US Congressional Committee Concludes Encryption Backdoors Won't Work

"Any measure that weakens encryption works against the national interest," reports a bipartisan committee in the U.S. Congress. Mark Wilson quotes Beta News: The Congressional Encryption Working Group (EWG) was set up in the wake of the Apple vs FBI case in which the FBI wanted to gain access to the encrypted contents of a shooter's iPhone. The group has just published its end-of-year report summarizing months of meetings, analysis and debate. The report makes four key observations, starting off with: "Any measure that weakens encryption works against the national interest".

This is certainly not a new argument against encryption backdoors for the likes of the FBI, but it is an important one... The group says: "Congress should not weaken this vital technology... Cryptography experts and information security professionals believe that it is exceedingly difficult and impractical, if not impossible, to devise and implement a system that gives law enforcement exceptional access to encrypted data without also compromising security against hackers, industrial spies, and other malicious actors...
The report recommends that instead, Congress "should foster cooperation between the law enforcement community and technology companies," adding "there is already substantial cooperation between the private sector and law enforcement." [PDF] It also suggests that analyzing the metadata from "our digital 'footprints'...could play a role in filling in the gap. The technology community leverages this information every day to improve services and target advertisements. There appears to be an opportunity for law enforcement to better leverage this information in criminal investigations."

by putting back doors in

[FudRucker]

not only will the FBI & Police be able to get in but also criminals will crack it and get in too, it would be better if the keeper of the keys would cooperate with the FBI & Police and unlock the devices on a per-user basis when a search warrant is demands it so, that way innocent people dont have to worry and quit shopping on line and changing their credit card numbers, and the FBI & Police can still do their investigations

Re:by putting back doors in

Having external keys in the first place, having a system that CAN be unlocked on demand, is something that can be exploited by bad actors every bit as well as by the FBI with a warrant. It'll take some time, but there are already companies out there that make millions unlocking phones.

Re:by putting back doors in

[ShanghaiBill]

There are two fatal flaws in your reasoning:
1. You assume that "the police" and "the criminals" are disjoint sets.
2. You assume that innocent people have nothing to hide, and nothing to fear from the police.

Re:by putting back doors in

[wbr1]

Wrong. No one should have a golden key. The only parties with keys should be parties to the communication.

Re: by putting back doors in

There should be no keeper of the keys. The keys should be inaccessible to the manufacturer and anybody but the person who owns the device. Then we dont have this problem and the FBI can go to hell. Why is it just because something's electronic that they should have unfetterred access to it? And with courts largely comprised of pro-cop judges search warrants aren't all that much of an impediment or check in far too much of this country.

Re:by putting back doors in

Wrong. No one should have a golden key. The only parties with keys should be parties to the communication.

One possible solution to the back door issue, is to not trust the encryption provided by your device. Add additional encryption on top secured by an independent key. Of course if logging is added while your using the device then it is useless.

Remember though the purpose of encryption is to make insecure communications secure. If phones can't be trusted, then you have to use a connected device that can be.

Re:by putting back doors in

[Motard]

There are two fatal flaws in your reasoning:
1. You assume that "the police" and "the criminals" are disjoint sets.

He does no such thing. He is suggesting that, say, Apple would hold a key and would only unlock a device in response to the concurrence of two separate branches of government. In this case the executive and judicial.

2. You assume that innocent people have nothing to hide, and nothing to fear from the police.

He made no such assumption.

Re:by putting back doors in

Not only will criminals crack in but state operators will have greater resources and will be able to get the keys from Apple or any other source. This is true even if the keys are held by the government. You either have secure encryption or you don,t. Having back door keys makes thing unsafe. You can either steal the keys or do a direct assault in the case of state actors.

Re:by putting back doors in

[mentholsmooth]

He doesn't have to make the assumption. Regardless of how many honey coated words are used, that is what he is saying, in the end. There should never be a mandate that gives the government a free pass into crypto. It is not American. But after seeing how google, yahoo, Microsoft, Apple, Facebook, and individual app makers use and sell your information, I can see where most people don't see a problem with this. But just because millions of people are oblivious to the fact that not only are they being spied upon by large corporations with no regulations, and metadataed by the NSA, doesn't make it right. There isn't anything wrong with an American system that requires warrant for a targeted individual. It works just fine. The problem is, law enforcement has gotten too lazy to do it right, while corporations are making money off of it. Then there are the nefarious actors that breach systems and steal the information for the same purpose as the corporation who keeps it. To make money. As you can see, in this modern era, the consumer and the protections for them are non-existent. The People are losing this battle.

Re:by putting back doors in

[Agripa]

He does no such thing. He is suggesting that, say, Apple would hold a key and would only unlock a device in response to the concurrence of two separate branches of government. In this case the executive and judicial.

Do you mean like how the telecommunication companies would only hand over metadata and content to law enforcement when presented with lawful orders until the point where Congress had to pass a law granting them immunity because they did not? How did that work out? Why would it be any different with Apple?

Re:by putting back doors in

[Agripa]

If phones can't be trusted, then you have to use a connected device that can be.

Tether the secured device to the phone so they are separate and the phone only sees the encrypted data.

Disturbing.

[Gravis+Zero]

While most people start thinking, "oh what a breath of fresh air, the government getting it right for once," I worry, "have aliens infiltrated our government? Because it seems like they are listening experts and making logical conclusions." ;)

Re:Disturbing.

