Senator Asks FBI Director To Justify His 'Ill-Informed' Policy Proposal For Encryption

In a speech earlier this month, FBI Director Christopher Wray said the inability of law enforcement authorities to access data from electronic devices due to powerful encryption is an "urgent public safety issue." He proposed that Silicon Valley companies should add a backdoor to their encryption so that they could both "provide data security and permit lawful access with a court order." One person is not amused by Wray's proposal. Senator Ron Wyden criticized Wray on Thursday for not consulting him before going public with the proposal for encryption. Wyden said today, via Gizmodo: Your stated position parrots the same debunked arguments espoused by your predecessors, all of whom ignored the widespread and vocal consensus of cryptographers. For years, these experts have repeatedly stated that what you are asking for is not, in fact, possible. Building secure software is extremely difficult, and vulnerabilities are often introduced inadvertently in the design process. Eliminating these vulnerabilities is a mammoth task, and experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely.

[...] I would like to learn more about how you arrived at and justify this ill-informed policy proposal. Please provide me with a list of the cryptographers with whom you've personally discussed this topic since our July 2017 meeting and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity. Please provide this information by February 23, 2018.

Before anyone blames KKKonervative$

[mi]

I'll just leave this here.

The problem is not at all new, and the Senator is right to allude to the Lawman's predecessors.

Re:Before anyone blames KKKonervative$

[Gaxx]

Yes - both parties have been pretty bad on the issue. Nice to see that _someone_ is taking it seriously and listening to the experts, though :)

Re:Before anyone blames KKKonervative$

ROTFLMAO!!!!

AL GORE and BILL CLINTON were both ***HUGE*** supporters of CLIPPER! I remember GORE going to Oprah and stating that CLIPPER will STOP MOLESTERS and SATANISTS (remember that Satanists were a ****big deal**** and a moral panic in the late 90's. CLIPPER would STOP THEM).

Speaking of Supported Deception, do you know what they renamed Clipper after it was "shut down" in 1996?

Meltdown.

Re:Before anyone blames KKKonervative$

[Rick+Schumann]

As I just said to someone else: sadly typical law-enforcement type: obsessed with control, doesn't want silliness like 'civil rights', 'human rights', or 'common sense' getting in the way of controlling everything 24/7/365.

Re:Before anyone blames KKKonervative$

[BronsCon]

Laws do make reality happen; the math you're referring to is documented as... mathematical law. Of course, when two laws are in conflict, only one of them can make reality and, well, some laws (mathematical laws in this case) fare a bit better in that respect.

That is, laws the universe writes will always trump laws we write. Which, if I may venture off-topic briefly (I'll bring it back home, don't worry), is why gun control laws don't work; the universe has already dictated that, as long as they exist and/or the knowledge required to produce them exists, people who shouldn't have them will find ways to get them. Since there's no way the US military is going to give up their guns, we'll always have guns in the US; and even if I'm wrong and they were willing to give up their guns, we'd need every person in every country in the world who owns a gun or the tools and information required to make them to allow all of that to be destroyed AND anyone with that knowledge to sacrifice themselves -- then guns would no longer exist and gun crimes would go away. The universe has decreed it.

Just as the universe has decreed that no mathematically sound encryption can have a workable backdoor.

Re:Before anyone blames KKKonervative$

[DaMattster]

As I just said to someone else: sadly typical law-enforcement type: obsessed with control, doesn't want silliness like 'civil rights', 'human rights', or 'common sense' getting in the way of controlling everything 24/7/365.

Well said, sir! I could not agree more.

Re:Before anyone blames KKKonervative$

[Rakarra]

I remember GORE going to Oprah and stating that CLIPPER will STOP MOLESTERS and SATANISTS (remember that Satanists were a ****big deal**** and a moral panic in the late 90's. CLIPPER would STOP THEM).

Well I haven't heard much about ritual satanic abuse recently, so it looks like Clipper caught the abusers. Who's laughing now??

Re:Before anyone blames KKKonervative$

[HornWumpus]

Making a third copy of a one time use pad and giving it to the cops is workable encryption with a workable backdoor (it's as secure as the pads are).

But fuck the feds with a rusty pipe anyhow. Even if it's possible, it's not a good outcome.

Re:Before anyone blames KKKonervative$

[Rick+Schumann]

To be fair, I should also say: Not all law enforcement types are like this, it's just what's (sadly) typical of the breed. It's not that being in law enforcement creates this type of person, it's that it attracts this type of person. They try to screen them out, but they have a way of hiding their natural tendencies.

Re:Before anyone blames KKKonervative$

[HiThere]

Sorry, but I *will* blame those folks currently calling themselves conservatives. (I deny that they have any right to that name.) This doesn't either mean or imply that they are alone in this evil idiocy. As you point out, they aren't. But that doesn't let them off the hook for complicit behavior. One can point to an entire series of control freaks of both the left and the right (mainly the right, even in leftist controlled administrations, but definitely not solely of the right).

Read "The Authoritarian Personality". It's short and easy to understand. Also be willing to acknowledge that, e.g., Stalin was a right wing dictator, not a left wing one. (Lenin, however, was probably actually a left wing dictator. Note they stylistic differences between them.)

Another problem, of course, is that "right wing" and "left wing" are blatant oversimplifications. You get both authoritarians and anarchists on both sides. You even get humanitarians on both sides. And they not only have fuzzy boundaries, there's no commonly agreed upon definition. At one point the terms referred to which side of the aisle they sat on in the French legislature, but since then the meaning has become increasingly both fuzzy *and* ill-defined. E.g., how do you classify Mao Tse Tung, and why? What about Pot Pol? Queen Elizabeth II?

Re:Before anyone blames KKKonervative$

[BronsCon]

That works for one specific type of encryption. In fact, it works for a (relatively speaking) somewhat uncommon type of encryption; we don't have a good way to securely distribute pads to a large number of entities we might want to securely communicate with so, for example, SSL and TLS (think HTTPS) don't use one time pads. For the types of encryption commonly used by the vast majority of the population on a daily basis, whether or not they're even aware they're using it, it simply is not mathematically possible to both be secure and backdoored.

While you probably sent encoded messages to friends using OTP in middle school or high school, spies almost certainly use OTP to decode broadcast messages, and the keyfob that unlocks your car might be using OTP (but if it's more recent it probably uses a challenge-response model), your disk encryption isn't using OTP, your browser isn't using OTP, your bank isn't using OTP, basically nothing you touch on a daily basis uses a one time pad, mostly because it's not a workable solution for those types of communication. The feds want access to all encrypted data, not just that small subset where OTP is a workable solution.

Re:Before anyone blames KKKonervative$

[mvdwege]

The nice thing about deploying a 'tu quoque' fallacy? You have just admitted your side is wrong.

Re:Before anyone blames KKKonervative$

[Blymie]

Also -- many of such obsessive types MEAN WELL. They see short term, not long term, and it PAINS them that those that they know are guilty, might get off. Even for a second. Their risk assessments are also way out of wack, seeing small issues as MAJOR HOLY HELL! issues, where the entire planet will explode because one person got away.

In such a scenario, tossing the bill of rights, ignoring or destroying individual rights is 100% secondary to the fact that someone GOT AWAY WITH IT! In their mind, they're helping... because the system is utterly and completely broken if even one person gets away stealing a cookie crumb.

Lots of exaggeration above, but the personality type is valid.

Interestingly, I've heard that cops which have served in the military, and seen first hand what a dictatorship can be like -- often forge a different opinion on rights...

Re:Before anyone blames KKKonervative$

[pnutjam]

Wow, you are so insightful.

Tell me please, how does one gun compare to an army? Is it useful against them? How many can you hurt before it is neutralized?

Now let's imagine a backdoor or "Master key". How many times can this be used before it is neutralized? How useful is it to one person against many?

Do you see the flaw in your argument, or are you too full on NRA kool-aid.

Re:Before anyone blames KKKonervative$

[HornWumpus]

I was addressing this: the universe has decreed that no mathematically sound encryption can have a workable backdoor

Not true, but not relevant.

Pads are ancient 'strong encryption'. They existed at the time the constitution was written. Fuck the feds.

Re:Before anyone blames KKKonervative$

[Rick+Schumann]

Well, you know what they say: nothing more dangerous than a 'true believer'.
It's often the case that people who know in their heart-of-hearts that they're 100% right who commit the worst atrocities, cause the most damage.

Re:Before anyone blames KKKonervative$

[BronsCon]

Despite the fact that you're attacking a point I wasn't making, I'll reply.

how does one gun compare to an army? Is it useful against them? How many can you hurt before it is neutralized?

In a world where guns exist, there will be more than one gun available to use against an army; in a world where guns don't exist, your question is irrelevant. However, in your hypothetical world where only one gun exists, it would presumably be quite effective against an army, what with them not having guns and all.

Now let's imagine a backdoor or "Master key". How many times can this be used before it is neutralized? How useful is it to one person against many?

As useful as a gun in the hands of a mass shooter in a sea of unarmed victims. They'll just keep using it until someone with a better arsenal comes along and stops them. We've seen it time and again with all sort of weaponry (not just guns, though we've seen a lot more of that recently) -- even trucks -- what makes you think a master key would be any different? Back on the subject of my point, though, mathematics dictates that such a master key simply cannot exist; that solves the master key debate the very same way guns not existing would solve the gun debate. Decisively.

Do you see the flaw in your argument, or are you too full on NRA kool-aid.

You simply missed the point. As for that NRA kool-aid, it's actually supplied by the CDC. Firearms laws simply are not effective, because universal law dictates that people who are willing to break laws are willing to break laws. Except, of course, for universal laws; we haven't quite figured out how to get around those yet. Wake me up when we do.

Re:Before anyone blames KKKonervative$

[BronsCon]

It's not really a back door if you give someone else the key, now, is it? But we'll go with that for a moment, anyway... If you really want to be pedantic, yes, I painted too broad of a stroke, so let me rephrase: no mathematically sound encryption suitable for the vast majority of use cases can have a workable backdoor.

I've already qualified that statement in a prior post and you did not attack those points, so I'll assume we're on the same page now.

Re:Before anyone blames KKKonervative$

[bluefoxlucid]

Mathematical law is just observational documentation. You have no authority over reality.

Re:Before anyone blames KKKonervative$

[BronsCon]

Mathematical law is just observational documentation.

So if the documentation were written differently, that would alter reality?

You have no authority over reality.

I never claimed to; in fact, that was basically my point when I said "laws the universe writes will always trump laws we write".

You're looking for an argument where there really isn't one to be had.

Re:Before anyone blames KKKonervative$

[BronsCon]

Indeed. And black-market guns will still be illegally sold regardless of the restrictions placed on legal sales. That's not an argument, I'm fairly certain you get that; I'm just pointing it out for those who don't.

Re:Before anyone blames KKKonervative$

[bluefoxlucid]

I just don't like the statement that laws make reality happen. It's a fallacy of equivocation: you have legislative rules (law) and statements of relations or sequences of phenomena invariable under the same conditions (scientific principles). I'm kind of a pedant; to be fair, I'm kind of serious about solving problems, so I need to have a proper understanding of those problems. Pedantry helps.

I'm a politician. That means I've become aware of stupid shit politicians have said throughout history. Watch out for this one:

But the law of supply and demand is an economic law, and every economic law is man-made, and what is made by man can be altered by man.

Economic law, like mathematical law, is the observation of outcomes in a given state. People economize: they seek to achieve the most-ends for the expense of least-means. They make decisions based on their knowledge and understanding of what will achieve this (rational behavior), and are affected by placing value (valuation) on short- versus long-term gains. You can change the state, but not the laws of economics; you can only change your understanding of such laws.

Politicians in various nations have argued, at various points, that the laws of economics are mutable: that we don't need to learn a new thing about economic behaviors, but rather that economic behaviors are inconvenient and so we can and should dictate that they change. It's absurd.

Your gun control argument is actually an economic argument (behavioral economics), and a rational argument around such involves the limits of changing behaviors. We have good gun control laws in this country, and we fail to implement them properly. Background checks don't always work because states don't propagate background check information, and don't always enforce waiting periods and background checks (gun show loophole, etc.). Nobody really believes anyone should be able to walk into a super market, grab a gun, drop some cash, and leave; although some people do believe the police should raid every home and take every gun, because they don't understand the economic behaviors of crime, and so they think they can just legislate that people won't get guns. People debate around the fuzzy bit in the middle a lot.

They debate too much, in fact.

Gun control does its job, and what we see is only a deficiency, not a failure: correcting the system or "getting better gun control" won't remediate the vast majority of the remaining problem. We also need criminal justice reform to cut back the recidivism rate and, thus, the crime rate by refactoring criminals into well-adjusted citizens through humane treatment and integration into the community during their entire incarceration. We need sensible drug laws to reduce the number of criminal black markets created around harmless intoxicants that shouldn't even be illegal, to treat people for addiction from beginning to end, and to ensure people struck by such addiction or brought to abuse by mental health issues get the treatment they need and can integrate into the workforce instead of becoming the hopeless outcast who must turn to crime.

A single solution will never work. Gun control merely makes it more-difficult to obtain a firearm in short order (raises cost), requiring a higher value on firearms. Defuse the criminal element and you lower that value, which means you can move most criminal gun acquisition motive below the cost of criminal gun acquisition. You cannot move the cost of criminal gun acquisition high enough to diminish the motive very much, because criminal behavior quickly builds up severe consequences on par with that cost, while the gun is still valuable in that criminal context. You have to devalue criminal gun acquisition.

It also acts as a barrier to crimes of passion and suicide attempts. That's pretty much the only big win of gun control on its own.

This kind of thing happens when you have big

Re:Before anyone blames KKKonervative$

[BronsCon]

If you were running in California, you'd probably get my vote. Just saying.

Re:Before anyone blames KKKonervative$

[jd]

It wasn't Clipper that did it, it was Clippy. Microsoft's electronic assistant. "I see you are trying to open a goat." There was only so much of it a Satanist could take.

Re:Before anyone blames KKKonervative$

[bluefoxlucid]

Ha, and here I thought I was talking too much. ;)

You can always contribute to my campaign. The average congressional challenger spends $3M, but I'm using more modern digital marketing and think I can do it in $100k. We also think my opponent is retiring, so the bar is lower without an incumbent in the game.

My core platform is anti-poverty, healthcare, and fiscal responsibility. Criminal justice reform and ending identity theft are things that turned out to be easy, and so got drawn in shortly after I started. Criminal justice reform is going to be big, though—almost as big as healthcare and the Dividend, in terms of changing the landscape of America. Our rate of incarceration is legendary, and recidivism is unbelievable; and I'm going to use every incentive possible to turn that around to match the nation with the lowest rate of either: Norway.

The guns will still be a problem, but not nearly as much without so many people running around trying to shoot other people.

Re:Before anyone blames KKKonervative$

[BronsCon]

The guns will still be a problem, but not nearly as much without so many people running around trying to shoot other people.

This is where you've got me, mainly. You seem to recognize that guns serve to exacerbate a greater underlying problem and that, even absent guns, that problem will still exist and guns would simply be replaced by another tool -- trucks or bombs, for example. If you've got a plan to work out and solve (or even relive slightly, any improvement is positive) the social issues that make people want to shoot each other in the first place, I'll certainly scrape together what I can, though it won't likely be much at the moment.

Re:Before anyone blames KKKonervative$

[CrashNBrn]

Who's laughing now??
Broken Alice.

Re:Before anyone blames KKKonervative$

[pnutjam]

Your so blinded by your pro-gun agenda you totally missed my point. Gun control, taking one gun out of circulation, is a low bar for success. Guns are addressed individually and controlling some is better then controlling none, even if it's impossible to control all.

