Slashdot Mirror
US Congressional Committee Concludes Encryption Backdoors Won't Work (betanews.com)
"Any measure that weakens encryption works against the national interest," reports a bipartisan committee in the U.S. Congress. Mark Wilson quotes Beta News:
The Congressional Encryption Working Group (EWG) was set up in the wake of the Apple vs FBI case in which the FBI wanted to gain access to the encrypted contents of a shooter's iPhone. The group has just published its end-of-year report summarizing months of meetings, analysis and debate. The report makes four key observations, starting off with: "Any measure that weakens encryption works against the national interest".
This is certainly not a new argument against encryption backdoors for the likes of the FBI, but it is an important one... The group says: "Congress should not weaken this vital technology... Cryptography experts and information security professionals believe that it is exceedingly difficult and impractical, if not impossible, to devise and implement a system that gives law enforcement exceptional access to encrypted data without also compromising security against hackers, industrial spies, and other malicious actors...
The report recommends that instead, Congress "should foster cooperation between the law enforcement community and technology companies," adding "there is already substantial cooperation between the private sector and law enforcement." [PDF] It also suggests that analyzing the metadata from "our digital 'footprints'...could play a role in filling in the gap. The technology community leverages this information every day to improve services and target advertisements. There appears to be an opportunity for law enforcement to better leverage this information in criminal investigations."
This is certainly not a new argument against encryption backdoors for the likes of the FBI, but it is an important one... The group says: "Congress should not weaken this vital technology... Cryptography experts and information security professionals believe that it is exceedingly difficult and impractical, if not impossible, to devise and implement a system that gives law enforcement exceptional access to encrypted data without also compromising security against hackers, industrial spies, and other malicious actors...
The report recommends that instead, Congress "should foster cooperation between the law enforcement community and technology companies," adding "there is already substantial cooperation between the private sector and law enforcement." [PDF] It also suggests that analyzing the metadata from "our digital 'footprints'...could play a role in filling in the gap. The technology community leverages this information every day to improve services and target advertisements. There appears to be an opportunity for law enforcement to better leverage this information in criminal investigations."
While most people start thinking, "oh what a breath of fresh air, the government getting it right for once," I worry, "have aliens infiltrated our government? Because it seems like they are listening experts and making logical conclusions." ;)
Anons need not reply. Questions end with a question mark.
I think we've all seen how good the FBI is at keeping secrets. Any encryption backdoor would be in the wild in a week. In the week before it got loose it would be mostly a political weapon.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
The backdoors are starting to impact international trade, making US products less appealing. China has also had problems with backdoors, but this allows different countries to become more competitive while the US remains politically divided (preventing them from competing globally in the future, over the long-term).
Because to hell with the experts, he knows more than the experts. SAD!
Ooh, moderator points! Five more idjits go to Minus One Hell!
Delendae sunt RIAA, MPAA et Windoze
Yea, there's a lot of very good research done in Washington. Look at some of the work generated by the CBO. Much of it is logical, reasonable and will never be implemented because logic and reason have no place in US politics.
"Well, good luck finding a judge that doesn't run a bestiality site."
It isn't just U.S. politics, it is politics the world over. Actually, come to it, it is the human condition.
I'm sure cryptography experts did in fact say it's infeasible or impractable. That's what those of us who work in the field say about things we think nobody can do (probably). For instance, it's currently infeasible to crack 2048 bit Diffie-Hellman. We tend to avoid saying something is impossible, because as soon as you say that someone's likely to do it :) Theoretically, it's trivial to crack Diffie-Hellman, it's not cracked because of the PRACTICAL difficulty of doing so.
There's nothing theoretically preventing a master key from working just fine, only PRACTICAL problems of a) keeping the government key secret (while it's used) and b) selecting ciphers and implementations that won't be hacked ten years from now. The practical issues mean it's impractical to have a government master key.
While most people start thinking, "oh what a breath of fresh air, the government getting it right for once," I worry, "have aliens infiltrated our government? Because it seems like they are listening experts and making logical conclusions." ;)
You see this a lot.
A stock thing for Congress to do when there's a lot of public pressure over some crisis is to take the pressure off themselves by commissioning a study. By the time the study is finished the crisis is old news and the pressure is gone. The results of the study can then be safely ignored and the Congresscritters can continue to vote the same way as always.