[Areyoukiddingme]

... "have aliens infiltrated our government? Because it seems like they are listening experts and making logical conclusions."

I expect the experts testifying used illustrations in crayon and very small words. And they still got a weasel-worded statement from the committee. "Cryptography experts and information security professionals believe that it is exceedingly difficult and impractical, if not impossible, to devise and implement a system..." No, that's not what they said. Every single one of them said it is impossible. Because it is.

Congresses come and go, but there is one invariant: they all have trouble with mathematics.

Re:Disturbing.

[gtall]

"Congresses come and go, but there is one invariant: they all have trouble with mathematics."

That's not saying much, most people have trouble with mathematics.

Re:Disturbing.

[FatdogHaiku]

While most people start thinking, "oh what a breath of fresh air, the government getting it right for once," I worry, "have aliens infiltrated our government? Because it seems like they are listening experts and making logical conclusions." ;)

I must admit my basic assumptions about Congress were rattled a bit...
but then I remembered that this is a very small subset of the legislative body overall.
So, somehow they got the right people looking and listening to the actual experts...
even lotto tickets hit sometimes...
now back to business as usual.

Re:Disturbing.

[dcollins117]

While most people start thinking, "oh what a breath of fresh air, the government getting it right for once"

Interesting, becasue that's not what I was thinking at all. I was thinking "What astonishing hubris implicit in this debate that they assume they have the authority to access data that has been explicity access controlled by encryption." Apparently just because they are in government or law enforecement they assume they have this authority, when they actually do not. The only persons who can grant this access are the encryption key holders. So, no, I don't think they got it right by any means.

Re:Disturbing.

[turning+in+circles]

Lame duck Congress can act more rationally than Coming Up for Re-Election Congress. Maybe not fully rational, but better.

Re:Disturbing.

[dgatwood]

While most people start thinking, "oh what a breath of fresh air, the government getting it right for once," I worry, "have aliens infiltrated our government? Because it seems like they are listening experts and making logical conclusions." ;)

Nope. They no doubt spent millions of dollars on a study to tell them what they could have learned for free by asking any software engineer who has ever spent even a single week in his/her entire life implementing any sort of cryptographic software. This is why our government costs so much money. Tens of thousands of software engineers all tell them the same thing, but they don't like the answer, so they commission a study to try to prove everyone wrong, and after all that, the study still concludes that the original answer was correct. That's Washington for you.

Re:Disturbing.

[hawguy]

"Congresses come and go, but there is one invariant: they all have trouble with mathematics."

That's not saying much, most people have trouble with mathematics.

Most people aren't making Federal policy decisions related to science, math, and technology while being unversed in science, math, and technology.

Re:Disturbing.

That's not saying much, most people have trouble with mathematics.

If you need more math than you can do yourself when making decisions, you hire some experts and listen to them.

Re:Disturbing.

They also make the assumption that if you don't agree with them, and merely say no, that they can and will kill you and your little dog, too. Ask the ex-USSR personel that couldn't ever enter the Ukraine because they're wanted fugitives for mass-starvation and warcrimes. People like that sleep well at night because it's not them, and they just don't really care about others much. They also like to dehumanize in order to make themselves feel like less of a worthless human being.

Re: Disturbing.

[ReedlyDeedly]

I think Rick Perry's Animal Science degree is a life science, right?

Re:Disturbing.

I worry, "have aliens infiltrated our government? Because it seems like they are listening experts and making logical conclusions." ;)

Yup.

Re:Disturbing.

If you think that qualifies as weasel wording, you've led a very sheltered life.

Re:Disturbing.

[Agripa]

I expect the experts testifying used illustrations in crayon and very small words. And they still got a weasel-worded statement from the committee. "Cryptography experts and information security professionals believe that it is exceedingly difficult and impractical, if not impossible, to devise and implement a system..." No, that's not what they said. Every single one of them said it is impossible. Because it is.

Congresses come and go, but there is one invariant: they all have trouble with mathematics.

The technology part for key escrow and similar systems works fine but the social part is completely broken. Congress cannot pass a law limiting access which the government cannot later ignore.

Re:Disturbing.

[david_thornley]

The alternative would seem to be to find people who appear to be experts, and just trust them. That can backfire. For matters of policy, it's very useful to have determined who the actual experts are and what the basic situation is like.

A backdoor would be in the wild in a week

[HangingChad]

I think we've all seen how good the FBI is at keeping secrets. Any encryption backdoor would be in the wild in a week. In the week before it got loose it would be mostly a political weapon.

Re:A backdoor would be in the wild in a week

[gtall]

Oh, have they been sending you the memos saying what's secret and what's been leaked, or are you just talking out of your ass.

Re:A backdoor would be in the wild in a week

[Dutch+Gun]

We're extrapolating based on the fact that it seems increasingly difficult to keep secrets these days, even the NSA, who have admitted that Snowden's leaks have been very "damaging" to them. What about the Italian hacking firm "Hacking Team" which was itself hacked, and all its secrets laid bare? I'll bet some of the Democratic National Committee's leaked internal e-mails even talked about such security concerns. And then there's good ole Yahoo, with about a billion leaked e-mail credentials at last count.

