Slashdot Mirror
NSA Chief: Arguing Against Encryption Is a Waste of Time (theintercept.com)
An anonymous reader writes: On Thursday, NSA director Mike Rogers said, "encryption is foundational to the future." He added that it was a waste of time to argue that encryption is bad or that we ought to do away with it. Rogers is taking a stance in opposition to many other government officials, like FBI director James Comey. Rogers further said that neither security nor privacy should be the imperative that drives everything else. He said, "We've got to meet these two imperatives. We've got some challenging times ahead of us, folks."
New appointment for NSA Chief in 3 ... 2 ... 1 ...
The NSA has backdoors.
SJW's don't eliminate discrimination. They just expropriate it for themselves.
It doesn't matter if you use any variety of encrypted messaging products (imessage, cyph, silent phone, signal, etc.), we've got a backdoor for it already.
The only challenge is in justifying using it after the fact.
Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
"We've already cracked everything, any encrypted data is clear as water for us; let's not make a big fuss so people just stay with what they've been doing. Keep cool, people."
The fact that software can be made (and made well) by amateurs. So such regulations saying that software shouldn't have encryption means outside sources will still make it. This will only put the big companies into a disadvantage as they wouldn't be able to make secure solutions to their system.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
You can't believe anything from the NSA.
It's refreshing to hear someone address this issue with a little sanity. However, I still don't trust any three letter agency.
He's a genius, he's pulling the classic Bugs Bunny/Daffy Duck Hunting Season trick on us.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
...civil liberties, freedom, the 4th Amendment, and the 5th Amendment is a waste of time.
Bullshit. Crime rates have never been lower. The chance of being injured or killed by terrorism is vanishingly small and comparable to a lightning strike. The advantages of secure communication far outweigh any potential aid it gives to criminals. The only challenge here: a government organisation trying desperately to preserve itself and its budget in the face of increasing scruitny and irrelevance.
I mean I cannot understand at all why FBI/CIA/police/government want backdoors in "encrypted" protocols.
After Snowden's revelations any halfwit with half a brain realizes that you cannot trust anything you haven't created yourself. Thus if you want real privacy/control/encryption, you will implement your own means of communication which employ proper encryption, which means only legal entities, people who trust official/commercial means of communication (WhatsApp, Viber, Skype, e-mail, etc.) will be spied on while real criminals will be out of reach.
Is this rhetoric about encryption is nothing more than a disguise to spy on all of us while those who have power won't be touched?
Well, fuck them.
encrypt stuff with every possible key, look for some kind of common signature or order in the data and make an algorithm to break it using the possible keys
we (NSA) already have access to all of it anyway, so we don't regard it as an impediment like the others do.
I gots me guns and if any of dem gubberment types try anything with me and my boys, we're gonna go off and take over some gubberment emtee shack in the woods there! Because the Second Amendment is there to fight tyranny!
Why look at my brethren in Oregan, the gubberment is to scarred to do anything! We gonna rise up everywhere! In the dessert or in the forest and the gunnerment is gonna get it's just deserts! Damn strate!
Freedom!
Encryption without backdoors is the only answer. There is no compromise on this. If there is compromise, we might as well just send all of your information in plain text and give up and go back to the days without any electronic communication.
We are continually moving towards more and more peaceful times. We are coming to the end, though it may still take 100s or 1000s of years, of the primitive aggressive parts of our brains running our society. We are still a primitive, young society, but we are so much better than any generation in the past.
Of course this could all change again if we start encountering other alien races before we are ready or before they have rid the primitive warring bullshit out of their society.
Someone in the Government who has a clue... AND is speaking out.
I think I may faint.
--Hired Net Grunt
How do we not know if there is not a backdoor in every Cisco router? I find it odd that this issue is not criticized more often by the tinfoil hat open source folks. The Internet is largely woven together using these turquoise boxes running proprietary software. What if NSA can connect to any of them with administrator access, allowing to manage traffic and tap on data that passes through. What do you think about this possibility?
Not if I'm being paid to make the argument, it isn't. Probably the best argument against encryption is that against the NSA/CIA it is snake oil, like defending yourself from a nuclear bomb with a .22
“He’s not deformed, he’s just drunk!”
Microsoft, uefi, mobo chips, winX.
At this point, if you buy a computer with doze ready
to do first-time boot, but you plan to use another OS,
perhaps you would be wise to never boot doze.
Of course, even that may not matter, it could be
just be uefi chipset combo is all that is needed now
Someone like that is the last person I'd expect to bust out with a public statement like that, but at least on the surface it makes me feel a little better that not everyone in the government is as dumb as a doorknob.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
For the people advocating for backdoors/key-escrow/etc, I always wondered what they would say about their own communications. Would they themselves be willing to escrow the keys to their own communications? All of them, including top secret ones? If not, then why?
Given e-mail is for the most part sent in the clear, thus equivalent to a postcard, what amount of encryption would make it letter post equivalent (indicating privacy, rather than sensitivity)? Does 256-bit sound reasonable (thinking low effort of encryption/decryption, but easily openable by an agency, using resources they already have using a court order, if it came to it)?
Jumpstart the tartan drive.
"Former NSA director Mike Rogers, has been terminated with cause. The Agency understands he wishes to spend more time with his family. He was accused of being disgruntled, insufficiently supportive of the aims of the NSA, not following the party line, and having sex with truffles. Communist, French truffles (oo la la!)!! The NSA wishes him well in all his future endeavors."
It hasn't happened yet and it may never happen. But if it does happen, you heard it here first!
Didn't we just yesterday have someone from some TLA ranting and raving about how we must accept not having encryption anymore? What happened? Found a critical flaw in all encryption schemes in the past 24 hours?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Encryption is bad only if you presume that either the only, or at least the far most likely reason anyone might want something to be hidden from others is because they are doing or have done something wrong.