Master encryption keys, or backdoors are totally different. By that, I mean that only one is needed. Once that one is out, it can be copied, or used surreptitiously millions of times. Taking on copy away, does nothing to prevent other copies from existing. As a digital object, it can be replicated instantly, hidden easily, transported quickly and silently. None of this is true for guns.

Re:Before anyone blames KKKonervative$

[bluefoxlucid]

Eh five bucks helps. Five hundred helps more, but hey, if a thousand people gave me five bucks a month, that's five thousand dollars every month. I need $100k to win this; it's winnable by hope and luck at $36k.

Send your friends my way ;)

And yeah, it's possible to reduce the problem by solving or reducing other social problems. I have a background in computer information security, and an appreciation of layered approaches comes with the territory.

Re:Before anyone blames KKKonervative$

[BronsCon]

Once that one is out, it can be copied, or used surreptitiously millions of times.

So you're saying that you can can make multiple copies of the same key, much like you can make multiple of the same model of gun; then, you can put those copies of that key in the hands of multiple people, just like you can do with a gun? And that key can be used many times, just as a gun can fire many bullets? You know, with a CNC lathe, a milling machine, and some basic measurement tools, I actually can copy my 1911. But ,really, here's the thing about guns: they don't kill people. People do. Absent guns, they use trucks and bombs; hell, they'll use knives, spoons, feet, fists, water, pills, and basically anything else they can find to kill each other. Controlling guns doesn't solve that, but solving the larger underlying societal issues that actually make people want to kill each other en masse would actually be an improvement.

We don't need guns to be replicated instantly, we already have an insane number of guns, they can certainly be hidden easily (find the gun in my home; it's there, I promise), and I transport it right alongside my encrypted data (and the keys to decrypt it) with it making nary a sound. Tools to look for encryption keys do, in fact, exist; they're fully automated and work just as fast as a disk or datastream can be read. How do you hide your keys in that world? Behind more encryption. How do you hide those keys? Well, quite often, those ultimately end up hidden by a password (which itself becomes part of a key) and your average password is less than 32 characters (that's only 256 bits, and from a smaller pool of bytes -- effectively, it's closer to 101 bits, give or take a handful, when you account for that) and can be cracked in minutes on a modern system. Even systems like the iPhone, which limit the number of attempts before the keystore is cleared, can be worked around by making a copy of the keystore -- we've even seen this done, it's not just theoretical. Guns and keys (physical keys, that is) aren't really all that different from each other, excepting that one can fire bullets and the other, typically, cannot; acknowledging the fact that you can reproduce encryption keys without using a tiny sliver of metal, physical keys and encryption keys really aren't that much different form each other, either. They can both be copied, hidden, and transported (both quickly and silently), just like a gun. That you think there's a whole world of difference tells me you're quite ignorant of guns, or that you hold them up as some mystic object that only a holy few can create or wield. No, they're an everyday common, easily replicated object, just like your house keys, car keys, and encryption keys.

I'm not exactly what you'd call a pro-gun advocate, I just happen to also not be anti-gun. I agree that certain people shouldn't be allowed to have guns; those people also shouldn't have swords, knives, trucks, bombs, rope, chemistry sets, or (if we're being realistic about the things you can actually kill someone with) spoons. In fact, we have a place for those people, it's called prison, and if we can't trust someone not to harm others that's where they belong. Truth is, we need to lock up violent offenders until they're reformed (which not all people can be), but we need to overhaul our prison system, first, to actually serve that purpose. If we can trust someone to walk among us without wanting to kill us, we can trust them with a gun; if we can't, we shouldn't let them do either.

But, again, all of this is in response to your attack on a point I wasn't even making.

Re:Before anyone blames KKKonervative$

[BronsCon]

Ever consider streaming on Twitch? They have an IRL category, where political debate and discourse would be appropriate. Imagine being the candidate funded entirely by Twitch subscriptions and donations.

Okay, now that you've stopped laughing, I'm being half serious -- it's a platform, completely free, where you can interact with voters and spread word of what you'll do for us if elected. I certainly wouldn't use it as my only venue, but you can capture a lot of the younger vote (which includes the 30-something manchildren who watch this guy 8 hours a day, 5 days a week) and actually engage your potential constituents. It would give you a great way to answer peoples' questions about your positions on various topics and immediately gauge community response and possibly adjust your own views to better align with what the people want; that's something that many of us feel is sorely lacking in the current government. It would also make it much easier for your supporters to spread the word, as they could just pass around https://www.twitch.tv/bluefoxl... and give people access to all of your past debates (broadcast on Twitch) and links to whatever resources you choose to place on your profile page.

And yes, I'm being at least semi-serious here. I've seen you campaigning on Slashdot for quite some time and, honestly, Twitch is just a better platform for it IMO.

Re:Before anyone blames KKKonervative$

[bluefoxlucid]

I actually spend a lot more time on Facebook and wandering around knocking doors or talking to people at clubs. I've been on Twitch too.

Re:Before anyone blames KKKonervative$

[pnutjam]

There are plenty of people who shouldn't have guns but don't need to be in prison, despite your wall of text.
If you don't see the difference between copying a record and an mp3, a gun and an encryption key; I can't help you.

I'm certainly not the first person to tell you this, and I probably won't be the last you ignore, but your brain isn't working right.

Re:Before anyone blames KKKonervative$

[BronsCon]

Meh, it's working right enough that I don't go around committing felonies, haven't killed anyone, and I manage to keep the bills paid, a roof over my head, and food on the table. Judging by the fact that I get frequent invites to events and people at those events go out of there way to start conversations with me, I'd say I'm generally liked by people who've taken the time to get to know me, rather than judging me based on my disagreeing with them (and agreeing with the CDC and mental health communities) regarding gun control.

I have a somewhat extensive record collection, mind you; I've copied all of them. Not to MP3, but 24-bit 192KHz WAV (later to FLAC), but from there the concept is more or less the same. You quickly learn that, while a digital storage is a lot cheaper than vinyl, it still ain't free. It's also not quite as instantaneous as you seem to imply. Many times faster than the original copy from vinyl, yes, but neither instant nor infinite. That is to say, the constraints are different but they certainly do still exist.

There are a different set of constraints, still, on copying a gun; we'll both agree, I'm sure, that the constraints on copying an encryption key are much more forgiving, but they're really not that different. You still need the original, the raw materials (metal for the gun, storage for the key), the equipment, and the time. You also still need some way to distribute the finished product, don't forget. Yes, many more people have the raw materials and equipment to copy an encryption key; but that ability is still constrained. If it weren't I could distribute a key to every electronic device in the world simultaneously, in the same instant. I can't, though... can I?

Is my brain so broken that I'm missing an obvious way to do that? Or is yours so broken that you don't understand that this is, just as with copying a gun, or a house key, or an MP3, or a record, a constrained operation? If you answer "yes" to the first question, you'll be expected to explain, in great detail, the obvious thing that I have missed, of course.

Re:Before anyone blames KKKonervative$

[pnutjam]

You can't distribute a key to every electronic device, because you don't have one. You could if there was a backdoor or "master" key.

My entire point is this:
master key / backdoor = BAD
gun control = not BAD

Effectiveness may vary, but the two are not comparable. They are apples and pinecones. I'm just irritated that your dragging your tired NRA trope in here.

Re:Before anyone blames KKKonervative$

[BronsCon]

You can't distribute a key to every electronic device, because you don't have one. You could if there was a backdoor or "master" key.

How? How could I distribute a key to every device? Note that I don't mean "distribute a key that will unlock every device" but, rather "distribute to every device a key which I happen to posses". Not only can I not possibly do that; even if I could I could not do so in an instant and you've failed both to understand the question and to show that I'm wrong.

My entire point is this:
master key / backdoor = BAD
gun control = not BAD

Ah there's the disconnect, you're comparing master keys to gun control but talking about master key vs guns. You're also talking in terms of good vs bad where I'm speaking in terms of possible vs impossible. A lot of things that are bad are possible, a point on which I'm certain we both agree, while a lot that would be good are impossible; a completely different point, of course. master keys = bad (and impossible) and gun control = not bad (though also not a solution to the problem of people killing each other -- care to address that point from a few posts back?)

You know, now that you've made your thought patterns a bit more clear, I agree with that point; it just has nothing to do with the point I was making. So, again, all of this is in response to your attack on a point I wasn't even making.

I'm just irritated that your dragging your tired NRA trope in here.

It's neither tired nor an NRA trope. It's actual findings of the CDC, from a study ordered by former Predident Obama when he was seeking a reason to enact tighter gun laws. It didn't get widespread media coverage because it didn't show what Obama had hoped it would. Go ahead, though, disagree with science and statistics; it's what your kind is good at. I linked to the actual report earlier in this thread. Don't be a lazy ignorant fuck, actually go read it.

Re:Before anyone blames KKKonervative$

[david_thornley]

Do you have an actual point, or are you merely saying that this stupidity isn't new?

Re:Before anyone blames KKKonervative$

[david_thornley]

There are very few countries without armies. (IIRC, Luxembourg has a treaty with Belgium instead of its own army.) Yet other countries manage to have a lot fewer privately held guns and a lot less gun violence than we have.

Re:Before anyone blames KKKonervative$

[BronsCon]

You realize that there are other countries with fewer guns than us and more gun violence, as well, right? The guns aren't the problem; people wanting to kill each other in the first place is the problem. The CDC agrees, it would seem.

In summary, the Task Force found insufficient evidence to determine the effectiveness of any of the firearms laws reviewed for preventing violence.

Even in France, where private gun ownership is nearly nonexistent, well... sure they have a lot less gun violence. They just use trucks, instead.

But even if that weren't the case -- even if reducing the number of guns in circulation would reduce the rate of violent crime (nice strawman limiting it to gun crime, by the way) or suicide -- good luck disarming the gun nuts in this country.

And why is it that you people always point out the obvious "no guns = no gun violence" as though it actually means anything, while ignoring that "no guns != less violence"? The studies have been done, it is proven, there are just too many ways to harm or kill someone and removing guns doesn't remove the violence, it just results in other tools being used instead.

Solve the social issues that lead to people blowing each other up and driving over each other with trucks -- those are the same problems that cause them to shoot each other. While you're at it, leave me the hell alone if I want to make loud noises while putting holes in paper on my own property or at a licensed range; it's not affecting you in the slightest.

Re:Before anyone blames KKKonervative$

[pnutjam]

For the purposes of this conversation:
BAD = not possible, stupid idea
not BAD = possible

Gun control in increments changes things. Digital control in increments is the same a no control. You can have 1 bad gun, 100 bad guns, or 1000 bad guns and get very different results.
1 loose encryption key is the same as 1000. Even something as simple as a digital picture, once it's out, it's out. Deleting it does not remove anything from circulation. Destroying one gun, removes it from circulation.
I'm no gun control fanatic, but assholes like you are shitting in the punch bowl when grownups are trying to make hard decisions.
Personally, I won't own a hand gun and I'd lean toward heavy regulation on them, but I think long guns should be readily available.

FROM YOUR CDC REPORT

Evidence was insufficient to determine the effectiveness of any of these laws for the following reasons.

Further high-quality research is required to establish the relationship between firearms laws and violent outcomes. Potential areas for further investigation will be discussed in detail in an upcoming article in the American Journal of Preventive Medicine.

So.. I question whether you have read the report.

Re:Before anyone blames KKKonervative$

[BronsCon]

You can have 1 bad gun, 100 bad guns, or 1000 bad guns and get very different results.

While this is true, all gun control laws do is prevent the purchase of potentially not-bad guns. They don't curb theft of guns, nor do they do anything for black-market gun sales, and all of those are bad guns. We could make the sale or possession if a firearm illegal tomorrow and id wouldn't make a dent in black market gun sales. What it would do is keep guns out of the hands of law abiding citizens who might use them to protect themselves against someone who bought a gun illegally.

What you're missing is that someone bent on breaking the law isn't going to obey the law. Somebody robbing a liquor store for crack money doesn't care that they'll get extra time for the illegal gun they used in the robbery, they care about their next hit of crack. The only people who care about (and obey) gun laws are those of us whose intent it is to not break the law; and we really care about those laws when someone who doesn't care about them puts a gun to our head because we couldn't protect ourselves due to those laws.

How many different ends of a gun have you been on? There are two and I've been on both.

So.. I question whether you have read the report.

Given that every study they referenced in their research was hell-bent on proving that gun laws help, that reads more as "people set on proving gun laws work couldn't do it, so it's likely they don't". When you actually consider the logic behind it (law-abiding citizens who follow the rules will end up worse off than criminals who don't) it makes a lot of sense.

I've ended up on the wrong side of a gun twice as a result of not having one with which to defend myself; luckily, I've never been shot. That hasn't happened since I've owned one and been able to represent an equal or greater force. Further, I'm very close to law enforcement, at the local, state, and federal level, with federal agents (ICE) in my family, and good friends who are either retired or active-duty officers in various city, county, and state departments. Universally, they insist that gun crime would be lower if more law-abiding citizens were armed. Not a single one of them says otherwise.

And it makes perfect sense, really, if you put yourselves in a criminal's shoes for a moment. Seriously, put yourself in that mindset and think about it. You just bought a gun out of some guy's trunk in a dark alley for $500, you can intimidate literally anyone without a gun and maybe a handful of people with a gun; who do you target? Why would you take your chances with someone who might be armed when there's a gun free zone right around the corner you can take control of in an instant?

And that's why mass shootings always happen in gun free zones. It's literal real-life proof that gun laws (at least the ones we have today) make the situation worse; one good guy with a gun could have taken out the Pulse shooter in an instant. The cops? Yeah, they got there, heard shots being fired, and waited outside for hours before going in. Many more people died while the cops were there than before they arrived. One good guy with a gun could have ended it before they even showed up and with maybe only one or two dead (plus the perp) instead of 50 (and 58 injuries).

Get off your ass and go actually talk to people who deal with this shit on the front lines of reality sometime. You might learn a thing or two.

But try not to argue with the cop when he tells you you're wrong. I'm sure they'll find something to charge you with if you piss them off enough.

Re:Before anyone blames KKKonervative$

[BronsCon]

Even something as simple as a digital picture, once it's out, it's out. Deleting it does not remove anything from circulation. Destroying one gun, removes it from circulation.

I missed this the first time through. Here's the thing, though; in order to replace the deleted picture, whoever's copy was deleted would have to find someone else with a copy and make another copy; until then, their copy is out of circulation. When you destroy that gun, whoever owned it can just as well go buy another, legally or illegally; so, yes, they have one less gun in their possession until they do that, but that doesn't stop them from getting another. Just like with your digital picture, you have to get rid of all of them (and the means for making more) to remove them from circulation.

And you've clearly never thought "well it's on the internet, it will always be there" only to not be able to find something a year later. Digital content goes out of circulation all the damn time.

Re:Before anyone blames KKKonervative$

[pnutjam]

Digital content goes away, but often comes back because someone has it. It's not always circulating, but it's out there.

Re:Before anyone blames KKKonervative$

[pnutjam]

By this argument it's pointless to put locks on your door, criminals will just break in anyway. It's pointless to make murder illegal because then only criminals will kill people.

Why do these sorts of arguments only apply to gun laws?

Re: Before anyone blames KKKonervative$

[BronsCon]

Yes and more guns get made, as well. You seem to not understand this.

Re:Before anyone blames KKKonervative$

[BronsCon]

Those things aren't pointless, though, and it's disingenuous of you to imply that from what I said. Locking your doors raises the bar for committing the crime of breaking and entering; a whole class of potential criminal is, in fact, deterred by a locked door, while a whole other class will, in fact, break in anyway. There is no legitimate purpose for murder, so of course it is legal; guns have a legitimate (leisure) purpose and should be legal to purchase and use for those lawful purposes. Hell, the same actually does apply to killing someone (self defense against the threat of deadly force) but murder remains illegal because most jurisdictions don't call that specific type of killing "murder".