The only thing the study results are usually used for is occasional speech sound bites for proponents of the side that agrees with the conclusions. Since the conclusions don't actually matter, the study groups don't have to be packed to come up with a desired result. So sometimes they come up with something accurate and useful. But it's still noise as far as actually changing anything politically sensitive. About the best thing it does is occasionally help a legislator understand an issue better and/or formulate a better way to present his position.
One example of this is the Second Amendment. Congress commissioned a study on whether the framers intended it to protect an individual right of members of the civilian population to arm themselves as they see fit. The study went deep and came to a resounding conclusion that this was exactly the point. This was reported in 1982.
Then Congress and the executive branch completely ignored the study and continued legislating and enforcing ever more gun restrictions - to this day, nearly 35 years later. Most of the federal level legal changes that favor those who want to buy guns and use them for self defence have come from the Supreme Court, which came to the same conclusion by their own procedures.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
There are two fatal flaws in your reasoning:
1. You assume that "the police" and "the criminals" are disjoint sets.
2. You assume that innocent people have nothing to hide, and nothing to fear from the police.
Wrong. No one should have a golden key. The only parties with keys should be parties to the communication.
Silence is a state of mime.
Yes, Congress can do a lot to fight cryptography:
1: Use a modified version of NAC, requring all Internet connected devices to have a hardware DRM stack, and routers having to have a locked down chipset to enforce this. This is already here in some respects -- the FCC demanded all radio firmware be locked down and resistant from user modifications. From there, approved applications can be required, and people's PCs can be scanned, with the results of having something like PGP resulting in arrest.
2: Take China's approach. China requires 51% ownership of all interests, and they tossed Google out, and made other firms cave in to their eavesdropping demands.
3: Create a special agency similar to the DEA or BATFE to go and toss people who use unauthorized crypto in prison for long sentences. The system is already in place and well privatized.
4: Watch social networks. A PGP header is reasonable suspicion enough. A file that contains no decodable data is also suspician. This doesn't mean -guilt-. It means the owner now has to deal with a judge and jury, or make a plea bargain.
5: Demand all businesses use BlueCoat on all outgoing traffic, with it in TLS/SSL decoding mode (where it MITMs its own key.) If the traffic can't be decrypted and scanned (to catch people using multiple layers), it doesn't leave. Businesses can include ISPs.
6: Force a "UL" type listing guarenteeing a device cannot have crypto attached. Easily done, easily enforced.
Yes, people can say that crypto is hard to kill, but governments can easily detect it, and after a few people go to prison for just suspician as examples, it won't happen.
I guess I got my Christmas wish granted. A government finding about "computer stuff" that not only makes sense, it even seems they finally got it.
They ... they might really have understood the problem. I still cannot believe it, it really sounds like they not only went by some hunch or an "expert" recommendation without buying into it, it really seems they finally, FINALLY understood the underlying problem.
I ... I'm kinda scared, government understanding computers, what comes next? If we're not careful, they might even stop wasting taxpayer money. And what kind of government would that be? And more important, what could we ridicule about them and what should we then complain about? Did anyone think about that? What should we feel superior about anymore if the government starts to understand computer problems?
Won't somebody PLEASE think of us professional smug know-it-alls?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Fascinating. What did the study say about the utter uselessness of the militia (as demonstrated by the burning of the Capitol in 1814), the intentions of the Founders not to have a military in peacetime, and the current lack of any organized militia, that being necessary to the security of a free state? Do you imagine that any part of warfare has changed since 1789? Do you feel that muskets and automatic machine guns should be treated identically by legislation? How are we doing on the citizen-farmer thing that the Founders were also in favor of? Is it possible that the conditions under which the 2nd Amendment were drafted have little or nothing to do with the society that has resulted?
I believe that it is only consistent, that if one wishes to argue the Founders' perspective on the second amendment, that if they argue in favor of an individual right to bear arms, they must also argue against the United States maintaining a standing army in peacetime. Furthermore, the Founders would probably not have considered our police forces as anything other than a standing army targeted against the People; certainly no such thing existed during their lifetimes. I am sure your mental gyrations will be fascinating to watch.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.