So sure, such future leaks are hypothetical, but given the dismal record of both governments and corporations keeping secret things secret, I think it's reasonable to question whether a master key that unlocks every phone in the US is such a great idea, given what a colossal and valuable target it would be. I don't think it would be out in a week, but I think it's almost inevitable that it would eventually get out into the wild.

Re:A backdoor would be in the wild in a week

They already have backdoors. It's called Android. Market Share!!

Re:A backdoor would be in the wild in a week

Not necessary. The FBI director himself just writes a letter to congress, knowing they'll leak it. Or FBI agents leak something to a talking head like Rudy Giuliani who then goes on national TV and parrots out the company line. Or the FBI mysteriously issues a series of Tweets from an account that's been dormant for months, linking to whatever they want the public to focus on.

Re:A backdoor would be in the wild in a week

[knorthern+knight]

100% agreed. You *CANNOT* keep secrets. Consider...

* Aldrich Ames https://en.wikipedia.org/wiki/...
* Jonathan Pollard https://en.wikipedia.org/wiki/...
* Edward Snowden https://en.wikipedia.org/wiki/...

Re:Democrats will keep trying anyway

you really must like koolaid every so much 'cause you sure have drunk the lot.

Conclusion

Therefore, we will implement back doors immediately. Circumventing said backdoors will, like most bullshit victimless crimes, carry fines and sentences exceeding that of manslaughter.

Re:

The backdoors are starting to impact international trade, making US products less appealing. China has also had problems with backdoors, but this allows different countries to become more competitive while the US remains politically divided (preventing them from competing globally in the future, over the long-term).

sanity?

[v1]

It almost sounds like they listened to reason for once? Hearing the expert testimony of many experts in the field, enduring the BS babble of the FBI, and came to a logical conclusion?

Now I'm worried that the bodysnatchers have gotten into congress...

Re:sanity?

[grumling]

Yea, there's a lot of very good research done in Washington. Look at some of the work generated by the CBO. Much of it is logical, reasonable and will never be implemented because logic and reason have no place in US politics.

Re:sanity?

[gtall]

It isn't just U.S. politics, it is politics the world over. Actually, come to it, it is the human condition.

Re:sanity?

[AHuxley]

It's more about branding and sales.
Who would by a US crypto or networking product with the NSA, GCHQ, Australia, Canada, NZ, the FBI, city, state police, their workers, ex staff and former staff having the once secret NSA only keys?
Then any US ex staff and former gov/mil staff could sell access or give access to... their faith, cult, the media, other nations, competing corporations, any monarchy or theocracy who can pay for information on dissidents or people suspected of blasphemous acts?
The other cost is the price of passing on two production lines. Once secure for the rest of the world and a new USA only junk crypto production line.
A new US only production line with hardware trapdoors and backdoors would have to be designed in far up the production line. Who would consider Made in the USA when buying any product or service knowing the product or service to be designed to fail all the time?
Any US crypto product or service would be the first to be dropped from consideration as junk. That would open lucrative markets to any nation with crypto experts who can code.

Re:Democrats will keep trying anyway

[L.+J.+Beauregard]

Richard Burr is not a Democrat.

Trump to say WRONG! in 4...3...2...

[L.+J.+Beauregard]

Because to hell with the experts, he knows more than the experts. SAD!

Re:Trump to say WRONG! in 4...3...2...

[amiga3D]

Well....all the experts did say he'd never get nominated. Then they said he'd never get elected. Experts are often wrong.

Re:Trump to say WRONG! in 4...3...2...

[fustakrakich]

Experts are often wrong.

That's what happens when they don't study animal psychology. They expect people to be logical and reasonable when nothing could be further from the truth. They would learn more by observing chimpanzees and hippos. Or they can do the math...

Re:Trump to say WRONG! in 4...3...2...

[hackertourist]

There are no experts when it comes to predicting an election, just pundits.

About F*cking Time

Only took them a quarter of a century... (the Clipper Chip plans must have been an internal project for 1-3 years before it was unveiled publicly)

(captcha: "snoops". lol)

But But But!

[NotSoHeavyD3]

All those "smart" people on the McLaughlin Group talked about how apple and the like would put that in their phones that would let the government in while keeping it otherwise safe. Yes I'm being sarcastic. (I've never seen a better example of the "Murray Gell-Mann Amnesia effect" in my life FWIW.)

This was argued long before

[gnasher719]

Having encryption that can be broken makes it easier for police and FBI to catch criminals, and easier for foreign nations and companies to find out information that the government, police, army, or private companies, want to keep confidential. That should be obvious to everyone but is likely to be ignored by FBI and police because it is a problem, but they don't see it as their problem.

The NSA has argued for a very long time that good encryption is overall better for national security. If there had been a few known cases where criminals got away with crimes because they cracked information held by police or FBI then police and FBI might learn.

Re:This was argued long before

[Agripa]

The NSA has argued for a very long time that good encryption is overall better for national security.

That is certainly their public position but it is undermined by their known activities in subverting encryption including subverting IPSEC. I believe their real position is that they want everybody to rely on flawed encryption without believing it is flawed.

It is infeasible to be a break 2048 bit Diffie-Hel

[raymorris]

I'm sure cryptography experts did in fact say it's infeasible or impractable. That's what those of us who work in the field say about things we think nobody can do (probably). For instance, it's currently infeasible to crack 2048 bit Diffie-Hellman. We tend to avoid saying something is impossible, because as soon as you say that someone's likely to do it :) Theoretically, it's trivial to crack Diffie-Hellman, it's not cracked because of the PRACTICAL difficulty of doing so.

