US Says It Doesn't Need a Court Order To Ask Tech Companies To Build Encryption Backdoors

schwit1 shares a report from Gizmodo: According to statements from July released this weekend, intelligence officials told members of the Senate Intelligence Committee that there's no need for them to approach courts before requesting a tech company help willfully -- though they can always resort to obtaining a Foreign Intelligence Surveillance Court order if the company refuses. The documents show officials testified they had never needed to obtain such an FISC order, though they declined to tell the committee whether they had "ever asked a company to add an encryption backdoor," per ZDNet. Other reporting has suggested the FISC has the power to authorize government personnel to compel such technical assistance without even notifying the FISC of what exactly is required. Section 702 of the Foreign Intelligence Surveillance Act gives authorities additional powers to compel service providers to build backdoors into their products.

boil it down

[TheGratefulNet]

its boils down to:

"I want this. give it to me!"
"why? you have shown you can't be trusted with this. and, math also says its not possible."
"I don't care. I'll force you if you don't volunteer."
"looks like you want a fight. bring it."

and so on, and so on.

some companies will cave in, some will give the impression they are standing tall but actually do cave in. MAYBE there are actual companies that have enough power to say 'no' to the various governments, but I kind of doubt it.

its sad to see the schoolyard bully - who has a power complex - unwilling to give in. every few weeks or so, we have another story about how some official wants to have access to ALL your shit and he will simply stomp his feet, cry and whine until he gets it.

its a tiring process and such a waste of time and energy. and yet, here we are, revisiting this issue yet another time.

Re:boil it down

[rtb61]

Too which the response is, "fine, if I can't have it than, fuck you, you can't have it either". You do that by shifting the encryption coding bit to FOSS, as a network add on and they can try to stick the back door in free open source code, which you can locally compile and then add to you software than lacks a network connection module. The encrypted network connection module can be served up by anyone and if they really need to hack your computer, they can hand you a national security letter and demand you hack yourself or just fucking apply for a search warrant and get busy with cameras and wires and people in the field, no 'bullshit control freak spy a thon for you' more specifically them. There was a time due to US regulation I had to download 128 bit encryption from the internet and install it myself, so, so hard, to do it again, in fact the US government drove FOSS encryption.

Re:boil it down

[TheRaven64]

Bruce Schneier's book, Applied Cryptography, showed precisely how stupid these export restrictions were. They didn't limit algorithms, they limited key length. You could export RSA with short keys, but not with longer ones. His book had source code for them where the algorithms were compile-time constants. If you typed them in as-is, the resulting code was export-legal. If you changed a 128 to a 1024 (or whatever - I forget the exact allowed vs not-allowed numbers), it wasn't. Because of this, it was completely legal to ship the book anywhere in the world, and anyone in a country where it wasn't allowed simply had to change a constant when they typed in the code.