The same arguments apply across the board, you just have to consider all the facts when applying them. You seem to fail pretty hard at that.

For the record, most of the gun laws people have a problem with relate to the long guns you seem to think (by your own admission) should be readily available, because those are the guns most often used in mass shootings. If you think the police are gonna have your back against an armed gunman, remember that the security guard who ran off when he saw the Pulse shooter walking through the parking lot with a rifle was an off-duty cop and the cops stayed outside for hours until the shooting stopped before rushing in.

Re:Before anyone blames KKKonervative$

[pnutjam]

I don't have a problem with people having guns. I've owned guns, and sold guns. We need gun laws that raise the bar, just like locks on doors do.

Your wrong about mass shootings.
http://www.washingtonexaminer....

I'd much rather have someone walking around with a rifle on their back vs a handgun tucked in their pocket.

Re: Before anyone blames KKKonervative$

[pnutjam]

Your being obtuse.

Re:Before anyone blames KKKonervative$

[david_thornley]

You realize that there are other countries with fewer guns than us and more gun violence, as well, right?

If fewer guns does mean less violent crime, then what you're saying is that there are outliers.

The guns aren't the problem; people wanting to kill each other in the first place is the problem.

Not quite. Guns provide a quick and easy-to-use way to maim and kill. If someone gets into a momentary fit of rage, that does make a difference. Also, having a handy, easy-to-use, relatively painless method of suicide increases the number of suicides.

The CDC agrees [cdc.gov], it would seem.

Wasn't the CDC forbidden to study gun violence?

Even in France, where private gun ownership is nearly nonexistent, well... sure they have a lot less gun violence. They just use trucks, instead.

Do they use trucks like people in the US use guns, or was there just one or two high-profile cases?

"no guns != less violence"?

Not with the studies I've seen. It's hard to know what to trust

Re:Before anyone blames KKKonervative$

[Gr8Apes]

And you've clearly never thought "well it's on the internet, it will always be there" only to not be able to find something a year later. Digital content goes out of circulation all the damn time.

Thank goodness for that!

Re: Before anyone blames KKKonervative$

[BronsCon]

I don't have a being obtuse; but, what about it if I did?

Re:Before anyone blames KKKonervative$

[BronsCon]

We need gun laws that raise the bar, just like locks on doors do.

On this, we agree. I think, at least. The bar on criminals getting guns does need to be raised. Care to propose a way to do that? Because none of the current laws, and no law that has been proposed to date, can prevent a dark alley, out of some guy's trunk, gun sale. Those are already extremely illegal and, guess what: the criminals don't give a shit.

Your wrong about mass shootings.

Thanks for that article, definitely an interesting piece. Did you read the linked study? It's a bit hard to find (the link tin the article has been broken since 2014) and paywalled when you do find it, but here's a direct, non-paywalled link. It really does seem to agree with me re: gun control laws. If you haven't read it, you probably should. Also, regarding the "debunking" of the "myth" that right to carry laws deter mass shootings, note that they cite two studies: one that finds that they, in fact, do and one that finds no effect. That, of course, means that -- at worst -- the right to carry doesn't increase incidence of mass shootings and -- at best -- might, as I've said, have a positive effect. And, remember, you entered this study into the debate by referencing an article solely based on it.

Criminals already aren't allowed to buy guns legally; they buy stolen guns (illegal) or illegally imported guns (also illegal) instead of buying from an FFL dealer, so piling more laws onto FFL purchases won't help. In sane states, private party transfers must be done through an FFL dealer, as well, so that's not a legal loophole; that's certainly how it works in my state. The problem with background checks is that anyone who doesn't pass it is gonna go to a black market seller anyway and anyone who is buying a gun to commit a crime or commit suicide, but doesn't currently have a record or any history of mental illness, will pass that background check with no issues whatsoever. In other words, it doesn't catch soon-to-be first offenders and the people it does catch have other ways to get guns if they really want them. It also doesn't help that most states don't properly catalog the incidents that would trigger a NICS failure, so even many people who should be denied aren't.

For reference, I live in California, one of the most (if not the most) restrictive states when it comes to guns. Here's an interesting statistic for you: counties with a "shall issue" policy on concealed carry permits have lower gun violence rates than counties with a "may issue" policy in this state. I don't know how true that holds nationally, but it does seem to support my claim that criminals will go where they know their victims are less likely to be able to shoot back.

I'd much rather have someone walking around with a rifle on their back vs a handgun tucked in their pocket.

So would the criminal with the handgun tucked in his pocket. Or knife, for that matter. They'll know they can safely mug you once the guy with the rifle walks away. Of course, they could probably do it right in front of him, too, since most people who carry aren't going to risk liability to protect some stranger; which, of course, is why most people carry a gun more suited for self defense at a shorter range.

Re:Before anyone blames KKKonervative$

[BronsCon]

If fewer guns does mean less violent crime, then what you're saying is that there are outliers.

That's a big assumption you're making, there. Fewer guns means less gun crime, but violent crime rates have been shown, in study after study, to have no connection to gun crime. I mean, saying you can end gun crime if you get rid of guns is logically equivalent to saying you can end fistfights by getting rid of fists. Sure, it's technically true, but it's disingenuous at best. The overall crime rate (and the CDC did study on this, linked elsewhre in the discussion, this isn't just being pulled from my nether regions) isn't affected when guns are removed, so it's no longer gun crime, but it is still violent crime; similarly, people would still fight if they couldn't make fists, it just wouldn't be able to be called a fistfight.

Guns provide a quick and easy-to-use way to maim and kill.

So do knives. And spoons.

Also, having a handy, easy-to-use, relatively painless method of suicide increases the number of suicides.

You've spouted this in the past and, well, the CDC disagrees. They found that, in areas where guns were less prevalent, suicides involving guns were, as you would expect, less common, but that other methods increased in popularity to fill the void; the overall rate was not affected. See the study linked earlier in the discussion.

Wasn't the CDC forbidden to study gun violence?

Yes and no. They were forbidden to study gun violence directly, but they're allowed to dassess situations as they arise and, if one of the contributing factors may or may not be guns, they can explore that. That's a moot point, though; whether or not they were allowed to study the subject, they did and the report exists.

Do they use trucks like people in the US use guns, or was there just one or two high-profile cases?

There were 12 last year, though not all in France. While there were over 300 mass shootings in the US alone last year, keep in mind that a mass shooting is defined as 4 or more people being shot in a single incident; a raid on a drug house where shots are fired is likely to be deemed a mass shooting. We also don't count mass stabbings, but are you genuinely going to say there's no way you can reasonably stab 4 people in one incident?

Perhaps you'll point out that it's much easier to shoot 10, 20, or 50 people than it is to stab that many. Perhaps it is, let's see a study; and, if that's the case, perhaps we should raise the bar for what we consider a mass shooting to a number greater than (or, hell, even equal to) what someone with a knife or other weapon might be able to do.

I mean, if we're going to approach this with genuine interest in actually getting it right.

Not with the studies I've seen. It's hard to know what to trust

Read the CDC study; it's based on a large number of other studies, likely including all of the ones you've seen.

Re:Before anyone blames KKKonervative$

[BronsCon]

Except on Slashdot, where pnutjam's idiocy and logical fallacy will live on indefinitely. Mine, as well; but not in this thread.

Re:Before anyone blames KKKonervative$

[pnutjam]

Mandating background checks for private sales would probably help, but I don't like it.

It's not illegal to sell someone a gun from your trunk in a dark alley. It's probably stupid, why not meet in a well lit parking lot, like I did. Realistically, owning guns is not the problem, carrying them everywhere is the problem. A criminal who can't take his gun anywhere is not going to have a gun when he wants to threaten you.

Re: Before anyone blames KKKonervative$

[pnutjam]

You're being obtuse, and making me chuckle.

Re:Before anyone blames KKKonervative$

[BronsCon]

Mandating background checks for private sales would probably help, but I don't like it.

You're not too familiar with gun laws, are you?

It's not illegal to sell someone a gun from your trunk in a dark alley.

Actually, in a lot of places, it is. Come to California and perform such a sale in front of a cop. If you're lucky, the cop will step in and let you know you have to go through an FFL dealer for the transfer; if you're not, he'll watch the transaction go down and arrest everyone involved.

Here's a reference, so you can educate yourself. Many states require private transfers to be done through an FFL dealer (with a background check), many more require a specific type of ID (for which a background check is done); only 27 states allow private sales with no background check and, IMO, that number is too high.

Realistically, owning guns is not the problem, carrying them everywhere is the problem.

Sure, if you're a criminal looking for unarmed victims.

A criminal who can't take his gun anywhere is not going to have a gun when he wants to threaten you.

Criminals don't care about CCW permits, they'll damned well carry without one. Have you ever looked into how many CCW holders commit gun crimes? The number is damn near 0, while the number of gun crimes in this country is much higher. CCW holders are, by and far, not criminals -- think about it for just a second, you shouldn't meed much longer, only a complete and total idiot would register the fact that they're carrying before going and using that gun to commit a crime; and a complete and total idiot wouldn't be able to meet the requirements for a CCW permit in the first place.

Wait a minute... is there maybe a reason you think a criminal would apply for a permit to carry? I mean, given that only an idiot criminal would do that... that speaks volumes about you.

Re:Before anyone blames KKKonervative$

[pnutjam]

It doesn't matter whether the gun carrier is licensed or not. It's about the normalization of gun carrying. If a gun carrier stands out, they will self police. If gun carrying is normal, they won't. Criminals don't want to stand out.

California seems to be doing a pretty good job with their gun laws.
https://www.cdc.gov/nchs/pressroom/sosmap/firearm_mortality/firearm.htm

Re:Before anyone blames KKKonervative$

[BronsCon]

If a gun carrier stands out, they will self police.

I'm not a big guy by any means and I can conceal a full-size 1911 without imprinting. I don't stand out in any way when I carry.

California seems to be doing a pretty good job with their gun laws.

Indeed, we are; except for the bullshit that started in 2017, which your link really doesn't represent. I'd also like to point out that California also currently accounts for 10% of the 30 cities with the highest murder rates in the US (#9, #17, and #18) and that those are the cities with the most restrictive local gun laws in the state. Statistically, California should have a 60% chance of having even one city on that list; less, if weighted by per-capita incidence of gun violence, yet here we are making up 10% of that list.

Hell, in 2015, Oakland had the 5th highest murder rate in the US and placed #3 for gun crimes. Hell, Stockton was #14 for murder rate, to Indianapolis' #19 in 2015; Indianapolis was also #19 in gun crime that year.

An I'm not sure gun control should be a priority when, even in Indiana (where gun deaths per capita are nearly double California), the flu killed more people than guns in 2014 and 2015, the two years for which your source has that data. In fact, that seems to hold true everywhere in the US, Alaska being the exception. Maybe we should prioritize that?

Re:Before anyone blames KKKonervative$

[pnutjam]

I think we do prioritize that. When I talk about normalizing gun carrying, I'm talking about the results of getting seen or caught. Sure you can hide it, but criminals stop carrying when there are adverse results from getting caught with a gun. You can see that in other countries and jurisdictions with tight gun control.

I don't know where you get your 60% likely to be on that list number. California has 12% of the US population, more then any other state. Texas only has about 8%.

Re:Before anyone blames KKKonervative$

[BronsCon]

You can see that in other countries and jurisdictions with tight gun control.

Care to cite any examples?

Re:Before anyone blames KKKonervative$

[pnutjam]

How about the darling of NRA comparisons; Switzerland. They have no concealed carry and discourage storing guns ready to use. Ammunition is controlled and cowboys aren't strolling around with one in the pipe like all the CC dumb-asses I know.

Re:Before anyone blames KKKonervative$

[BronsCon]

How many of the CC dumbasses you know have shot themselves? Here's an interesting anecdote (well, a set of three and the plural of anecdote is data): I personally know three people who've accidentally discharged firearms and shot themselves; all three were cops. If there's anyone we want having guns, it's law enforcement; yet, despite knowing a handful more non-LEO CCW holders who carry daily than I know cops, every incident I know of (again personally, not just reading from some other source or hearing from so-and-so like you're doing right now as you read this, so I expect this to be taken with the requisite grain of salt -- especially as you've already made it clear you can't take me at my word) has involved a cop.

I can't speak for why that is; I can only be thankful that all three only shot themselves, and only in the leg, so they're all still with us today.

Getting back to Switzerland, though, have you considered that the controls on ammunition might play a larger role in that than the lack of concealed carry? After all, again, a criminal is going to carry regardless of the law and, well, if it's concealed, nobody is going to see it until they pull it out to use it.

If nobody around them is armed (and then seconds matter, the police are just minutes away), who the fuck is gonna stop them?

The ammunition restrictions, by the way, are the same as the gun restrictions and, honestly, I think they're fairly reasonable. Ammunition purchases are cataloged, just the same as gun purchases, and you can only buy ammunition for guns you own. That, right there, cuts down on illegal gun use; even if you manage to obtain a gun illegally, if you can't provide proof of legal ownership, you can't buy ammo. Maybe you own a .22 for plinking and illegally obtain a .45? Yeah, you can still go buy .22 ammo, but good luck getting your hands on any .45.

But we've been discussing gun control this whole time and well, it' is quite frankly too easy to illegally obtain a gun for gun control laws to work. If we controlled ammo the same way... well, once I'm done with this bullet, I can't resell it, it's done, it's used up, it's worthless; unlike a gun, that I can sell on the black market. That's why ammo control works and gun control does not. I'm all for ammo control, if that's what you want to argue for.

Besides, there are a number of guns I want to eventually buy just to hang on the wall, they'll never be fired, so I don't care if I can get ammo for them. Hell, as a precaution I'd likely remove the firing pins from any display pieces, anyway.

As for concealed carry in Switzerland, you're right, they don't have it. They do, however, have open carry, and with a number of legitimate purposes not even requiring a permit. You think open carry makes guns more or less visible? I mean, your argument is that the problem is carrying guns being seen as normal; open carry makes them more visible and, thus, more normal to be seen with.

I'd also like to point out, just as a single datapoint, that Solano County, a "may issue" county with an unusually high bar for obtaining a CCW permit, has a higher gun crime rate than its neighboring "shall issue" counties which only deny a permit if there are legal grounds for doing so. I'm sure if I looked at other counties in California, I'd see the same pattern; but I only care about Solano (where I live), Contra Costa (where I lived previously), and Napa (where I shoot most often). You're welcome to do your own study, if you'd like; the data is readily available.

Re:Before anyone blames KKKonervative$

[BronsCon]

ugh... I meant to link to this piece, regarding open carry in Switzerland but, apparently, flubbed the HTML.

Re:Before anyone blames KKKonervative$

[pnutjam]

I don't believe that ammo is actually restricted, only the ammo subsidized for range shooting and ammo given to soldiers.

Per my link and your wikipedia link, open carry is very restricted and you don't have to worry that the person carrying has a hot round in the chamber, which is all to common in the US, rifle or pistol. These guys had to explicitly tell their members not to keep a round chambered. That seems to indicate it's common, and I personally know it's common from interacting with the community.

Of the three counties you mentiond, Contra Costa seems to have the highest violent crime rate, per 1,000 citizens

Re:Before anyone blames KKKonervative$

[BronsCon]

and you don't have to worry that the person carrying has a hot round in the chamber

Because people always obey the law, 100% of the time, which is why gun control works. Right?

Of the three counties you mentiond, Contra Costa seems to have the highest violent crime rate, per 1,000 citizens

We're discussing guns, not violence; unless you're finally seeing my point that, absent guns, the violence would still occur. Try restricting your search to gun violence and see what that does to the results. I'll grant you may need to exclude Oakland (which has its own gun laws which are a fair bit more restrictive than the rest of the county) to see my point. In fact, ignore the other counties entirely and contrast Oakland against the rest of Contra Costa County.