There's nothing theoretically preventing a master key from working just fine, only PRACTICAL problems of a) keeping the government key secret (while it's used) and b) selecting ciphers and implementations that won't be hacked ten years from now. The practical issues mean it's impractical to have a government master key.

They do "study and ignore" all the time.

[Ungrounded+Lightning]

While most people start thinking, "oh what a breath of fresh air, the government getting it right for once," I worry, "have aliens infiltrated our government? Because it seems like they are listening experts and making logical conclusions." ;)

You see this a lot.

A stock thing for Congress to do when there's a lot of public pressure over some crisis is to take the pressure off themselves by commissioning a study. By the time the study is finished the crisis is old news and the pressure is gone. The results of the study can then be safely ignored and the Congresscritters can continue to vote the same way as always.

The only thing the study results are usually used for is occasional speech sound bites for proponents of the side that agrees with the conclusions. Since the conclusions don't actually matter, the study groups don't have to be packed to come up with a desired result. So sometimes they come up with something accurate and useful. But it's still noise as far as actually changing anything politically sensitive. About the best thing it does is occasionally help a legislator understand an issue better and/or formulate a better way to present his position.

One example of this is the Second Amendment. Congress commissioned a study on whether the framers intended it to protect an individual right of members of the civilian population to arm themselves as they see fit. The study went deep and came to a resounding conclusion that this was exactly the point. This was reported in 1982.

Then Congress and the executive branch completely ignored the study and continued legislating and enforcing ever more gun restrictions - to this day, nearly 35 years later. Most of the federal level legal changes that favor those who want to buy guns and use them for self defence have come from the Supreme Court, which came to the same conclusion by their own procedures.

Re:They do "study and ignore" all the time.

I like how you somehow ignore the fact that the Congressional study was started after the NRA coup in 1977 where the gun manufacturers overthrew the hunters in charge of the NRA and became a gun manufacturer lobbying firm.

Re:They do "study and ignore" all the time.

Wish this could be modded +6.

Re:They do "study and ignore" all the time.

[Ungrounded+Lightning]

I like how you somehow ignore the fact that the Congressional study was started after the NRA coup in 1977 where the gun manufacturers overthrew the hunters in charge of the NRA and became a gun manufacturer lobbying firm.

Actually, it was a grass-roots uprising (by people such as myself and my wife) against the elitists who wanted the NRA to be about supporting just gun sports for the rich and stay out of protecting the gun owners' rights to actually HAVE and USE guns for things like self-defense, hunting, deterring things like Nixon's scheme to suspend elections, or just because they're neat, against a crush of anti-gun legislation.

The NRA is run by a 76-member board, of which a third are elected annually by all the members who have been members of any grade for 5 years or have life (pricey: amounts to prepaying) or higher membership status. That's pretty much all of the membership who are interested enough to vote - which runs in the millions. And we DO pay attention and "throw the bastards out" when necessary. (Fortunately, it rarely becomes necessary.)

If you think the NRA is run by gun manufacturers, you've been drinking the left-wing coolaid. They couldn't make a dent against the VERY alert, active, and LARGE membership, and their contributions (if any) are a drop in the bucket compared to the members' dues, voluntary contributions, and bequests.

Further, gun manufacturers get a lot of their money from selling to the government - military, police, and the hordes of bureaucrats authorized to carry guns - so they don't want to jepoardize the big bucks by doing anything that might tweak off those in charge of which company gets these orders. So they tend to keep a low profile on gun politics, leaving it to the millions of gun fans.

Re:They do "study and ignore" all the time.

[Agripa]

Just to add to this, the membership coup in the NRA was prompted by the 1968 Gun Control Act when the membership realized that the government was going to whittle down gun rights to nothing if they were not opposed and the ACLU had no interest in defending all civil rights. The ACLU likes to say that they do not defend the 2nd Amendment because the NRA already handles it but they never did (for a sinister reason) even when the NRA did not. Before the coup, the NRA was generally for gone control except if applied to the elite.

One step forward, two steps back

While I applaud the sentiment about backdoors in encryption (not that I believe for a minute that it will have any effect on what the TLAs do), I can see this being used to push for even more unconstitutional collection of metadata.

Common sense in Washington? HOLY SHIT!

[Chas]

To say that I'm stunned is pure understatement!

We don't have master keys to our literal backdoors

A master key to our backdoor sounds great for the sheriff and law enforcement, until a criminal forges one and sells them on the blackmarket. Then all the bad guys have keys to everyones backdoor.

A collosal circle jerk

What a wank.
"Congress should not weaken this vital technology (cryptography)".
You can't seriously even think of congratulating them on the simple act of recognizing objective reality? Really?
Congress, in all its almighty powers, can't do SHIT about the technology, it's already here. Congress can't weaken it, can't strengthen it, and in fact, can't even talk about cryptography without their collective brains spilling out their ears.
Congress, could, if it were as braindead as it recent performance might indicate to the observant, attempt to make it illegal and unusable in the USA.
And even try to force it's "trading partners" to impose the same restrictions on their own citizens.
But the rest of us, non-US-allied nations, just sit here on the sidelines and watch you shit-for-brains pat yourselves on the back for nothing at all.
Ra-ra USA idiocracy i-wanna-ma-guns pie for the holidays...

