US Says It Doesn't Need a Court Order To Ask Tech Companies To Build Encryption Backdoors

schwit1 shares a report from Gizmodo: According to statements from July released this weekend, intelligence officials told members of the Senate Intelligence Committee that there's no need for them to approach courts before requesting a tech company help willfully -- though they can always resort to obtaining a Foreign Intelligence Surveillance Court order if the company refuses. The documents show officials testified they had never needed to obtain such an FISC order, though they declined to tell the committee whether they had "ever asked a company to add an encryption backdoor," per ZDNet. Other reporting has suggested the FISC has the power to authorize government personnel to compel such technical assistance without even notifying the FISC of what exactly is required. Section 702 of the Foreign Intelligence Surveillance Act gives authorities additional powers to compel service providers to build backdoors into their products.

They are correct

And companies don't need a court order to ignore them.

Re:They are correct

Yeah, until wikileaks releases said documents and your company goes under. Too much risk involved and the government doesn't exactly offer protection from such cases. The risks involved is higher than the government ruining your prospects, because now your reputation is tarnished forever, just like Blackberry. These government officials no longer hold the sway as they used too pre-2010. Threats of ruining your business now results in these people closing up shop and the government ends up with absolutely nothing, other than stifling innovation and security in the process. This approach is no longer viable.

Re:They are correct

[Opportunist]

And governments as well as corporations abroad have even more.

You can now choose between pissing off about 5% of your market share or 95% of your market share when it comes out that you bent over and sold the 95% out to the 5%.

Why would they need a court order

[FrankHaynes]

when heavy-handed coercion will do the trick every time?

Buy Chinese

[PPH]

They may be spying on you as well. But they won't be using what they get for any parallel construction.

Re:Buy Chinese

[DNS-and-BIND]

Yeah, this is why the intelligence community always freaks out about Chinese backdoors and such. This is their turf! Only they can spy on us!

Unless your job is handling classified material, then you have nothing to fear from the Chinese government going through every bit of data you ever generate. They literally have no way to harm you. On the other hand, the US government has not only the means but the motivation to harm you.

I remember some .ru email service was being promoted on Slashdot, and people were shouting, "It's bugged by the KGB, don't use it!" Like, who cares? They're not going to care one whit about my life. The same with Kapersky anti-virus.

Re:Why should we expect open source to be any bett

[Excelcia]

Some code hasn't been looked at in a long time. Correct. There could be back doors. Correct. There could be vulnerabilities (intentional or not). Correct.

Every software project, open source included, will have vulnerabilities discovered. There will be scares and exploits of open source like any other software. But yes, you can expect open source to be better. Because:

1) Very few major open source projects have any contributions that occur in a vacuum. Multiple eyes see every patch and for the most part, those multiple eyes are most often from people in multiple organizations with multiple day jobs and multiple personal goals/agendas. Aligning enough people's agendas to get a back door in would be difficult for any major open source project. Intentional vulnerabilities would be easier, but still not trivial. This isn't 20 years ago, people actively look at each patch with an eye towards whether it is introducing a vulnerability. This model is diametrically opposite of any closed source offering, where contributions are by one organization and at the sole control of whomever holds the purse strings.

2) If a vulnerability is suspected anywhere, you (and literally everyone else on the planet) have the option and ability to examine the source at any time. When you do want to investigate any particular piece of open source software, you don't need to decompile or reverse engineer something to do it. You don't have to fight the software in order to test it.

There have been (and will continue to be) vulnerabilities exposed from older open source code written when there was less oversight and less strenuous security testing, but if you want to compare this to the number of exploits (and in some cases intentional back doors) that have come to light in, say, Windows, from ancient code that has thunked it's way down from Windows 3.1, the score isn't even close. And it's not like Microsoft is performing strenuous reviews of their old code - these vulnerabilities have come to light often only from outside researchers performing painstaking and arduous external testing and reverse engineering.

So while you are correct in that open source will never be free of bugs or exploits - it's still written by people, as much as the nut jobs still decry that hard AI is just around the corner. But yes, in this it is just plain better than closed source.

Re:Cannot choose the government

[thomst]

SuperKendall blathered:

You can choose politicians, but by and large the party division is a sham and the "real" government marches on regardless. Witness how many federal government departments shut down under Trump: 0

What utter, driveling bullTrump.

Republicans are trying to impose tax "reform" that will benefit the rich and giant corporations at the expense of the poor and middle-class, and small businesses. Every Democrat in the Senate voted against their version, and almost every Democrat in the House voted against their even worse version. The Republican-led FCC is hellbent on repealing the net neutrality rules the Democrat-led version enacted. The Republican president is about to move the U.S. consulate in Israel from Tel Aviv to Jerusalem, which will further inflame anti-U.S. tensions in the region (and is guaranteed to spark a global wave of new terror attacks against U.S. citizens, as well as increase the number of fresh recruits for Daesh, et alia). The Republican-dominated Supreme Court has struck down every attempt Congress has made at campaign finance reform, and has granted corporations free reign to spend as much money as they choose to influence U.S. elections. The Republican head of the Department of Justice is determined to revive the incredibly wasteful and counterproductive "war on drugs" at the exact time that the de-criminalization/legalization of marijuana has gained majority support among voters of both parties. The Republican-led EPA is doing everything in its power to roll back the Clean Air and Clean Water acts (that were enacted under a Republican president).

The list just goes on and on.

"There's no difference between the two major parties" is an outright, boldfaced lie perpetrated by Republican spinmeisters in what has been a remarkably successful, concerted, long-term campaign to persuade prospective Democratic voters to stay away from the polls - while the Republican base reliably turns out to vote against its own best interests (because "conservative values").

Benjamin Disreali noted, "There are three kinds of lie: lies, damned lies, and statistics." Well, "there's no difference between the two major parties," is a damned lie - and you are a damned liar ...

Re:Cannot choose the government

[SuperKendall]

Republicans are trying to impose tax "reform" that will... ...change almost nothing in reality.

You claim to be Woke, but you have yet to Wake.