Re:Before anyone blames KKKonervative$

[pnutjam]

I couldn't find a good reference for "gun" violence, care to share your source?
And no, people don't always follow the law, but having a law gives you recourse, no law means no recourse.

Re:Before anyone blames KKKonervative$

[BronsCon]

having a law gives you recourse, no law means no recourse

While I agree with the sentiment, you have to catch them, first, or course.

Re:Before anyone blames KKKonervative$

[BronsCon]

Lets see a 12 year old girl do that much damage with a spoon.

You don't think a 12 year old girl can do that much damage with a spoon? By 12, they've learned enough biology to know where the jugular vein and femoral artery reside. She could very certainly have done that damage with a spoon.

But all violent crime is the same, bla bla bla.

Now, I never said that, did I? What I did say, however, is that taking guns away (which we all know ain't gonna happen in the first place, so why are we even talking like it might?) won't stop the violence, it will only shift it. What we need to be doing is solving the societal issues that lead to the violence in the first place.

Your kind don't want to do that because it's much more difficult than imagining a world where criminals obey gun laws. And when I say "your kind", I won't mean the anti-gun crowd, I mean idiots; even an anti-gunner with an IQ above room temperature will throw their weight behind fixing this broken society, guns or not.

Re:Encryption enables criminals

[Gaxx]

Um... maybe to ensure that your bank transactions are kept secure such that those potentially snooping upon them can't follow up your legitimate transactions with ones that, for instance, move all of the money from your account to their own accounts?

I mean... just as a starter for 10...

B-b-but we can *TRUST* the FBI!!!

The FBI is completely trustworthy and beyond reproach!

If the FBI says it's OK and won't be misused, by golly, they're right!

Re:B-b-but we can *TRUST* the FBI!!!

[danbert8]

I just hope during a phone upgrade they don't lose the keys to the back door...

Re:B-b-but we can *TRUST* the FBI!!!

[HornWumpus]

This mess won't be fixed until the Ds also have a presidential candidate wiretapped during an election. They think like 5 year olds. Right now they think they 'got away with it'.

Give it 3-4 years until it's addressed.

Re:B-b-but we can *TRUST* the FBI!!!

[HiThere]

Try 15-20 years. And then it will be addressed because the problem is obsolete.

People are always looking for a short-term advantage even if the long term costs are higher than the short term gains.

Re:B-b-but we can *TRUST* the FBI!!!

[HornWumpus]

If it goes that long, we're as fucked as we would have been if Hillary had won (and the dirt never came out).

Re:B-b-but we can *TRUST* the FBI!!!

[bluefoxlucid]

Nixon wiretapped his own conversations, not the other way around.

Re:Encryption enables criminals

[Jason+Levine]

Because encrypting also hides information from criminals. If I'm buying something online, I want to give my credit card information to that site, not the whole world. If the site encrypts the traffic, it can protect my data. If it doesn't, anyone can listen in and then charge items on my credit cards. (It gets worse if you need to use a site to submit more personal information like your social security number.)

If the authorities have a backdoor key, it's only a matter of time before the criminals get that key too. Even if we assumed the authorities had the purest of intentions (a HUGE assumption mind you), I would still want encryption without "police only" back doors to protect against malicious users abusing the back door.

Thank you Ron.

Thanks Ron, seriously. Nice to see that not all politicians have lost their mind.

Score

[DontBeAMoran]

Senator Ron Wyden: intelligent and well-informed
FBI Director Christopher Wray: either imbecile and/or not to be trusted

Re:Score

[gtall]

Yes, but so far he's resisted pressure from Trump and his oompa-loompas to fire lower level people. Wray is going to retire soon, it will be interesting (or disheartening) to see who is the successor.

Re:Score

[Rick+Schumann]

Not imbecile or untrustworthy, at least not in the way you might mean; he's just (sadly) typical law enforcement type: obsessively wants to control everything and everyone around him, regardless of silly inconsequential little things like 'civil rights' or even 'human rights', to the point of throwing common sense out the window.

Re:Score

Senator Ron Wyden: intelligent and well-informed

Yes, very easy to speak up when nobody listens. Just regular political bloviating. As the very first post up above points out. Neither party is a friend of "unauthorized" use of encryption. And it really doesn't matter, because all your "encryption" isn't really that good anyway, and your dependence on an internet service provider to communicate at all only makes things worse.

No, the real problem is the ill informed voters with tribal fanatical tendencies that reelect 95% of this corrupt congress in their own personal quest for a piece of the action.

Re:Score

[amiga3D]

Don't worry, Wray is about to be fired from his job on The Apprentice-White House Edition.

Re:Score

[HornWumpus]

How is that not untrustworthy in every sense?

Re:Score

[HiThere]

Well, if you can predict his opinion, then in a sense he's trustworthy. You may not like what you can trust him to do, but that's, technically, a different matter.

Re:Score

[hey!]

Somebody wanting something they ought not have doesn't make them an imbecile. Things would be a lot easier if people were only ever wrong because they were idiots or liars.

The world is full of people who are neither, but each is working off his personal experience, which is inevitably only a small slice of the big picture. Which means on any particular issue any of us can get things very wrong where they bear on things outside our expertise.

That's why we need democracy, transparent government, and open debate on issues like this.

As for him being not to be trusted -- that goes without saying. He runs a large law enforcement agency responsible for domestic security and counter-intelligence. Even if he were the most personally honest person in the world, he should not be trusted. You don't have to intend harm to do it.

Re:Score

[jd]

Based on the FBI claims, boasts, entrapment "stings" to boost catch numbers, etc, I have to conclude that the FBI is manned entirely from security staff of the B Ark.

Re:Score

[thegarbz]

FBI Director Christopher Wray: either imbecile and/or not to be trusted

You don't get to be director of the FBI by being an imbecile. Make no mistake what he is proposing is 100% malicious and he couldn't give a fuck what happens to every one else as long as the FBI can read your WhatsApp. And he has to read your WhatsApp because you are a terrorist just masquerading as a normal person.

Don't trust your strangers or your best friend. You can describe them all with two words: Sleeper cell.

Spot fucking on.

[rogoshen1]

As a republican living in OR, thank you Mr. Wyden. I wish more of legislature had an iota of common sense and understanding relating to tech before shitting out half-assed regulation with absolutely no care taken to unintended consequences.

We should be more focused on keeping the pigs honest than catching the *incredibly* rare bogeymen.

Re:Spot fucking on.

[PoopJuggler]

Wyden is a Democrat.

Re:Spot fucking on.

[grasshoppa]

And?

Sadly, common sense and intelligence is a rare enough trait that it should be celebrated whenever and where ever it's found.

I hate all politicians, but I appreciate this particular one's stance on this particular issue.

Re:Spot fucking on.

[Strider-]

Ahh, but some people, of which I presume rogoshen1 is, realize that people from the other side of the aisle aren't always the enemy, but can in fact do things that you like. It's not "Us" vs "Them" it's all "Us" just that we may not agree 100% with some of the othe othe rparts of "us"

Re:Spot fucking on.

[Tailhook]

thank you Mr. Wyden

I'm much less impressed with this. Wyden has as a premise that a backdoor is legitimate if only the mechanism can be made secure. Wyden does not assert that we are supposedly free people and may use whatever algorithm we wish, but that they should have such a backdoor capability once they can convince him that their backdoor can't be exploited.

Re:Spot fucking on.

[gtall]

That fellow Kennedy from La. nailed el Presidente Tweetie's court nominee (one of the lessor courts) when the nominee couldn't answer legal questions posed by Kennedy. The nominee withdrew in shame.

Re:Spot fucking on.

[SecurityGuy]

It's a start, though. It's a short step from that viewpoint to "no backdoor can be made secure" to "I guess we shouldn't do that."

Re:Spot fucking on.

[bluefoxlucid]

I have a project management background and an enormous amount of focus on risk. I take steps to control risks and protect against unintended consequences, ensuring anything that goes wrong is sufficiently-minor and easy to respond to quickly and effectively. Most people don't take such rigor with anything.

Running for MD07, Elijah Cummings's seat.

Re:Spot fucking on.

[bluefoxlucid]

This is why I talk a lot about clean air and water, and avoid talking about climate change. Everybody loves clean air and water.

Re:Spot fucking on.

Wyden is calling out Wray using facts and real problems with the idea. That is a clear argument with which a discussion can be won.
The free people argument is much more difficult because there is already plenty of legislation that curtails our freedoms. In this arena the argument is already partly lost: It is ok to limit freedoms, the only question left is to what extent. Here it is much more difficult to score a decisive victory, and it is much easier for ideological opponents to simply dismiss your argument.

When you have to fight, at least choose a terrain that is favorable to you.

Re:Spot fucking on.

[Tailhook]

choose a terrain that is favorable to you

If that's all the terrain we have to work with then we're fucked. The Powers That Be know how to get past the vulnerability argument; they fund lots of academics and can push them where needed, including arguing that talk of vulnerabilities is crackpot and must be ignored on pain of ridicule. They'll have zero difficulty stocking panel after panel with "experts" that will parrot the necessary lines at hearing after hearing until they've lined up the necessary votes.

We're not required to record a private verbal conversation, in person, on the phone or otherwise. Despite this we've somehow we've managed to survive the parade of horribles for hundreds of years sans the ability of LE to rifle through all the things criminals say to one another that weren't recorded. I believe it is 100% legitimate and reasonable to assert that communicating via strong, un-backdoored cryptography is a right every damn bit as much as conducting a private verbal conversation. Further, the fact that LE believes they're owed some backdoor is simply a symptom of the mentality that emerges when there are too many of them with far, far too much funding.

Re:Spot fucking on.

[gnasher719]

Wyden has as a premise that a backdoor is legitimate if only the mechanism can be made secure.

I don't know where you see him saying this. He says a backdoor is not legitimate if the mechanism isn't secure. A common sense argument that any sane person would agree with if they could afford to be honest.

That's a very strong argument. It's an excellent strategy do give only one, unbeatable argument. You can avoid all other discussions that way. What he saying isn't "a backdoor is legitimate if it is made safe". What he says is "should you manage to create a backdoor that is safe, then I can come up with lots more arguments, but right now there is no need to do so".

Re:Spot fucking on.

[jd]

In politics, you have to throw the occasional bone. No such improved security measure exists, Wyden knows this, but the stupider members of Congress don't. The stupider members are likely to side with the FBI, but now they are likely to wonder how vulnerable their own stuff is and whether the FBI can't just wait a year or two. In politics, that's as close to a win as you can get.

Re:Spot fucking on.

[Tailhook]

That's a very strong argument.

No, it isn't. Define "secure." (Not really, because your definition doesn't matter.) I'll do it the way LE will do it; march panel after panel of federally funded university professors and paid consultants up to the hill and expert 'splain away all the doubting Thomases; the few remaining outsiders that aren't aligned with the official definition of "secure" becomes the designated crackpots, safely dismissed.

Re:Spot fucking on.

[PoopJuggler]

And... maybe he should stop voting Republican since it's clear that the other team plays nicer.

Re:Spot fucking on.

[grasshoppa]

Oh, "nicer". I love this argument, because it's so...naive. Look, even if we accepted that the dems play nicer ( I would posit that it's more you not paying as close attention, but regardless ), is "agreeableness" really something we want in a world leader?

We want rationality, fairness, strength. We do not want "nice"; at best it's a distraction, at worst it's manipulative.

Re:Spot fucking on.

[david_thornley]

Arguments work far better if the person you're talking to is likely to accept them. The FBI really doesn't seem to have a belief that people have rights that the FBI finds inconvenient, so the moral argument will be dismissed as SJW propaganda. Bringing up technical points and demanding the FBI justify itself technically has a much higher chance of working.

Probably the Latter

[RumGunner]

Shady as heck, preying upon the fears of those poor uninformed politicians! That's so mean!

How is China solving this dillema

[goombah99]

Not trolling. Serious question. Different states have different policies and it seems likely have acceptable outcomes in their respective societies. North Korea allegedly is the worst, with the mandated document editors saving copies of, and watermarking everything you write. But even in the US we've lived with having all printers watermark all documents (why you run out of yellow ink so fast) as well as PRISM and other data slurps. On the flip side law enforcement has had to confront cryptography for centuries and presumably most of it was uncrackable in it's own era.
The key difference is ubiquity and the accessibility to the tools by a non-expert.
Their is precedence for law enforcement not allowing cryptography. For example, when encrypted CB radios were put on the market they were quickly nixed (drug smugglers used them, allegedly).

Re:How is China solving this dillema

[Anne+Thwacks]

The key difference is ubiquity and the accessibility to the tools by a non-expert.

Nope - the key difference is whether your government is into control freakery.

Uncrackable encryption is available to anyone who bothers to ask, and has been since before the invention of paper. Anyone can create completely uncrackable one-time-pad based systems with a pencil and paper and the use of a few brain cells. Steganography was known to ancient Greeks, and plenty of ancient codes have still to be broken.

I bet there are quite a large number of languages in regular use that no-one in the CIA, FBI or TSA can speak. It is also true that some TLA agencies can crack Rot13, but presumably quite a few can't. Mandating buckets with holes in is not going to eliminate theft of liquid either. Sometimes you will have to do detective work to solve crimes but "You can't win them all". Mandating that everyone writes all their thoughts in a placard and holds it above their heads at all times won't stop people from lying. Hell, nothing stops politicians from lying. And there is clearly no limit to stupidity.

Re:How is China solving this dillema

[gnick]

It is also true that some TLA agencies can crack Rot13, but presumably quite a few can't.

Rot13? Vs gurer'f n GYN gung pna'g penpx Ebg13, fbzrguvat vf irel jebat.

Re:How is China solving this dillema

[HornWumpus]

Not all printers. EFF maintains a list. Reward OKI for their finger to the NSA. Don't buy from collaborators.

Re:How is China solving this dillema

[AmiMoJo]

You have to remember that most criminals are not particularly bright. How often do you hear that they were scuppered by posting incriminating photos on Facebook, or using the phone they just stole without wiping and disabling "find my phone"?

They probably don't realize that WattsApp is encrypting their messages, or that the NSA is trying to read them. They only become aware when they get arrested and they find that the police can't get past the unlock code on their iPhone.

So from the FBI's point of view if they could just convince WattsApp to weaken their encryption it would allow them to access a lot of communications that are currently unavailable even though the suspect made zero effort. They probably realize that anyone serious will just use some other system, but also understand that 90% of criminals are not that serious.

Of course, we should still tell them to go suck a lemon. Universal, on-by-default strong encryption is a good thing.

Re:How is China solving this dillema

[TheRaven64]

One-time pads are not really feasible. An earlier Slashdot post suggested not thinking of one-time pads as encryption, but as a way of time shifting use of a secure channel. If you have a secure channel now over which you can distribute n bits of data, then you can distribute an n-bit one-time pad and then later you can use an insecure channel to send an n-bit message securely. Having to distribute a key as long as a message is not very easy, and the requirement that the pad be generated with a cryptographically secure random number generator makes it a bit harder.

That said, algorithms like RSA and AES are pretty simple to implement. Most of the attacks on implementations of these have been timing vulnerabilities (requiring an attacker either on the same machine or very close on the network), or attacks on incorrect use of the crypto primitives in more complex cryptosystems. You can take the code examples from Applied Cryptography, change the #defines to give you longer key lengths (many of the examples use insecure key lengths to avoid export restrictions), and you've got an implementation of a secure algorithm. If you're encrypting offline and exchanging messages via some channel where an attacker has no control over or visibility of your timing, it's probably secure.