Re:A collosal circle jerk

Yes, Congress can do a lot to fight cryptography:

1: Use a modified version of NAC, requring all Internet connected devices to have a hardware DRM stack, and routers having to have a locked down chipset to enforce this. This is already here in some respects -- the FCC demanded all radio firmware be locked down and resistant from user modifications. From there, approved applications can be required, and people's PCs can be scanned, with the results of having something like PGP resulting in arrest.

2: Take China's approach. China requires 51% ownership of all interests, and they tossed Google out, and made other firms cave in to their eavesdropping demands.

3: Create a special agency similar to the DEA or BATFE to go and toss people who use unauthorized crypto in prison for long sentences. The system is already in place and well privatized.

4: Watch social networks. A PGP header is reasonable suspicion enough. A file that contains no decodable data is also suspician. This doesn't mean -guilt-. It means the owner now has to deal with a judge and jury, or make a plea bargain.

5: Demand all businesses use BlueCoat on all outgoing traffic, with it in TLS/SSL decoding mode (where it MITMs its own key.) If the traffic can't be decrypted and scanned (to catch people using multiple layers), it doesn't leave. Businesses can include ISPs.

6: Force a "UL" type listing guarenteeing a device cannot have crypto attached. Easily done, easily enforced.

Yes, people can say that crypto is hard to kill, but governments can easily detect it, and after a few people go to prison for just suspician as examples, it won't happen.

Re:A collosal circle jerk

the FCC demanded all radio firmware be locked down and resistant from user modifications

Considering that most countries outside of the USA have had stronger legal provisions on RF for decades, not a huge step.

As for the rest, the US gvt is backpedalling a bit on many interception scenarios, with the mass exodus of foreign data and the Microsoft/Amazon/IBM/etc lobbyists screaming in their ears about it. They're not going to stop, obviously, but they're not keen on doing much more in public view.

Re:A collosal circle jerk

@#3: Even the ATF is not crazy enough to try to go to every neighborhood to make people "get the gun!", Uganda-style. You'd also have to outlaw not just a rare type of hardware (like automatic submachine guns), but ALL modern computers and routers and so on. This is equivalent to the National Firearms Act (1986, USA) trying to regulate all classes of weapons, not just that rarer class. Imagine a country banning all seeds, no matter the species, or all untaxed fuels, even fat from boiling down hamburger. Yeah, this makes no sense, even by "ban all the things" types' standards.

A troll could use the system to get people SWATted just by injecting random packets into their traffic. This is even harder, maybe, than a 'perfect' backdoor. XD A worse troll could use this to mantrap said raiders. It makes no sense, unless you want to hand the a-hats and terrorists an easy way to disrupt law and order, by reducing confidence in, or even making a mockery of it.

Backdoors? No...

[fustakrakich]

What will happen instead is that only state licensed encryption will pass through your ISP's mandatory deep packet inspection (goodbye TOR, Freenet, and VPN). All other types will be dropped and reported to the proper authorities.

Re:Backdoors? No...

[PPH]

Steganography. You can't examine every cat video.

Re:Backdoors? No...

[fustakrakich]

When it's automated you most certainly can, and they will...

Re:Backdoors? No...

[PPH]

What's the difference between a cat video with a concealed message using unapproved cryptography and one with random noise added if they all have one or the other?

Re: Smoke and mirrors

Why is parent downmodded? It's a reasonable question.

Actually, government should...

[Bartles]

...fuck off, and rediscover traditional investigative techniques, instead of relying on the fascist relationships it has with corporations to get the easy access to illegal surveillance it's been reliant on for too long.

Re: Actually, government should...

Most crimes that are "solved" by surveillance shouldn't be crimes in the first place, like recreational drug use, "money laundering", etc. Money laundering laws are not credited enough for the amount of surveillance and privacy violations they cause--and real financial crimes like massive insider trading and other theft of personal assets by corporations go under reported and uninvestigated. So of course does money laundering as long as it's committed by a big bank of course. The other kind of uninvestigated money laundering is of course corporate tax evasion, which doesnt get anywhere near the attention you will if you dare to have an overseas bank account with a few grand in it.

Remove the drug laws and you remove the excuses for a lot of personal spying. You also eliminate a lot of corporate and CIA enabled international money fraud.

Then we can start more closely monitoring the dealings of corporate criminals, which is what we should've been doing all along.

Re:Common sense in Washington? HOLY SHIT!

[93+Escort+Wagon]

Well, it was just a working group. We have no idea whether what they concluded will have any effect on Congress as a whole.

Additionally, they seem to want the companies themselves to have keys... At least that's how I read the bit about law enforcement working to maintain good relationships with tech companies.

So I'm going to hold off on rejoicing, for the time being.

We have reached a decision ...

[dogsbreath]

... Hobbits are not Orcs.

(apologies to all the Ents out there. You are not as slow as congress.)

What?!

[God+of+Lemmings]

Congress..... did something... right?

Re:

China has back doors, but they are not as obvious about it. Since they control manufacturing, one wonders if chips are given additional functionality before being fabbed.