Except that this is *FAR* from true. Insisting that people shouldn't try and hide things from people who might claim to mean well is equivalent suggesting that people really shouldn't have privacy at all, and it is nothing less than absurd to suggest that nobody should have any rights to any privacy, ever, unless you do things like outlaw clothing (which may hide a person's body from public view), for example. With a flawed premise, the entire argument for suggesting that strong encryption should be outlawed falls apart.
File under 'M' for 'Manic ranting'
Slashdotter paranoia is as bad as baby boomer paranoia (eg, the ones who want to make encryption worthless because terrah).
We're talking about the agency that developed SELinux.
Yeah, they might have some interest in keeping the secrets of American corporations out of the hands of the Chinese and others.
I doubt there are any backdoors in RSA keys, but most https traffic uses 256-bit symmetric keys. Let's say the NSA or whoever has a bank of computers that can crack that key in a day. With today's CPUs, you could encrypt your traffic with 10,000 keys relatively quickly. Then they would have to decrypt each one at a time. Of course, exchanging those keys may be complicated. Maybe to accomplish that you need a 4096-bit key.
The biggest problem with this theory is if they can crack a key, how long does it take? 0.001 second, 1 second, 1 day, 1 year, etc? A 10,000 key deep encryption would be fine if it takes a day to break but obviously not if the process can be completed in 2 seconds.
I've really thought about starting a service that writes OTPs to a 2TB drive, sends them to customers, and they use that to connect back to offshore servers that act as a proxy for them. Then, unless someone tampered with the drives intransit all communications would be secure.
Ninjas don't carry tic tacs
Who are you, and what have you done with the real head of the NSA?
I've been wondering for some time if there's something already hidden in my UEFI mobo waiting to be triggered by a Windows update that will permanently disable BIOS boot and make UEFI boot no longer recognize my own key.
It's kind of disconcerting that an OS that's been UEFI booted can change UEFI settings as it is. I think that was the strangest thing I learned when I went to learn UEFI: one can only enable UEFI boot for an OS from another OS that's been UEFI booted. It's not good enough to simply load in my key and say "ok, here's the UEFI boot partition and the kernel image, go at it!"
But NASAA? Who knows with those jokers.
Admiral Rogers also made that point too - that 80% of the government's cybersecurity problems would be solved if he could get military personnel to treat "cyber hygiene" the same way that they manage rifles, artillery and other kinetic weapons.
For those interested, here is a link to the video for the full presentation which was made at the Atlantic Council on Thursday.
Don't argue about encryption people, what a waste of time. We already got backdoors in everything.
Mike Rogers and other NSA employees definitely get it, we're approaching a cryptography apocolypse. Also, state mandated backdoors that everyone knows about are exactly what they don't want. The NSA wants to slip the backdoors in without the public knowing about it. In their defense, that is their job. It is kind of the point of being a security agency. The mandatory EXPORT ciphers of the 1990s that weakened everyone and caused heartbleed is the kind of thing they don't want, it hurts our governments and corporations. Whereas slipping sniffers during shipment into the USB cables intended for foreign adversaries is.
In reality, NSA *does* care about legality. Part of what came out with Snowden's stuff is that the folks at NSA were already saying "hey, we're overcollecting, how do we not do that".. and not just because they want to reduce the volume.
NSA also makes a distinction between "collecting" and "looking". If I build a receiver that scoops up all RF transmissions in a block of spectrum and records them, that's pretty different from tuning into specific signals either in real time, or in the recorded data.
Is it because privacy and security are only threats to tyrants? The fact that even raising the issue isn't political suicide for any politician or civil servant who dares suggest it is, frankly, embarrassing.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Taking into context a certain presidential candidate's use of private email server to do government work which will not be an exceptional case but a common past and future problem for national security does the government want a back door to itself?
Since the root problem here is human individuals, bad guys, good guys, public, etc how to you prevent your own gun being turned on you.
I suspect that's part of the issue from Rogers stand point.
Of course he may not have got the memo about "2+2=5" and the other one reminding him that "The heresy of heresies is common sense"
He could just be looking for a good Retirement Package in time for the Ski season.
https://twitter.com/normative/status/618860879765970944
Actually it's simpler; the NSA has all that it needs with weak endpoints and metadata - they don't need to backdoor encryption*. Which gets to the NSA dual mandate, their job is to enforce/enable/encourage strong encryption for the rest of the US to use. Additionally they know better than any that trying to weaken encryption is a fools errand (never mind their stupid attempt at a backdoor in the .
Look at it this way; from metadata collection they know who to care about. For those, they usually know how to get into the end points (message originator and receiver - i.e. computer, phone etc). As to what's being said? As far as they're concerned it seems it doesn't matter; just send in the drones.
It's actually a grim assessment, but at least it is refreshing that somebody in the government is willing to point out that trying to weaken encryption is idiocy.
* It's possible that they have the keys to quantum encryption so don't care - notable in light of their surprise announcement last year to gear up for it. But presently nobody believes they've solved that problem.
"neither security nor privacy should be the imperative that drives everything else."
Don't believe it. Security and Privacy are opposite.
If powers of authority really wanted to protect your security, then privacy would be the natural course.
Allowing anyone to invade your privacy is an offence against you, your property and those you love.
Removing privacy is the removal of security.
Don't be foolish. Having someone watch you 100% of the time and invade your private property is dangerous and will lead to your loss of goods, dignity, free thought and all private intercourse.
Do these people think you are stupid? You are not stupid. So stand up and call out the names of those who repeat lies and propaganda.
"Mike Rogers... you are a liar and do not serve to protect the country or its people."