Re:How is China solving this dillema

[houghi]

I just want to say this from Radio Free Slashdot:
Jean has a large moustache.
Aunt Irma is feeling better.
A cigar is not in the package.

I repeat the message
Jean has a large moustache.
Aunt Irma is feeling better.
A cigar is not in the package.

This concludes the broadcast of Radio Free Slashdot

Re:How is China solving this dillema

[Narcocide]

Wow, they really paid you to shill against one time pads? What a load of misinformed garbage. You should reevaluate your life.

Re:How is China solving this dillema

[houghi]

The TSA has backdoors in luggage locks. I always just use zip ties, because then I will know that they where in there. Buy non-standard ones like pink ones.

Re:How is China solving this dillema

[aaarrrgggh]

You also have to remember that most people are not criminals, and are unlikely to be investigated for a crime (presuming proper due-process), as they are unlikely to be the victims of a crime for which evidence from a phone is likely to make a difference to their outcome.

Re:How is China solving this dillema

[AHuxley]

By recovering the keys from anyone offering a telco product on their networks.

Re:How is China solving this dillema

[AHuxley]

One time pads used once will be secure. That gives the needed privacy.
One time pads only fail is they get reused due to the amount of data needing to be sent.
Spies having full past plain text messages on them when captured due to they way they learned to decode and encode.
The problem is not getting found using a communications network i.e. anonymity. The number station works well one way.

Re:How is China solving this dillema

[TheRaven64]

Please will you point out anything that I've said that is incorrect and why? Also, who on earth do you think would pay someone to point out the limitations of one-time pads?

Re:How is China solving this dillema

[Bob+the+Super+Hamste]

The TSA has backdoors in luggage locks.

Sounds like a good reason for not allowing backdoored encryption.

I always just use zip ties, because then I will know that they where in there.

I really hope you are joking.

Re:How is China solving this dillema

[gtall]

Congratulations on your use of SneakerNet to securely distributed your one-time pads. Don't trip now, you wouldn't want to spill any.

Re:How is China solving this dillema

The chair is against the wall..

Re:How is China solving this dillema

[senileoldfart]

Yes, funny, but if we all included a few lines of gibberish in our on-line posts. It would drive the 3 letter agencies absolutely nuts.

Re:How is China solving this dillema

[bluefoxlucid]

That's a book cipher. Book ciphers use widely-available books or else are prone to discovery by the fact that people involved own an obscure book. The use of a widely-available book makes it easy to get a hold of the source material; however, it also means you have a small number of books from which to select, making computerized brute forcing feasible.

Periodicals are even worse: magazines have limited distribution area, and outside that area are specialty items. In applications requiring high-security encryption, you have a strong adversary who can collect such data and potentially identify that one or both actors receive certain periodicals. These go first into the list of scanned texts to use in cryptanalysis.

Algorithms to vary the data create visible skew, and the skew gets removed. Book ciphers tend to expose themselves by exploding data, so the anoalysis techniques to crack them are played first by the adversary.

Re:How is China solving this dillema

[bluefoxlucid]

Why are they making a big deal about people publishing a picture of the TSA master keys?

Just cut the locks open, examine the pin tumbler mechanism, and identify the master keying. Then you can derive the key from the lock.

Re:How is China solving this dillema

[Anne+Thwacks]

own an obscure book.

While there is plenty of evidence that some people are as dumb as the average US senator, there is no need to use an obscure book. Try a typical secondary school book, or a Mills and Boone, or the most popular ever: a Gideon Bible. (You will find one in your hotel room - use it and leave it there to avoid suspicion).

For added security, you can have an agreed algorithm for choosing the start location eg the first five digits on the front page of today's newspaper + your cat's birthday,

OR

a set of digits from an agreed broadcast on a numbers station (even if you have no control over the numbers station).

OR

The football results.

Sure its insecure if you leak the algorithm - but is insecure if you leak the plain text - generally, when it comes to secrecy, leaking is bad.

Anyone would think you lot leave your pron lying around in the open!

Re:How is China solving this dillema

[Anne+Thwacks]

Reward OKI for their finger to the NSA.

Maybe. But their Linux tools are complete shite.

Re:How is China solving this dillema

[Aighearach]

I miss Slashdot Radio, it was the only decent thing on.

Re:How is China solving this dillema

[Bob+the+Super+Hamste]

I used that as an example of government leaking crap just like they would leak inevitably leak master crypto keys, or super secret NSA backdoor. My latter link was included to show that there are other ways around it too.

Re:How is China solving this dillema

[phantomjinx]

Wounds my heart with a monotonous langour?

Re:How is China solving this dillema

[i286NiNJA]

If you have a secure channel now over which you can distribute n bits of data, then you can distribute an n-bit one-time pad and then later you can use an insecure channel to send an n-bit message securely.

Yeah that's the academic ruling on the subject but the reality is that it's easy to covertly distribute a one time pad, or the information required to generate a one time pad and as long as that information is not leaked you're ok.

As far as n bits of data, you don't need to transfer N bits of data to encrypt N bits of data.
You can distribute the first 10 elements of a sequence, the name of a book, or address of a website. Codebreakers have been known to possess libraries of such possible key sources for this very reason but you have to have fucked up pretty bad to earn a time block on such a codebreaking system and if you're aware of this fact it is probably not hard to select pads that aren't going to make it into the library.

Re:How is China solving this dillema

[bluefoxlucid]

there is no need to use an obscure book

If we use the common set, it's easy to run through a list of common books and do a fast brute force. That was literally my immediate-following statement.

Basically, using a common book is like using a password picked off the published list of the top million passwords.

or the most popular ever: a Gideon Bible.

That is likely the first thing someone will attempt--especially if your operatives seem reasonably prone to hotel stays.

For added security, you can have an agreed algorithm for choosing the start location eg the first five digits on the front page of today's newspaper + your cat's birthday,

This is known to not increase security, and can even reduce security.

The football results.

Data set too small, chosen ciphertext attack possible.

Re:How is China solving this dillema

[bluefoxlucid]

Well, yeah. I was more interested in the fact that the keys were never secret in the first place: they're visible inside the lock itself.

Re:How is China solving this dillema

[shaitand]

"Having to distribute a key as long as a message is not very easy, and the requirement that the pad be generated with a cryptographically secure random number generator makes it a bit harder."

Not really. Have you ever heard of a coin? Perhaps some dice? Random data sources are cheap and trivial to find the instant you step away from a computer.

Re:How is China solving this dillema

[shaitand]

"If I pre-arrange a key with someone. Say Page 10 of the New York times as published on friday."

The "pre-arranging" is the part where you distributed the key. If that communication is intercepted or overheard the key is compromised. You can arrange something else that you'd both have access to but others would not to be the key but then the key transfer is actually whatever exchanged resulted in you both having that material AND the exchange.

This is ultimately no different than using outputs of a random number generation algorithm with the same seed, the seed is the key, not the off output you used to encode/decode the message.

Re:How is China solving this dillema

[shaitand]

"Book ciphers use widely-available books or else are prone to discovery by the fact that people involved own an obscure book."

There is no registry of book ownership that I'm aware of. You are also putting the cart before the horse, you'd have to crack the code to determine the book before you could "discover" it involved an obscure book and go looking for them.

Re: How is China solving this dillema

[bursch-X]

China ist using ROT2600 and is the securestest of them all.

Re:How is China solving this dillema

[bluefoxlucid]

Not really. You've already identified a human target. You can monitor them, yet not come across decoded messages. It's comparatively-easy to discover they're never without access to (or keep referencing in public libraries) a certain book or periodical. If it's not on your common list, it goes to the front of the line for potential book cipher cryptanalysis.

Re:How is China solving this dillema

[nasch]

One-time pads are not really feasible.

Just tonight I talked to people from a company developing a OTP system primarily for use by the US military. So I think it's more feasible than it might seem (or possibly they're barking up the wrong tree, but they seemed like smart people).

Re: How is China solving this dillema

[shaitand]

Bug you when you tell the agent

"Weekly Sunday NYTimes.
Weekly Powerball drawing numbers is the seed.
Encrypt it three times via a pattern in the numbers previously discussed in person.
1,10,11,21,31,44, 80 are the numbers.
Multiply them all.
Square it. (or whatever)
Then add your agent number and encrypt it. Then the result again."

Cracked. That is the seed, not the powerball number.

Re:How is China solving this dillema

[shaitand]

"Not really. You've already identified a human target."

You have? If we are going to assume major advantages why not a decoder ring?

Re:How is China solving this dillema

[houghi]

No, I am not joking. The TSA is there to do a meaningless job. That means instead of going through all that, he just goes on to the next one that he is able to open with his masterkey.
Thieves might be able tro do that, but tghen theu would be able to do that without a masterkey anyway.

So the first reason I use them is that they do not open by accident due to baggage handlers. Not nice to have your socks all over the tarmac.I just use zi[pties instead of locks.
Zipties are also a lot cheaper (depending on how often you fly)

Re:How is China solving this dillema

[TheRaven64]

If I pre-arrange a key with someone. Say Page 10 of the New York times as published on friday. Then I buy a paper, they buy a paper and I can send them a message they can decode. Only use the paper once, it is an OTP. Actually, it is how a lot of OTP's were done in the past

As the other poster pointed out, that's not a one-time pad, that's a book cypher. That is, indeed, how a lot of crypto was done in the past and, as a result, there are well-known techniques for attacking it. They are far more feasible in the modern age, because it's easy to put all books that both parties are likely to have and all recent newspapers in a database and then do statistical analysis on the result. As soon as I know that it's a book cypher using a recent newspaper, I have a good chance of being able to crack it if you write anything other than very short messages, and if you're only going to share very small messages then you may as well arrange a one-time pad with a symbol space optimised for your messages (e.g. encode a byte where the low three bits are a number of days, the next 5 are a set of possible targets, with all 1s being cancel attack. Now you need an 8-bit one-time pad to be able to securely send your message).

The IRA used a lot of book cyphers and GCHQ was able to crack most of them quite easily.

Re:How is China solving this dillema

[TheRaven64]

I can spend $20 on flash memory. I will give me enough material to communicate with someone as much as I want by voice or text for a lifetime with zero chance of in-flight compromise by anyone ever.

That's true (unless you want to share videos), though that's $20 for every pair of communicating parties, plus the overhead of managing one thumb drive for everyone that you want to communicate with. That doesn't scale well.

Most cryptography in practical use today is dependent on secure random sources for secure operation

It's a question of quantity. Getting 128 bits of cryptographically secure noise is easy. Even if you think the NSA has compromised a bunch of hardware random number generators, it's unlikely that 128 bits will be enough for them to work out where it is in the pattern. 1GB of cryptographically secure noise is much harder to get (not sure if they still do, but US embassies used to use recordings from a radio telescope and the USSR had fun putting satellites above their telescope and injecting non-random patterns into their data).

Re:How is China solving this dillema

[TheRaven64]

Have you ever heard of a coin?

Yup. I've also read some studies showing how non-random coin tosses are. They're fine for a single toss, but with enough data you're going to see patterns. Even without that, each coin toss gives you 1 bit of entropy. An SMS is 140 bytes (1,120 bits), so if you can toss a coin once per second it will take almost 20 minutes to generate the random number that will work as a OTP for a single text message.

Perhaps some dice?

Okay, ignoring the fact that most die are biassed and even ones that start perfect are biassed towards either the 1 or 6 by the act of printing or cutting the numbers, now we get 2.5 bits of entopy from each die roll. Now we're down to just over 7 minutes at one die roll per second to generate a OTP for an SMS. I actually do know of one company that has built an automatic die rolling machine to generate random numbers. It's fine for a 128-bit key (52 rolls), but if you want to use it as a OTP then it's going to be very slow.

Re:How is China solving this dillema

[TheRaven64]

US embassies use OTPs. I'm not surprised bits of the military use it. It's fine if you have a limited number of communication paths, trustworthy people with big guns who can carry the keys, and the ability to often have the people who are going to communicate in the same room. It would be fairly easy to create a OTP system for a family, for example, where their phones would all share random secrets over local WiFi / Bluetooth overnight, and then use those during the day. It's not so feasible for the relatives that live overseas.

Re:How is China solving this dillema

[jbengt]

Having to distribute a key as long as a message is not very easy . . .

Actually, that is extremely easy.
(Hint: it doesn't have to be done electronically, it can be done ahead of time by mail, FedEx, or even in person, using any medium, even paper.)
Also, it can be further obfuscated by steganography or "algorithms like RSA and AES" that you say "are pretty simple to implement" if you think the one-time pad distribution is insecure.

Re:How is China solving this dillema

[TheRaven64]

it can be done ahead of time by mail, FedEx, or even in person, using any medium, even paper

I'll agree with 'in person', but if you trust the mail or FedEx to be secure, then why not just use these services for the message and not bother with the encryption at all?

Re:How is China solving this dillema

[bluefoxlucid]

Reused key allows for analysis.

Re:How is China solving this dillema

[david_thornley]

If you have the means to generate adequately random numbers in large enough quantities, and a secure channel, and some way to avoid reusing part of a pad, you've got a time-deferred secure channel from one person to another. If you want to include a third person, make more pads. If two people transmit independently, they're likely to reuse part of the pad sometime.

What form is the pad to take? Paper books have the advantage that you can use part of one and tear out the pages used. However, they're bulky and not easy to use for machine encryption. USB sticks are easier to use, but erasing the used part of a pad is iffier. If the pad parts are not destroyed when used, it might be possible to decrypt older messages. If you're willing to use one-time pads, you probably don't want any older messages to be readable should you be busted and searched.

There have been uses for one-time pads. At one time, Soviet spies were sent out with pads (they were made by typists typing more-or-less random digits, which isn't completely random). I don't know of other uses.

Re:How is China solving this dillema

[david_thornley]

Without continuing surveillance , it's going to be hard to figure out what the suspect references at the library. Librarians are very touchy about giving away information on their clients, and typically destroy all such info as soon as it's no longer needed.

Re:How is China solving this dillema

[david_thornley]

No. Once you use fewer than N bits of key to encrypt N bits of data, you're not using a one-time pad. You're using something else, and you need to consider that carefully.

Using those bits to construct a key for a known secure cipher, like AES-256, is probably safe. (AES-256 is probably safe. There's no known attacks, there's not expected to be known attacks, and it can't be brute-forced short of a Kardashev Type III attacker.) Once you leave established cryptosystems, you're on our own, and you almost certainly don't know enough to pick one that's hard to crack. Book ciphers are reasonably easy to break.

Re:How is China solving this dillema

[david_thornley]

You can buy hardware random number generators for a few hundred dollars (last I looked). Some work on radioactive decay, some on thermal noise. Assuming you're willing to trust a closed hardware device from someone else, generating the random bits is fairly easy.

Re:How is China solving this dillema

[david_thornley]

There's a story about a censor seeing an outgoing message "Papa is dead", changing it to "Papa is deceased", and seeing a message going the other way "Is Papa dead or deceased?". It does sound made-up.

Re:How is China solving this dillema

[david_thornley]

Communication protocol in the US Pacific Fleet in WWII was that you have the real message preceded and followed by nonsense phrases separated by double letters. At the Battle of Leyte Gulf, Admiral Halsey's signal section got a message from Nimitz, top admiral in the Pacific: TURKEY TROTS TO WATER GG WHERE REPEAT WHERE IS TASK FORCE THIRTY FOUR RR THE WORLD WONDERS. The signal section properly stripped out TURKEY TROTS TO WATER but not THE WORLD WONDERS, causing the question to read like a stinging rebuke, spurring Halsey to make yet another mistake in running the battle.

Re:How is China solving this dillema

[toddestan]

Actually, if the goal is to know whether they were in there, the ballpoint pin trick would be easy to defeat - just zip tie the the zipper to something like a handle so they can't move it without cutting the zip tie.