Re:It is infeasible to be a break 2048 bit Diffie-

only PRACTICAL problems of a) keeping the government key secret (while it's used)

This is what makes it totally impossible. They couldn't keep big secrets like the nuclear bomb - one would think it'd be nice if others really had to do all the development all the way from basic principles. Failing on the big secrets, how could you expect them to keep smaller secrets like a master key that allow full control of one series of phones from one particular brand? Doesn't seem as interesting a secret to keep as "details of a nuke" so it'll get out even easier.

Other governments will want their own keys - negotiated, bought, cracked or stolen. So will the mafia, so will hackers in general.

Well

[DaMattster]

Sudden outbreak of common sense ....

Re:

China has back doors, but they are not as obvious about it. Since they control manufacturing, one wonders if chips are given additional functionality before being fabbed.

I recall that the newest nook tablet has a backdoor. No idea if it was intentional or not.

Actually seems like the right answer

[mhotchin]

This seems to be the right answer. My theory is that their ignorance has clouded their poor judgement.

Re:

Too bad it's too late. You don't "forgive and forget" when it comes to security, when you fuck up that's it.

You are reading it wrong.

What you read is that they are going to stop trying to backdoor encryption and use metadata to fill in the gaps.

The real concern should be 'The report recommends that instead, Congress "should foster cooperation between the law enforcement community and technology companies," adding "there is already substantial cooperation between the private sector and law enforcement."'
^ Intel signed ME/GPU firmware and AMD TEE, plus whatever future exploitable firmware is made available.

They are just saying backdoors for line-level or on-device encryption won't be backdoored, nothing about not putting in exploits elsewhere in the chain, just not in the encryption algorithms/software themselves.

Wow.

[Opportunist]

I guess I got my Christmas wish granted. A government finding about "computer stuff" that not only makes sense, it even seems they finally got it.

They ... they might really have understood the problem. I still cannot believe it, it really sounds like they not only went by some hunch or an "expert" recommendation without buying into it, it really seems they finally, FINALLY understood the underlying problem.

I ... I'm kinda scared, government understanding computers, what comes next? If we're not careful, they might even stop wasting taxpayer money. And what kind of government would that be? And more important, what could we ridicule about them and what should we then complain about? Did anyone think about that? What should we feel superior about anymore if the government starts to understand computer problems?

Won't somebody PLEASE think of us professional smug know-it-alls?

Arms and Armies

[Tenebrousedge]

Fascinating. What did the study say about the utter uselessness of the militia (as demonstrated by the burning of the Capitol in 1814), the intentions of the Founders not to have a military in peacetime, and the current lack of any organized militia, that being necessary to the security of a free state? Do you imagine that any part of warfare has changed since 1789? Do you feel that muskets and automatic machine guns should be treated identically by legislation? How are we doing on the citizen-farmer thing that the Founders were also in favor of? Is it possible that the conditions under which the 2nd Amendment were drafted have little or nothing to do with the society that has resulted?

I believe that it is only consistent, that if one wishes to argue the Founders' perspective on the second amendment, that if they argue in favor of an individual right to bear arms, they must also argue against the United States maintaining a standing army in peacetime. Furthermore, the Founders would probably not have considered our police forces as anything other than a standing army targeted against the People; certainly no such thing existed during their lifetimes. I am sure your mental gyrations will be fascinating to watch.

Re:Arms and Armies

... argue against the United States maintaining a standing army in peacetime.

As you note, the issues of bearing arms and forming a standing militia have wrongly been separated. But obeying the purpose of the second amendment raises some issues: What authority does the US government have to order citizens to repel invading forces, to fight overseas, to fight for allies such as South Korea and the Philippines, to illegally invade a country such as Iraq? Then there's the issue of generals and intelligence officers: One doesn't get those skills by monthly drills and an annual tri-state exercise, leaving a people's militia at a serious disadvantage. Plus there's the problem of specialization: One can't put a helicopter base in every state, or use the local farmers as pilots. High-tech war machines require dedicated staff to operate and maintain them.

I am sure your mental gyrations will be fascinating to watch.

People mumbling about fighting the government are deluded because fighting requires more than guns and because a modern military has more than machine guns. Likewise, a modern military cannot be infantry only, making the second amendment doubly ineffective at its purpose.

Re:Arms and Armies

There is no prohibition of a standing army in the words of the 2nd Amendment. The mental gyrations are yours. Your argument is a red herring. The simple fact is that if you want to ban guns from the citizens hands you must overturn the 2nd Amendment. All else is sophistry.

Re:Arms and Armies

[Tenebrousedge]

There is no prohibition of a standing army in the second amendment, and the Federalist papers do note that explicitly. However, there is no positive mention of the concept of standing armies either in the Federalist papers nor any other writings of the Founders, they were universally opposed to them as an inherent threat to liberty. The authors of the Federalist papers considered that they had adequately prepared against such things without needing to put in an explicit proscription. And the various abuses committed by our police forces bear that out fairly well.

I am not arguing for disarmament. That is to say, I think it could be an acceptable option, but I am not suggesting any particular solution. Having a standing army and not a militia is unarguably against the wishes of our founders. What should be done about that is probably an issue for you NRA types to consider. If you feel like I have incorrectly read the Federalist papers or that I am incorrectly characterizing their writings please cite any contemporary source you like in support.

Re:Arms and Armies

[strikethree]

I believe that it is only consistent, that if one wishes to argue the Founders' perspective on the second amendment, that if they argue in favor of an individual right to bear arms, they must also argue against the United States maintaining a standing army in peacetime.

