIS presents in this country.

Re:these fascists

[Frobnicator]

It's a sad day when the candidates running for president are traitors.

Never attribute to malice that which is adequately explained by stupidity or ignorance. Being a "traitor" implies intent, this is far more likely to be ignorance of a technical issue.

I'm surprised so many slashdotters expected these people to understand the technical issues.

Hillary Clinton's background might have discussed some encryption details because of some of her security scandals. Carly Fiorina also possibly understands the technical issues. But I would be shocked if any of the other candidates have any understanding of the issue.

For all the rest of the candidates, it is not something they've likely ever studied. For them, encryption might as well be some magical fairy dust that computer people sprinkle over computers for security reasons.

Re:What did anyone expect?

[OhPlz]

Except if you're Hillary and part of the government you don't like wants your emails from the time you spent as secretary of state.

Re:No Backdoors & IF THERE ARE ...

[Aighearach]

Terrorists aren't even using encryption. They use languages we don't have enough interpreters to translate, along with substituting cliches for crimes in a way that defeats both computer translation and phrase-book translation.

Therefore they will not need or use the specialized systems you describe.

Re:Backdoors are a two-way street.

[FlyHelicopters]

They know all this, but, like most things, are thinking that most of us are too stupid / uneducated to know better. Seems to be true; case in point: Trump: "I'll build a wall and get Mexico to pay for it." (crowd goes wild) No one gets a serious answer to the follow up question: Um, okay. How?

Actually, he has answered that question, but the media doesn't want to promote it or give it air time.

What Trump has said, more or less, is that Mexico is highly dependent on the US for jobs, money, and a bunch of other stuff, thanks to NAFTA.

To quote a phrase, "It might seem like we have each other over a barrel, but it just seems that way..."

If we had a leader with some balls, he can basically call up the President of Mexico and point out to him that while it seems like the US and Mexico are on equal footing, it just seems that way.

Mexico can help clean up the mess WITH our help, or we can help clean up the mess WITHOUT their help. Which choice would they prefer?

In other words... lube or no lube? Your choice, but one way or another, you're going to learn what is up.

That isn't politically correct to say, the media doesn't want to give it air time, but that is basically what he said.

Re:No Backdoors & IF THERE ARE ...

[dcollins117]

In an interesting article here former CIA and NSA director Michael Hayden claims* to be strongly against backdoors in encryption. It's law enforcement (FBI, DEA, etc) that are pushing for backdoors, not US intelligence (NSA). Hayden's rather chilling rationale is that since the NSA doesn't have to follow any rules, they can do bulk data and metadata collection and largely obviate the need to break encryption.

* Not that you can believe a thing he says, it's still useful to be clear on whether it's law enforcement or an intelligence agency deceiving you.

Re:What did anyone expect?

[Opportunist]

Hearts and minds, my ass. What I want is your wallet. You can keep heart and mind, that's not marketable.

And trust me, people may bitch, moan and rant all they want, as long as they keep buying. And they WILL keep buying. Just look at Apple, Microsoft, Android... They bitch. They moan. They rant. They complain. They swear to hate everything they do. And they buy their product.

And that last bit is the ONLY thing corporations care about.