Re:How is China solving this dillema

[bluefoxlucid]

Governments have the capacity to have multiple plain-clothes agents happen to be passing in and out of libraries at the same time, you know. Just normal traffic. We've narrowed it down to a shelf. Hell, we have digital copies of everything at that library branch.

Re:How is China solving this dillema

[david_thornley]

There will not be plainclothes agents keeping every library branch under surveillance. Besides, library catalogs are normally openly available information; what the libraries do not keep track of is client information. For example, you are very unlikely to be able to confirm that I checked out that last audiobook I listened to.

Re:How is China solving this dillema

[bluefoxlucid]

Okay, so you're assuming that a single agent is unimportant enough that the adversarial state won't be following him around or noticing his actions, but he needs a book cipher to hide from an adversarial state. You also suggest that such a state won't have enough plainclothes agents to keep surveillance, although how they're supposed to know to apply the book cipher based on someone approaching a book when they don't have a surveillance target is not answered.

Look, for any of this premise to make sense, the government knows who you are, and knows you're using a cipher. They know this because they're trying to read your information (they have it), but your information is encrypted, They are now specifically targeting you with nation-state resources, which means they know what library you visit, where you are now, and where you're headed, and can mobilize agents specifically to be at that library and no other library because you are physically present there.

If they don't know who you are and can't track your movement, then you can go ahead and trade your secrets in plain-text, because nobody's watching.

Re:How is China solving this dillema

[david_thornley]

There's lots of people who are up to no good. Some of them use ciphers. Finding out what books one of them has checked out from the library would involve constant surveillance of the suspect whenever the suspect leaves a library. The government has nation-state resources, but also nation-state concerns, which eans lots of surveillance target, which means that its resources are spread thin.

The government can know that somebody's at a library, but if the government doesn't act fast the government won't know what books the someone checked out.

The appropriate government agencies knew that the Florida nightclub shooter was likely to do what he did sometime. Not knowing when, they couldn't assign enough resources to keep track of the shooter on a moment-to-moment basis.

Re:How is China solving this dillema

[bluefoxlucid]

The government has nation-state resources, but also nation-state concerns, which eans lots of surveillance target, which means that its resources are spread thin.

Sure, and they're going to have to dedicate resources to a particular individual case if they want to actually learn anything about that case.

The appropriate government agencies knew that the Florida nightclub shooter was likely to do what he did sometime. Not knowing when, they couldn't assign enough resources to keep track of the shooter on a moment-to-moment basis.

Actually, they think he was using encryption to hide communications, e.g. via WhatsApp or another double-ratchet-based messenger. They know he had a cell phone, and they most likely were able to follow his movements with the appropriate warrants which would have allowed them to read his (encrypted) communications. Had he been using a book cipher, they could have identified periodicals and books from his entire movement path, including any bookstore, library, or news stand he passed. That's actually not a lot of data; and for the stores, they could pull purchase history during the time he was near (or purchased) to prioritize e.g. a potential newspaper or magazine buy.

A lot of that can be done automatically, and any physical surveillance can be recommended by machine or by agents who want to see what he's doing in a library every Wednesday--or just have someone in the area and alert them when the suspect is on the move.

Not that they do anything so fancy. They could, and with minimal resource expenditure.

Of course, none of that is going to break the encryption on his phone. I quite like it that way, even if it causes some trouble for our law enforcement agencies now and then.

Re:How is China solving this dillema

[i286NiNJA]

I thought about how they'd break a book cipher. I suppose you're right.
I'll still stand by the statement that for the average person storing archives or sending a message, it's more important to conceal the existence of secret messages than it is to use secure encryption. I realize this statement borders on flamebait.

Re:How is China solving this dillema

[david_thornley]

The point of the Florida night-club shooter is that he was known to authorities as a potentially armed and murderous nutcase. Law enforcement couldn't do better than try to keep an eye on him until he broke the law, which he did in a big way, and without law enforcement there to stop him. There are too many possible bad guys for law enforcement to keep tabs on all the time, and that's true no matter how far you scale things up. If someone is a known extreme threat, they'll get more surveillance, but normally not 24/7.

Bookstores and newsstands don't collect information on their customers. If someone working at one of those remembers a face, there's a good chance they won't remember what the customer bought exactly. Libraries destroy all information that concerns borrowers as soon as they can, and they don't keep tabs on who comes in and uses books without checking them out. (Librarians can be surprisingly hard-core.) This means that, to keep track of the books and magazines a suspect has available. they pretty much need to be tailed whenever out. Otherwise, there's a very large number of possibilities, most of which are not likely cataloged electronically.

There's also more traditional means of breaking book ciphers, which I'm not up on.

Re:How is China solving this dillema

[bluefoxlucid]

Bookstores and newsstands don't collect information on their customers

They keep records of sales, not faces. They have a record of every sale, with a time stamp. I've actually called a supermarket and gotten the clock time someone was in the store by giving them a day, last 4 digits of a credit card, and an exact purchase amount.

This means that, to keep track of the books and magazines a suspect has available. they pretty much need to be tailed whenever out.

It's called cell phone signal triangulation, and it can be done pretty much by subpoenaing the tower operators, or by stationing several $800 boxes in an area (in which case you can read information to identify every handset device passively, and track anyone in the area at any future date by running a query).

Let the computer do the boring job of sitting around watching 24/7.

Otherwise, there's a very large number of possibilities, most of which are not likely cataloged electronically.

OCR is pretty accurate, and book ciphers aren't feedback ciphers.

Hide data on FBI phones!

[Fringe]

Given that the FBI can't even track down messages sent between their own agents that they were required to "compliance" and archive, I'm not sure how encryption can add more difficulty. They've got a Keystone Cops vibe going there.

Re:Hide data on FBI phones!

[Agripa]

Given that the FBI can't even track down messages sent between their own agents that they were required to "compliance" and archive, I'm not sure how encryption can add more difficulty. They've got a Keystone Cops vibe going there.

Don't confuse incompetence with deliberate calculated deniable obstruction.

Re:Encryption enables criminals

[jellomizer]

One of the aspects of a free society, is the general concept of innocent until proven guilty. We encrypt in order to protect our information from bad actors. A government is managed by people not all of them trustful, so the government shouldn't get my data, unless absolutely needed say via a warrant. Because I am innocent until proven of a crime, so my encrypted communication shouldn't be considered anything nefarious until I am expected to be up to something concrete.

I expect for 99.99% of all encrypted data it is just information that isn't proof of wrong doing. But lets say this post from Jellomizer connects me to my boss who may disagree with such a position could get me fired, because my Point of view while perfectly legal may not be in sync with the company policy.

Senator

[ragnar_ianal]

Can we mod this senator up?

Re:Senator

[dgatwood]

As a Californian, any chance we could steal him as a replacement for Feinstein?

coming soon, the Hoover retort

[cas2000]

In a few weeks, an avalanche of dirt (both true and untrue) from "anonymous whistle-blowers" about this Senator Wyden will start mysteriously appearing in news stories all over the country.

They'll continue at least until he resigns in disgrace, is imprisoned due to the absolutely totally not photoshopped(*) donkey-fucking kiddie-porn incest home movies, or commits suicide.

(*) The FBI have access to far better software than photoshop.

Some faith in humanity restored!

[Rick+Schumann]

Well, then, there's at least one Congresscritter in our government who has a working brain! Who knows, maybe he can educate the rest of them?

Re:Some faith in humanity restored!

[Tablizer]

Well, then, there's at least one Congresscritter in our government who has a working brain! Who knows, maybe he can educate the rest of them?

It's probably a fluke. Something will restore order, or should I say, restore chaos.

"Pssst, nice brain you have there. It would too bad if something terrible happened to it..."

Re:Some faith in humanity restored!

[Agripa]

Well, then, there's at least one Congresscritter in our government who has a working brain! Who knows, maybe he can educate the rest of them?

Mistakes happen. Senator Wyden serves to lend credibility to Congress.

Wyden for President!

[TheFakeTimCook]

I don't know anything about this Senator; but on this one topic alone, he would have my vote!

I'd suggest we all write him and thank him for his courage and intelligence...

https://www.wyden.senate.gov/c...

Re:Wyden for President!

[DaMattster]

I am glad that Wyden had the courage to call out the crap that the FBI has been spewing.

Re:Wyden for President!

[Xenographic]

Surprised you don't know his name, Wyden has always been good on issues like encryption and is too often one of the very few voices of reason in Congress on some of these issues.

Re:Wyden for President!

[dgatwood]

Depends on the issue and the position. Someone taking a position based on an emotional reaction, in ways that try to invoke an emotional reaction in others, is likely to be a manipulator. Someone taking a position on logic, and doing so in ways that are designed to get people to not react emotionally and to think before they pass laws, is likely to be a good legislator.

Re:Wyden for President!

[TheFakeTimCook]

I am glad that Wyden had the courage to call out the crap that the FBI has been spewing.

Me too!!!

Re:Wyden for President!

[TheFakeTimCook]

Surprised you don't know his name, Wyden has always been good on issues like encryption and is too often one of the very few voices of reason in Congress on some of these issues.

I have probably heard his name before, but before this article, it didn't "register".

Re:Wyden for President!

[swell]

Or try this edress from http://hrlibrary.umn.edu/peace...
wyden@teleport.com

They only respond to constituents in Oregon.

Sadly, comedian and senator Al Franken, D-MN, who is tech savvy, is no longer able to speak for justice on the Hill.

Re:Encryption enables criminals

[Rick+Schumann]

Congratulations! You get the Low Quality Bait Award for the day!

Re:Encryption enables criminals

[wonkey_monkey]

We encrypt in order to protect our information from bad actors.

Rob Schneider's always after my password!

Short-Term Thinking [Re:Score]

[Tablizer]

FBI Director Christopher Wray: either imbecile and/or not to be trusted

He's probably thinking short-term: kiss up to the current Boss T; and back-doors may be helpful to HIS job in the shorter term, with longer term consequences being somebody else's problem.

Unless, hackers crack the back-door quicker than he expects. Perhaps he's thinking he can then blame the product companies for "doing back doors sloppily". Thus, spin the breach as bad implementation, not bad law.

Those in higher positions are often pretty good at having a "blame plan" ready, in my experience. They don't plan much else well, but strategic blaming is a necessary skill to rise in power. CYA Calculus.

So strange

It just hit me that one of the reasons this story is so strange, is that someone in government (who is this Senator Wyden?) is treating the situation in a way that you might expect from an adult. I'm not used to this.

Are we sure he's a Senator from a state in America? I don't want to later find out that Oregon is a place in Wales or something like that.

Re:So strange

[clovis]

Most legislators are indeed like Ryden. That's why you've never heard of them.
No thanks to CNN, FOX, and their ilk for only quoting the spewings of the ones who are clowns.

Re:So strange

[gtall]

Wyden is fairly well-known.

Re:Encryption enables criminals

[Fetko]

I'm sure this is a joke, but i'm hoping that it is literal and true.

Junk gov encryption won't walk out the door?

[AHuxley]

What will wealthy criminals, cults, faiths, political groups, competitors, spies do when they work out the US gov has the keys to most consumer communications?
They will ask their dual citizens, faith members, criminals, corrupt military/police/gov for the federal backdoor keys.
Interesting people/cults/criminals will use the junk crypto to run real time counter surveillance on US police/federal/state/city task forces and mil.
If that fails they will watch for nations the US trusts and get a copy for that nations mil/police/gov.

Dont tell anyone the FBI has the keys, ever.
Build up a voice print database and cell phone ID matching system within the FBI. Stop using other agency/teloc/contractor support within the USA. Too many ex and former workers who might have gov methods to sell to keep track of.
Start investigations internally but always have another reason for lawyers, FOIA, human rights groups, mid and low ranking cult members, faith groups, corrupt military/police to guess at. Informers, witnesses, luck, past investigative work. Anything to keep the interesting people guessing and talking as to FBI skill sets and methods.
The bad people do not need to know the FBI has their conversations, voice prints, locations, files.
Let the bad people keep trusting their computers, cell phones, big brand junk crypto.
Ensure criminals feel confident to keep talking to their friends and with corrupt people in the military/police/gov/big brands/telcos.
Suggest to the media and lawyers that every next generation of computer and cell phone is very/too difficult for law enforcement.
Once bad people know the backdoor exists in every gen of cell phone they can just stop using that live mic and GPS they carry around.
They can return to community, faith, their own networks.
Consider how the GCHQ worked in Ireland to stop the flow of support entering Ireland. Lots of interesting people had a theory but nobody worked out the methods used to track interesting people, support moving, funding globally.
If the crypto is junk, don't tell the world, use the data gathered and win.

Re:Junk gov encryption won't walk out the door?

[eth1]

What will wealthy criminals, cults, faiths, political groups, competitors, spies do when they work out the US gov has the keys to most consumer communications?

They will ask their dual citizens, faith members, criminals, corrupt military/police/gov for the federal backdoor keys.

Interesting people/cults/criminals will use the junk crypto to run real time counter surveillance on US police/federal/state/city task forces and mil.

If that fails they will watch for nations the US trusts and get a copy for that nations mil/police/gov.
 

It won't even last that long. Most likely someone involved in building said back doors will release the info before it's even live just to kill the whole thing before it starts.

Re:Junk gov encryption won't walk out the door?

[DaMattster]

Well that made a whole lot of sense .... NOT!

Re:Junk gov encryption won't walk out the door?

[AHuxley]

Think of the new buddy system trying to stop the keys from been copied and walked out....
The polygraphs and investigations of the contractors trying to work on the crypto backdoor for the US gov.
Once the US telco keys are in the wild it will be a
Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05
SISMI-Telecom scandal https://en.wikipedia.org/wiki/...

Re:Junk gov encryption won't walk out the door?

[sconeu]

Interesting people/cults/criminals will use the junk crypto to run real time counter surveillance on US police/federal/state/city task forces and mil.

They're so cute when they're naive. You think that the Feds will use the backdoored encryption?

Re:Junk gov encryption won't walk out the door?

[AHuxley]

Re You think that the Feds will use the backdoored encryption?
Just find who has that not 'backdoored encryption". The consumer systems/networks will decrypt once the keys are in the wild.
If the gov/mil encryption holds and all surrounding consumer junk is decrypted? Thats all that is needed to track gov/mil.

Re:Encryption enables criminals

[Anne+Thwacks]

If the authorities have a backdoor key, it's only a matter of time before the criminals get that key too.

I fully expect the bookies to take bets on whether the authorities lose the keys before the black hats find them. I am still considering my position on this one.

And three tweets back...

[Trailer+Trash]

He's talking about "baseless attacks on professional law enforcement", "professional law enforcement" being the FBI in this case.

https://twitter.com/RonWyden/s...

I can personally reconcile those two things, but the optics aren't good. I know the response: "But my attack wasn't *baseless*." Okay. The problem is that it's a matter of opinion.

Re:And three tweets back...

[oh_my_080980980]

Actually it's a matter of fact.

"Your stated position parrots the same debunked arguments espoused by your predecessors, all of whom ignored the widespread and vocal consensus of cryptographers."

"Eliminating these vulnerabilities is a mammoth task, and experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely."

"I would like to learn more about how you arrived at and justify this ill-informed policy proposal. Please provide me with a list of the cryptographers with whom you’ve personally discussed this topic since our July 2017 meeting and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity. "

You can fuck off now moron...

No one is saying that it doesn't weaken it

[Nukenbar]

The FBI is saying that the public law enforcement need justifies weakening already strong encryption.

Though others will disagree that encryption should be anything but the strongest available.

Re:No one is saying that it doesn't weaken it

[cascadingstylesheet]

The FBI is saying that the public law enforcement need justifies weakening already strong encryption.

Though others will disagree that encryption should be anything but the strongest available.