Oddly, you say that in an incredulous manner, but surprise! We should NOT be maintaining a standing army in peacetime.

Furthermore, the Founders would probably not have considered our police forces as anything other than a standing army targeted against the People; certainly no such thing existed during their lifetimes.

I am unsure wtf you are on about with the police forces. Policemen have been a fixture of society since prehistoric times. You gotta stop smoking that wacky tobaccy if you wish to be coherent. To be fair, the current state of police forces is more like an occupying army... but your discussion concerning police is still incoherent. Perhaps you should have saved that little gem for another topic...

I am sure your mental gyrations will be fascinating to watch.

What is even weirder is that your mental gyrations will be even more extreme because you are not expecting anyone to actually argue against a standing army. I am arguing against it. Let your mental gyrations begin. :)

Re:Arms and Armies

[Tenebrousedge]

I did skip a sentence there, as you say the point was not entirely coherent, but it wasn't worth the trouble to post a correction. The first police forces in the US were created during the mid-19th Century. Prior to that, there were such things as beadles and tipstaves, night watchmen, and other private security forces, but they did not have guns, because muskets and long rifles are not particularly effective at that task. The first "bobbies" were armed with clubs and wooden noisemakers, which they later traded for whistles. Police forces in the UK still do not typically carry guns. The problem with police is that they are armed agents of the State, who as agents of the State are protected from the consequences of using those arms. I do see this issue as being consequential of the failure to revise the 2nd Amendment. It was said then that, "God made man, but Samuel Colt made him equal," and I am sure that it made sense with the widespread availability of the new repeating arms and handguns for the police to adopt similar means. My reading of history seems to support the idea that this was more or less an unintended consequence, and I believe it is not too bold to suggest that the rest of the history of police forces are an argument against police immunity, and potentially against their having lethal force at all. I feel very few people in this country would agree that the State should be able to kill citizens arbitrarily without trial, and that the Founders would be appalled, but that by giving these police a fairly literal license to kill, we are accepting that that can and will happen.

We should NOT be maintaining a standing army in peacetime

This is the ideologically correct answer, but it fails to address legitimate military needs. Large engines of war cannot be improvised easily, nor can experienced staff or intelligence officers, nor logistic/supply chains. WWI was among other things was an education in how difficult it can be to scale up an army from its pre-war size of around 100,000 (and about the same number of National Guardsmen) to the eventual ~2 million man American Expeditionary Force. Adhering to the general rule of "no peacetime military spending without a fairly immediately looming crisis" (which seems to be the general idea contained in the Federalist papers) also would prohibit maintaining sea- or airbases, and essentially all strategic weapons.

I don't see any particularly good options for resolving these issues. I'll probably be satisfied if we can just collectively sit down and discuss *all* of the issues, not just the right to one's personal arms. However, if you think that disbanding the military is going to be a good solution, I'd certainly be interested in hearing you support that view.

GOP emails on Wikileaks?

Do you think the GOP, the Republican Senators and Congresscritters want Trump listening in on their communications the way he did on Clinton?
Do you think they want *their* emails on Wikileaks, everytime they have the tiniest disagreement with Trump?
Do you think they want having access to their daughters selfies and sexting?

It seems to me, the Republicans spent all that effort undermining democracy, gerrrymandering, disinfranchising, and even taking Putin's lead and using the emails he provided as political capital. And Trump came along and hijacked their election rigging machine. They are not one uniform group yet. I'm sure Trumps 'backer' will now spend a lot of hacker time ensuring compliant Congress members and compliant Senators, and Trump will nip in the bud any attempts at cyber defense. But that if for the future, today, we have these nominally Republican people, and their usurper of power, and they will try to hold onto their privacy against Trump and Putin, even as the NSA is turned and CIA is turned on them.

So now watch what the other hand is doing.

They already have some other back door in place or are about to implement a we can force you to surrender it all without a court order type law.

Re:Common sense in Washington? HOLY SHIT!

[Chas]

I know. But even THIS level of common sense is just jaw-dropping.

I'm just afraid I've been dropped onto Bizarro World or into the Mirror Universe or something...

"Rights to bear arm"

[DrYak]

One example of this is the Second Amendment. Congress commissioned a study on whether the framers intended it to protect an individual right of members of the civilian population to arm themselves as they see fit. The study went deep and came to a resounding conclusion that this was exactly the point. This was reported in 1982.

Then Congress and the executive branch completely ignored the study and continued legislating and enforcing ever more gun restrictions - to this day, nearly 35 years later. Most of the federal level legal changes that favor those who want to buy guns and use them for self defence have come from the Supreme Court, which came to the same conclusion by their own procedures.

Well, it's kind of telling when you live in a country where "constantly carrying lethal force, and being ready to use it to kill any random schmuck" seems a normal rational decision.

To us on in more peaceful countries, you sound like someone asking to introduce a new amendment in your constitution to make it legal for everyone to drive a tank around just to be able to defend themselves against any potential threat - like an invader or a terrorist ramming the crowd with a truck.