Precisely. It's a political decision (meaning, one that we resolve peacefully through our elected representatives), not a technical issue per se.

Technical details, yes, bring on the tech experts. Deciding which trade-offs to make, well, that's what the political system is for.

Re:Encryption enables criminals

The issue (from the FBI's point of view) is they went and got the warrant, took your phone, and still can't read your data.
They want a backdoor so that once they take your phone they are able to read the data so that when they are allowed to do so they can.

And really that would be possible. The phone manufacturers could include a unique per device override pin that is burned into the secure enclave and works like the user defined pin. Then when the FBI gets the warrant they can also subpoena the override pin form the manufacturer once they have the device and can see it's serial number. This would reduce the time to brute force the pin as there are now two successful results, but that can be mitigated by making pins longer.

This would provided all involved act responsibly work exactly as intended. Individuals have secure communications and law enforcement can get the override and pin they need via existing legal channels when investigating a crime. And having one pin does not extend to opening arbitrary devices.

The problem of coarse, is that the existence of the override pin and the phone manufacturer having the list of them means that if the manufacturer's security is compromised all the phones they have sold are compromised as well. The FBI doesn't care about that because they arn't the one who'd have to deal with the PR nightmare of having to explain their security was breeched or eat the cost of resolving the situation.

what will happen in a month?

[v1]

It looks like the senator gave him a month to dig up an excuse, and left him with very little wiggle room. It's nice to see a tech-savvy representative, and specifically one that knows how to close all the escapes at the same time to speed up the process. I'm sure the director would love to be able to stall for 30 days and then step back up into the light and kick the can down the road another 30 days, but I don't see that happening this time.

He's either going to have to dig up some at least semi-reputable cryptographers to throw under the bus, or admit that he's "pulling a trump" and ignoring all the experts around him in favor of his own opinions on the matter. (though in this case it's almost certainly coming down to just doing specifically what he's been told to do, more of a "trump by proxy" move) It's rather irritating to see we've set things up so that certain people can't make certain rules, but then we go and let them replace the person responsible for that rule with someone that will do whatever they tell them to - it defeats the purpose of the separation.

I'm also a little bit curious why I haven't seen this whole idea get compared with the TSA's baggage locks? Isn't that basically the same idea as this, though on a much more limited scale? Mandating a government back-door, and all the unintended as well as the widely-anticipated problems that you get as a result?

Re:what will happen in a month?

[cascadingstylesheet]

He's either going to have to dig up some at least semi-reputable cryptographers to throw under the bus, or admit that he's "pulling a trump" and ignoring all the experts around him in favor of his own opinions on the matter.

It's at least partly a political question though, not just a technical question (I mean the whole issue, not the senator's question).

Fire exits make stores less secure, for example, but we still require stores to have them.

Now if this requires the director to be explicit about the tradeoffs, fine.

Re:what will happen in a month?

[gtall]

No, he'll simply ignore Wyden. Unless Wyden comes back with a subpoena which would have to come from the entire Committee, Wray will simply fade away when he retires shortly.
 

Re:what will happen in a month?

[h4ck7h3p14n37]

The difference is that the TSA can't put you in prison for using a non-approved lock, they just cut it off your luggage.

This is so simple....

[wbr1]

If the authorities have keys to everyone's houses then you have:

1. Made the location of those keys a target for criminals with a huge payoff.
2. Made it easy for certain of the authorities themselves to abuse those keys for illegitimate purposes.

The sickening thins is that this is a bi-partisan issue, that BOTH sides have horrible track records for. It seems that privacy and security of their constituents takes a back seat to anything else. Wonder why that is.

Re:Oh bullshit

Sooner or later it will leak. See WannaCry and reason why Kaspersky was banned. Those issues were related to bug/tool leaks that were supposed to be very confidential.

Re:Encryption enables criminals

[Luthair]

Don't forget if we're talking about communication the ideal is perfect forward secrecy otherwise if master keys are compromised attackers (e.g. Russia, NK) who have stored past encrypted data have access to it all.

Re:Encryption enables criminals

[HiThere]

Here's the problem with that bet:
How can you prove the source of the key.

Cost vs. benefits of the strong encryption

[mi]

Universal, on-by-default strong encryption is a good thing.

Is it? I'd like to see some cost-benefit analysis, before I accept the above statement. The cost, obviously, is that some crimes (including grievous ones) will become much harder — and even outright impossible — to solve (or prove in court). The benefit is that the innocent people will have their communications and data protected from illegal snooping without personal technical knowledge.

What outweighs what is not immediately clear...

Personally, I'm inclined to agree wit your statement for the same reasons I value (worship!) the Second Amendment — whether or not it is net-beneficial, arming oneself is an inalienable human right. But I'm certain, you don't view it that way — so what's your reasoning?

Re:Cost vs. benefits of the strong encryption

[Blymie]

In the old days, people didn't use the phone or mail to communicate illegal intent or ideas. At least not even the dumbest of crooks.

Which left voice. In person.

Yet astonishingly, people were caught for all manner of illegal acts. Again and again, courts were full of crooks in trial -- and yes, prisons had people in them.

Now fast forward. Suddenly, it's only possible to catch crooks with encryption. Eh? What? Say again?

It's all about dollars. About the big buckaroo. About how much you spend on law enforcement, how much you pay/spend in resources for informants, how many undercover cops you have. In short, it's about exchanging liberty and freedom for cost.

Nothing else. Nothing else at all.

Re:Cost vs. benefits of the strong encryption

[mi]

Suddenly, it's only possible to catch crooks with encryption.

Sorry, I'm not interested in arguing with anyone, who knocks out the strawmen of his own making.

Re:Cost vs. benefits of the strong encryption

[shaitand]

"What outweighs what is not immediately clear..."

On the contrary. New techniques in forensics applied to past cases have consistently proven high numbers of wrongful convictions. I'm a US citizen who like all other US citizens breaks dozens of laws including felonies on a daily basis, many without knowing it even if I thought about it without any real malintent or harm to my fellow citizens. So I find it objectively far more important to limit law enforcement effectiveness to the most obvious and egregious violations and avoid wrongful convictions at all costs.

"whether or not it is net-beneficial, arming oneself is an inalienable human right"

The second amendment is net-beneficial and would be even more so if it were legally honored in the US (you'd have very few mass shootings if the crowd can shoot the crazy guy, which is why the vast majority have been in gun free zones). The right to bear arms is slightly about hunting, strongly about the people not being purely at the which of those in power, and most strongly about national defense. Foreign nations are highly unlikely to invade the US directly because the civilian population is well armed. If they did invade it would be somewhere like New York with heavy arms restrictions. Good luck talking anyone but a suicide trooper to patrol in a city when every third window has a sniper in it. That deterrent only has to make a difference one time... ever... to be worth any costs.

Re:Cost vs. benefits of the strong encryption

[mi]

So I find it objectively far more important to limit law enforcement effectiveness to the most obvious and egregious violations and avoid wrongful convictions at all costs.

No. What you want is to make those other activities legal — thus freeing the honest cops from having to prosecute them, and making it harder for the dishonest ones to harass you. This, however, is completely unrelated to the question I posed...

The second amendment is net-beneficial

Citation needed. Or would have been needed, had the topic been about that.

Re:Cost vs. benefits of the strong encryption

[nasch]

I suspect there are at least two other reasons more important than private citizens with guns deterring anyone from invading the US, those being the US military and economic incentives.

Re:Cost vs. benefits of the strong encryption

[Agripa]

The benefit is that the innocent people will have their communications and data protected from illegal snooping without personal technical knowledge.

So guilty people do not have 4th amendment rights? Why let them have 5th or 6th amendment rights either then? (1) At least I know where you stand.

Undermining the 4th amendment undermines the rule of law and the credibility of all three branches of government.

(1) Oddly enough, civil rights are easier for criminals to enforce because the innocent have fewer remedies. For instance exclusion of evidence means nothing if you are not given a trial.

Re:Cost vs. benefits of the strong encryption

[david_thornley]

(you'd have very few mass shootings if the crowd can shoot the crazy guy, which is why the vast majority have been in gun free zones)

Potential targets tend to gather in areas that get designated gun-free. When shooters are in areas that allow guns, the civilians with guns don't seem to be effective at shooting back. I need evidence to believe that civilians with guns deter or stop mass shootings.

Having an armed citizenry means approximately nothing to deter or stop organized military forces. It used to be that an armed citizenry was able to have some reasonable role, but WWII showed a lot of brave partisans losing to poorly trained, poorly equipped, poorly led regular forces with poor morale.

Wyden was always reliable on this

[Xenographic]

Wyden was always reliable on this sort of issue. If you search his name, you'll see a lot of past stories not unlike this one on various encryption or privacy issues.

We could use more people in Congress like him.

Re:Wyden was always reliable on this

[bluefoxlucid]

I have an IT Security background and intend to end identity theft and get Internet voting going in a sane manner. I also disagree with the reauthorization of FISA 702 (I generally disagree with domestic surveillance, even though things like outside cameras are public space and not technically a privacy violation. We have a sense of autonomy and secrecy when we are alone, and don't need a sense of paranoia about cameras and microphones prying into our every movement).

Re:Wyden was always reliable on this

[EndlessNameless]

Oregon is already electing competent Senators. Well, at least this one---I don't know about their other guy.

We need more tech-literate voters and advocates in other places. It takes 50-60 Senators to pass a good law.

Re:Wyden was always reliable on this

[Aighearach]

Sen. Merkley is cut from the same cloth, but he doesn't have as much experience yet. And perhaps isn't as smart as Wyden, who is the rare politician that really could have been a world class (almost anything). Merkley follows Wyden, for the most part. It keeps him popular.

Its all because we have functioning direct democracy at the local level. It changes voter expectation in a positive way. We even have a few decent congresscritters, er, Representatives.

Re:Wyden was always reliable on this

[ilsaloving]

If you know how to pump your own gas you'll be ahead of the game. :)

Re:Wyden was always reliable on this

[jd]

I wrote to him when Congress was planning on banning software-defined radios. I was impressed by his reply. It was intelligent. It was readable. It showed he'd actually thought about the issue and the technical points.

An intelligent person in Congress is a rarity. That he keeps being re-elected is astonishing - by the nature of a democracy, it is unfair to hold a higher opinion of voters than of those voted in. After the Redneck Trials in Portland last year, when criminals were set free on the dubious grounds that being white proved their innocence, my opinion of those in the city took a dive. Mind you, it was already low. I'd seen 5th street at night and shootings were becoming common near Powell's bookstore.

Anyways, Wyden is maybe no genius but he is technologically astute and deserves to be listened to. Which means the FBI won't.

Re:Wyden was always reliable on this

[nasch]

After the Redneck Trials in Portland last year, when criminals were set free on the dubious grounds that being white proved their innocence

What are you referring to here?

Re:Wyden was always reliable on this

[dryeo]

Championing internet voting sounds like a good reason not to vote for you as it is close enough to impossible to implement in a way that is secure and understandable to the average voter.
One of the most important things in democracy is for the people to believe the vote was fair and accept the results.

Re:Wyden was always reliable on this

[bluefoxlucid]

as it is close enough to impossible to implement in a way that is secure and understandable to the average voter.

Challenge accepted!

You can implement Internet voting by using cryptographic identity tokens to verify that a hard credential was once presented for in-person verification. This is stronger than current voter verification, so we still need our existing polling places: requirements for a hard credential verification (such as by driver's ID or passport) would disenfranchise voters in our current system. Mind you, we need to fix the underlying problems preventing people who have become homeless or otherwise lost their identity papers from obtaining a photo ID, because that does other things: it keeps them out of homeless shelters, denies them government benefits, and otherwise disenfranchises them of many government and private services to which they are entitled.

So Internet voting is only allowable for the subset of voters who can get a Photo ID. The remainder must go to their designated polling place as usual.

To assign a cryptographic token, a voter would take their hard credential to a government building such as a motor vehicle authority (where you get your driver's license and voter registration), Social Security benefits office, or their designated polling place. They would bring, buy, or (if facing the hardship of poverty) be provided with a standards-compliant FIDO device, such as one by Yubikey (we really need another manufacturer making good ones). This device costs $18 and can hold 1,000 identity credentials. It uses 4096-bit RSA or strong elliptical curve cryptography (although it doesn't use curve 22519).

So far, so good: show your ID, get a USB device.

When you identify with your ID, you plug the device into a USB port, and press a button on its back. That's it. The government verifies your ID and has you present the device. In the background, this thing generates a random key pair and sends the public key to the requestor—no user intervention.

These FIDO devices plug into a USB port, then blink a light when challenge. You click it and it signs the challenge using the requested key. To vote on the Internet, you'd go through the online system, check all your boxes, then insert the device when prompted and click the button. That's it.

For added security, you can use two-part independent verification. When you submit your vote, it goes up to the server, which stores it and sends back a QR code signed by the voting system's own private key. That code contains your vote data. You can point your smart phone at it and verify its contents. If satisfied, click "Cast" to finally cast your vote, then use the FIDO device again (one more click) to send it.

Security: it takes two physical button presses to actually cast a vote. The first is required to create your vote data in an unmodifiable form; you receive that back in a form not modifiable after being received, interpreted, and signed by the voting system itself. Your vote isn't actually accepted until you send THAT back as final verification that you have seen it through the eyes of the voting system--which requires the second press. The data can't be modified in between, and new data can't be sent that second time without requiring a THIRD press to cast the update instead.

Interface: Check the boxes, hit submit, plug in the USB key. Click. Point your phone at the screen if you want to verify that your browser hasn't been hijacked to cast fake votes (no guarantee your browser and phone aren't both hijacked and colluding). Click. Your vote is cast.

Compare this to today's voting system: we fill out a bunch of paper ballots or use electronic voting systems. The votes get cast. Somebody else counts them, tells them how many there are. If the election officials are lying, they can get away with it. They can discard votes from the pile--no one will know. We don't recount votes by name;

Re: Wyden was always reliable on this

[interstellarsurfer]

Too late. Looks like you're going to have to build a wall. Prefferably around Portland. :-P

Re: Wyden was always reliable on this

[interstellarsurfer]

If Joe Sixpack knows how to use the Big Letters, too, I'm definitely siding with him.

Re:Wyden was always reliable on this

[david_thornley]

I'm going to suggest that you may not have "understandable to the average voter" down quite right.

Compare this to today's voting system: we fill out a bunch of paper ballots or use electronic voting systems. The votes get cast. Somebody else counts them, tells them how many there are. If the election officials are lying, they can get away with it. They can discard votes from the pile--no one will know. We don't recount votes by name; we don't all verify our own votes; there is no protection against fraud by the elections board in today's system. Even giving people a ballot receipt doesn't work, because you can't get a look at all votes, and the system can report the vote you cast without counting it. Once you have collusion at the central authority, your voting system is compromised.

That's why we have observers at the polling places, and tamper-evident seals on ballot boxes. In our state, we have tabulators, which collect ballots and count them. This leaves a record of how many votes were cast in that precinct, which can be checked against later counts. All handling of ballots is supervised by observers, normally including at least one from each major party. This doesn't produce tamper-proof voting (nothing can) but it does a good job of making it tamper-evident.

So, the votes get cast. In each precinct, there is now a tabulator that has been under observation the whole time. It reports on the totals. The totals for each precinct are sent to the State. In a certain number of randomly selected precincts, the votes are manually counted and compared to the machine counts, this being done with observers watching, just to check the tabulation. (There may be small differences, with ballots not filled out right.)

At this point, we have precinct totals. The state authorities will publish the election results down to the precinct level, so it's possible to spot-check precincts and do the addition if you don't trust the state authorities. We have sealed ballot boxes with the ballots in them. Nobody's had a chance to get at the ballots unobserved. If someone comes up with a way to tamper with them, the machine count will be significantly off, triggering an investigation. Such tampering carries the risk of facing felony charges for relatively minor changes in the overall voting.