And don't start about "being able to oppose a government going rogue". They are much better solution to this problem, starting from limiting the deciding power of your Government : There's this thing called a *direct* democracy, maybe you should try it.
(Or maybe you should actually start writing congress to give you the right to drive a tank around to be able to oppose a government going rogue", and you next step should be yet another amendment for a "people's right to bear nukes")

Re:"Rights to bear arm"

Well, it's kind of telling when you live in a country where "constantly carrying lethal force, and being ready to use it to kill any random schmuck" seems a normal rational decision.

Guess you've never been robbed before. First I take offence that you would think that just because I carry a firearm that I am out as you put it "to kill any random schmuck". I'm not. Actually I don't want to shoot anybody I killed enough people in war that where really no threat to me or my country. But that was OK. I'm actually not out to kill anybody. If I do it won't be some random schmuck but someone by their own choice decided to threaten MY life. If you don't want me to shoot you then don't threaten harm against me. Simple equation. If I shoot someone they made the choice not me.

I have been attempt to be robbed 4 times in my life. Having a firearm kept those robberies from happening. I guess in whatever country you live in they don't have robbers muggers and thieves or if they do they use rocks and sticks as weapons. Sorry but we do have real bad people in this country that are out to take what you have and put a bullet in you.

Seems in Europe I hear all the time about "armed" terrorist killing all kinds of people with firearms yet firearms are illegal yet the bad guys still have them with no problem. In Europe you have no chance of fighting back. At least I have some chance to protect myself and others. During those terrorist attacks how well did all those anti-gun laws protect you? Not one bit they just made you a moving target. Let me tell you from experience a person shooting back at you is a lot harder to hit than a person just running away that is unarmed.

Really why hasn't all those anti-gun laws you all have stopped all the attacks with firearms that you have in your countries? Seems your theory isn't working well.

Let's look at Switzerland a country where every adult is armed with a government issued automatic weapon yet they have the lowest murder rate in the world. Also you don't hear about terrorist attacks there. Wonder why? Maybe because if you were a terrorist and started an attack there you would have the whole neighbourhood shooting back at you. Did you ever stop to think that one reason crime is so low there is because everyone is armed? Again back to your comment I don't see people in Switzerland "being ready to use it to kill any random schmuck" yet they all are armed.

My Grandpa who carried all his life would tell you why I carry is "It is better to have it and not need it than to need it and not have it." Sure most days it isn't needed but the times in my life I needed it I was sure glad I had it.

Please take your holy-er than thou attitude and stick it. Your attitude can get you killed.

Question: Why are we talking about gun control on a thread about encryption?

Re:"Rights to bear arm"

Let's look at Switzerland a country where every adult is armed with a government issued automatic weapon yet they have the lowest murder rate in the world. Also you don't hear about terrorist attacks there. Wonder why? Maybe because if you were a terrorist and started an attack there you would have the whole neighbourhood shooting back at you. Did you ever stop to think that one reason crime is so low there is because everyone is armed? Again back to your comment I don't see people in Switzerland "being ready to use it to kill any random schmuck" yet they all are armed.

No we have the lowest murder rate because we have '*direct* democracy'.

Congress-critters rat out so ...

... Americans walk into the Lions den eyes & ears wide shut! Can't be accident that eves-dropping Amazon voice-scrapper primes another big current story. An historically minded friend suggests CCing ... all good Trump-voters do ... a 9mm proves very efficient. she continues 'Shoot every AMAZON listening device you encounter - - - BANG - - self-defense, mind just as you shoot-out RED-LIGHT DODGING sensors to fuck local city council.' Now you're on-the-way to liberty. That Janes got-a-gun ...

Congress switched to bottled water

[Rick+Schumann]

Apparently Congress switched to bottled water at some point in the past, and started chelation therapy for all that lead poisoning they were suffering from, because this news shows that their brains are starting to work correctly again, they're listening to their tech advisers, and coming to the correct conclusions about encryption. Now if we can just get the FBI to switch to bottled water and chelation therapy, we can get their brains working correctly again, and they'll see that what they've wanted all this time is just flat-out insane.

Re:It is infeasible to be a break 2048 bit Diffie-

There's nothing theoretically preventing a master key from working just fine, only PRACTICAL problems of a) keeping the government key secret (while it's used) and b) selecting ciphers and implementations that won't be hacked ten years from now. The practical issues mean it's impractical to have a government master key.

And then don't forget the cat and mouse game that will continue when the golden key turns out to reveal that the plaintext is actually steganographed ciphertext with a novel non-golden-keyed form of encryption. Sure, most of these new novel forms of encryption will be nothing to the NSA. But then market forces will propel those with the most to gain from secure communications developing the most secure ciphers. And at that point, none of the idiots are going to admit that the whole farce was a waste of time to begin with, since they were able to leverage the FUD to secure themselves some cushy government paychecks for a few decades.

Joy to the world folks.

Re:It is infeasible to be a break 2048 bit Diffie-

[Agripa]

I'm sure cryptography experts did in fact say it's infeasible or impractable. That's what those of us who work in the field say about things we think nobody can do (probably). For instance, it's currently infeasible to crack 2048 bit Diffie-Hellman. We tend to avoid saying something is impossible, because as soon as you say that someone's likely to do it :) Theoretically, it's trivial to crack Diffie-Hellman, it's not cracked because of the PRACTICAL difficulty of doing so.

Since the government's position is that "limited" is any duration of time which is bounded, I do not know what they are complaining about. Under that definition, any encryption key can be cracked in a limited amount of time.