If the race isn't really close, we can live with a little inaccuracy. If it is close, we can do a full manual recount. This involves bringing sealed ballot boxes out of storage, examining the seals with observers present, and doing manual counting while observed. Large discrepancies between this and the initial counts will be suspect and investigated.

Everything about this is understandable to the average voter. If there are visible shenanigans, at least one observer will raise the alarm. If the boxes are tampered with, the seals will show it. If not, well, it's possible to lose boxes, but in that case the initial tabulation can be used. It isn't possible to undetectably fudge the overall total. This is about as secure as we're going to get.

This completely eliminates password confusion and lost USB keys. The voter shows up, is identified in some manner, and votes with all materials supplied by the polling place. (Where I live, we sign in under our names. If someone were to try to vote for me, that someone would arrive either earlier or later. If later, my name's already down there. If earlier, I show my ID to prove that I'm me and inform the election judges and observers.)

Overall, I still prefer traditional paper voting. Your ideas, while interesting, don't strike me as the right way to do things, partly because it's too technical for most people. You also don't seem to quite grasp what can be done to make paper voting secure.

Re:Wyden was always reliable on this

[bluefoxlucid]

Overall, I still prefer traditional paper voting. Your ideas, while interesting, don't strike me as the right way to do things, partly because it's too technical for most people.

The part people actually see is they click a few boxes, plug a thing in, and push a button. There's no technical knowledge required. Everything else is a behavioral countermeasure.

I've had no trouble explaining how these things work to the uneducated, even at a technical level.

Interesting that the voting is observed by major parties. That helps. I'm sure I could attack that system, but it'd take me a while to figure out how, and I'd have to watch it in action a few times. It would also take greater collusion.

Re:Encryption enables criminals

[Marisaze]

Right, this is really the issue.

No matter how they implement a backdoor, it will automatically make encryption weaker. Not to mention that anybody could then use additional encryption to prevent anybody from reading it. Then you get "You wouldn't use more encryption unless you were guilty of something" courtroom nonsense that we already have, just with an additional layer of waste on top.

That and your setup also suggests that we don't already have tons of issues with companies making things like IoT devices vulnerable without even needing the backdoor. Leaving the telnet port open by default with no way of changing a default password rings a bell. They're getting better but this sort of thing still happens. I can't imagine this will be an exception.

Score:5, Insightful

[coughfeeman]

I would be a well deserved (Score:5, Insightful) for a comment that basically says, "Cite?"

Re:Oh bullshit

[AHuxley]

AC re 'criminals *will* have the backdoor key?"
SISMI-Telecom scandal https://en.wikipedia.org/wiki/...
Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05
Once that crypto walks out of the gov/mil, anyone can become a trusted part of a nations telco network.

Wyden's awesome!

[lkcl]

this guy's a hoot! look at the list - calling out the bullshit on so many topics, including pointing out the nonsense on industrial hemp being classified as a schedule 1 drug when there's BELOW 0.3% THC in it! i like this guy :) https://www.wyden.senate.gov/n...

LOL Clipper Chip

[nctritech]

I guess this isn't the best time to remind Mr. FBI about the Clipper Chip near-disaster. The government though they'd force people to use backdoored encryption chips in the 90s that contained a "Law Enforcement Access Field (LEAF)" and it not only compromised security but the LEAF check hash was also easily spoofed plus the Skipjack algorithm used was ripped to shreds by cryptography researchers pretty quickly after declassification. Had we been forced to use the Clipper Chip, we'd have had a major security mess on our hands since it was practically a placebo at its one main job: security.

Re:LOL Clipper Chip

[Agripa]

Clipper competently done would have worked but would also have required legislation making unapproved encryption unlawful.

A better situation would be to make everybody *think* that their communications are secure while convincing the telecommunication companies to compromise the endpoints. Then the mass surveillance could be hidden with telecom immunity, parallel construction, and national security. Wait, isn't that what we have now?

Re:Oh bullshit

[tietokone-olmi]

>Why do you assert that criminals *will* have the backdoor key?

Because the backdoor key will be tremendously valuable, someone with legit access will be corrupted into handing it, or access to it, over. Similarly, a software program that provides access to the backdoor will be copied and its accountability protections stripped because it's tremendously valuable to the NSA. And so forth.

The genie ain't staying in the bottle for two fucking days.

Re:November

[RoccamOccam]

the Republican challenger will say that the baby killing Democrat who is beholden to Nancy Pelosi ...

I'll just leave this here: The House of Representatives has just voted to pass the Born-Alive Abortion Survivors Protection Act, by a vote of 241-183. Every Republican representative voted in favor of the bill, and all Democrats voted against it, with just six exceptions.

Just out of curiosity

[rsilvergun]

what makes you stick with the Rs? They've been pushing the 'Tough on Crime' / 'Think of the Children' agenda for ages. Sure, Clinton (Bill) pushed it too, but largely to court Republicans. While I'm not saying the Dems are saints I think it'd be much easier to purge and/or marginalize the corporatist schelps & authoritarian types from their party than the Rs.

Re:Just out of curiosity

[rogoshen1]

yeah, i wonder that myself. Honestly probably a bit of a RINO.

I do definitely lean towards moderate/Goldwater type republicans though -- the last candidate I would have even considered voting for was Huntsman, but of course he got torpedoed pretty early on.

Go figure =/ The real problem isn't so much R vs D, it's that politics has become so incredibly fucking polarized (which is saying something.. I remember back when GWB was elected, it was pretty bad. Obama and now Trump have just amped that tendency up to weapons grade levels) that a moderate candidate from either party has essentially zero chance of getting past the primaries. It's really an untenable situation in the long term.

Re:Just out of curiosity

[bluefoxlucid]

Have a read.

I'm a pretty radical center-left candidate myself. I'm pushing policy to end homelessness and hunger, without raising the tax burden, and trying to change how our economic policies fundamentally work. Too much Bernie Sanders socialism for me, but I still want universal healthcare and a strong social safety net. I found a way.

Re:Just out of curiosity

[Agripa]

Just because I do not support the Rs does not mean that I support the Ds. Fuck both of their houses.

1984

[Radio+Bill]

It has been decades since 1984. Why are we surprised?

Partisans Attention

[31415926535897]

As a conservative, I stand with Democrat Ron Wyden in his position. And that fact made me realize something.

To liberals who often want to ban firearms: if you support Ron Wyden's reasoning about encryption, then please realize conservatives have been making the same arguments about firearms and the second amendment since forever. (e.g. if you ban strong encryption de jure, then only criminals will have strong encryption and that will be used against the average law abiding citizen).

To conservatives to often want the state to have strong enforcement powers: don't be hypocrites. If you support the FBI/NSA/CIA desires for compromised encryption for the effectiveness of law enforcement, realize that the same logic will be used against your second amendment rights.

We the people need to work together to make sure that the state doesn't abuse it's power, and this relates to encryption and firearms. Don't let the government use partisan politics to turn us against each other so that they can do as they please.

Re:Partisans Attention

I'm not a liberal (or a conservative) and I don't want to ban firearms, but your analogy has significant flaws in it. This isn't about abuse of power, this is about methods that can be used to break encryption. Any "backdoor" placed in the encryption algorithm would necessarily create a vulnerability that could be exploited. You cannot give access to law enforcement without simultaneously weakening the encryption. There is simply no known method to give them what they want without exposing you to other threats.

Re:Partisans Attention

[HeckRuler]

I'm a pretty liberal guy and the obvious refutation is that secrets are fundamentally different than violence. A kid with secrets isn't going to hurt anyone while a kid with a handful of violence can hurt himself and others. But that's just kinda knee-jerk partisian politics talking. I myself believe in the 2nd amendment for the whole "overthrowing tyranny" aspect. And to that effect, I've argued that hard, strong, REAL encryption should be protected under the 2nd amendment.

Re:Partisans Attention

[jockeys]

very thought-provoking, thank you.

Acceptable losses

[rsilvergun]

That's all he needs to say. The damage from occasional breach by criminals will be dwarf by the gains from proper law enforcement. His arguments will be non technical. They'll pass the 'truthiness' test. Emotional if you will. To be honest such arguments usually win out in the end, if only because the people making them keep pushing for it.

Re:Acceptable losses

[Comrade+Ogilvy]

Such arguments work because the short term benefits to law enforcement are likely real enough, while the short term risk of a breach are not so terrible. It is in the long term that a pile of magic keys to everything looks like a horrible idea. Law enforcement as a group are not particularly better at guarding their secrets than anyone else, especially when a professional criminal outfit banked by a nation state is involved in the game. A big breach could be a disaster that would take years to fix, with real negative effects on the economy and national security.

Well but then

[fyngyrz]

You have to remember that most criminals are not particularly bright. How often do you hear that they were scuppered by posting incriminating photos on Facebook, or using the phone they just stole without wiping and disabling "find my phone"?

Yes, you hear about those.

It's the ones you don't hear about that aren't dumb.

Re:Well but then

[Major_Disorder]

I know several people who work in Law enforcement and this topic has come up a few times. They are all in agreement that there are a class of "Smart Criminals" out there who do not get caught, and are seldom, if ever, on the police radar.
We are not talking Super Villains here. but regular people smart enough to wear gloves, not talk about the crimes they committed, not go on a shopping spree the day after a major crime, and destroy as much evidence as possible.
It is a pretty low bar to be a "Smart Criminal".

Re:Well but then

[shaitand]

"They are all in agreement that there are a class of "Smart Criminals" out there who do not get caught, and are seldom, if ever, on the police radar."

There is a third class of criminal that includes everyone, smart and dumb, since we all break laws on a daily basis (and if you allow laws at the mercy of officer discretion almost everything we do it illegal). I doubt any of us makes it a month without having done something that is technically a felony.

The dumb people are the ones who think that just because they don't anything wrong they have nothing to worry about and push for stronger and more effective enforcement. Perfect enforcement and stronger penalties would mean everyone in prison. These days if you actually have a middle class profession you can lose your ability to be employed by falling behind on your bills., Just think about your prospect of paying off those unsheddable student loans racked up pursuing your masters degree with your lifetime of burger flipping money after a felony conviction for failing to enter your deductions correctly in quicken.

encryption is a 2nd Amendment issue

First, just common sense, it is essential to self defense to have reliable encryption.

Second, the fed gov't already treats encryption technology like "arms" in some ways, i.e., export controls.

So NRA, where are you now? Why aren't you protecting our rights?!?!

Re:Encryption enables criminals

[bluefoxlucid]

One of the aspects of a free society, is the general concept of innocent until proven guilty

I keep telling people that if you can get away with a criminal behavior--if you can do it without getting caught, reliably--that behavior probably shouldn't be criminal. We have laws that prevent illegal search and seizure, which makes it kind of hard for the police to discover you've been fermenting apple juice into cider and enforce any law making the personal consumption of alcohol illegal if you're not getting drunk and becoming a rowdy nuisance (or worse). On the other hand, people know when they've been robbed, and it's hard to make a career as a thief without ever getting caught (or having to craft enormous master plans to keep your identity a secret--which usually only works in cheap romance novels targeted at a certain breed of reader).

We accept certain risks so we have protections against government overreach.

Re:Oh bullshit

[Anne+Thwacks]

Similarly, a software program that provides access to the backdoor will be copied

Or any single computer with un-patched Meltdown susceptibility cracked.

Re:November

[mr.mctibbs]

You do realize that none of these "babies" is viable and will die in the hospital, if not before, right? This literally just exposes doctors to liability for not wasting money on transporting a doomed organism.

But of course you and everyone who supports this bill knows that, because the point is not to improve or save lives, but to attack abortion rights.

Re:Encryption enables criminals

[h4ck7h3p14n37]

No, they can't hold you in contempt until you unlock the phone unless you're dumb enough to use a fingerprint reader. We have this thing called the 5th Amendment that prevents the government from forcing us to become a witness against ourselves.

There is plenty of legal precedent against compelling users to enter passwords and assisting law enforcement with searches.

Re:November

[RoccamOccam]

No I don't know that and neither do you. This is no longer about an abortion. I can't believe that anyone would try to justify not providing normal standard of care just because the baby is not wanted.

FBI Dir. Christopher Wray and the RSA Confeence

[mencik]

I'd like to see the organizers of the 2018 RSA Conference to be held in April invite Mr. Wray to join in the cryptographers panel to discuss this issue. They'll eat him alive.

Ron, the man with the plan in the sedan

[TiggertheMad]

Ron Wyden, my crypto-homie! Slappin DOWN that fuzz with the verbal beatstick ->

I would like to learn more about how you arrived at and justify this ill-informed policy proposal. Please provide me with a list of the cryptographers with whom you've personally discussed this topic since our July 2017 meeting and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity. Please provide this information by February 23, 2018.

...SO I CAN BITCH SLAP THEM SUCCA-FOOLZ TOO!

Man, I never heard of him before, but I like this Ron guy.

Re:Oh bullshit

[Namarrgon]

The TSA demanded (and received) back-door master keys to your luggage for exactly the same reasons, for fighting them terrorists. Guess what? They leaked.

Also, Apple's signing keys are far less valuable, since you need a lot more than that to install software on their phones - and the signing mechanism has long been defeated by jailbreaking anyway. They have no master decryption keys. And there's zero actual evidence that Apple has given back-door access to user devices to China or anyone else, despite vaguely-worded reports about "security checks"; Apple continue to insist that not even Apple can do that.

Re:November

[JackieBrown]

It says something that the Democrats can be so blatant about their lack of regards of life. This isn't even a pro-choice issue anymore. The baby is already out. It even protects the mother from any charges and as well as giving her civil rights.

Re:November

[JackieBrown]

None? Not a single baby is viable?

You might watch the movie “Baby Hope”. It's really good unless you are just in to dark, anti-hero type movies.

Possible to design access features

[mysidia]

Using Public-Key Cryptography. The same crypto generally used to secure the user's keys. Generate hierarchical public-secret keys from a shared seed similar to Bitcoin wallets that use Hierarchical-Deterministic Wallet addresses, so there can be a large number if separate Public-Secret Keypairs XOR the per-key seed by a "partitioning key".

Assume the company goes through a process where they generate 500,000 "Backdoor keypairs" using HSMs --- each "user" of the service will be assigned to a randomly chosen unique backdoor public key, in the process of generation, a copy of every decryption key the user has access to during key generation will be encrypted using EC public key crypto with the selected backdoor key, then during the one-time process when the original backdoor keys are being created: divide each key into something like 20 Shares requiring 15 of 20 crypto officers gather to assemble and authorize
1 usage of that particular backdoor key ---- make the selection of key unitholders so that no more than 5 reside on the same continent, no more than 3 reside in the same nation, no more than 2 reside in the same province/local part of a nation or work for the same agency, Then require another 15 of 20 people be present to yield the Partitioning seed of the particular Backdoor key to be utilized, thus eliminating the possibility of "Convenient, surreptitious" access ----- ordering each implementation of a specified user's backdoor key will require assembling a group of people coming from at least 5 nations.

Re:Encryption enables criminals

[jd]

I can't wait for these questions to appear on University Challenge.

Re:Oh bullshit

[jd]

First, the keys tend to be on the devices and not central servers. That means you need a program on the devices that can transfer keys to arbitrary computers (since every jurisdiction has a different server and servers change their IP addresses from time to time). That means all you need to know is the packet used to request a key for one device and you can fashion the same packet and send it to any device. The key will then be sent back along that channel to the sender.

Second, router poisoning means that stuff destined for a proper server can take a shortcut. Router poisoning is a very common form of attack because most routers don't validate that messages come from proper routers. Even when they do, BGP4+ defines a minimal method of authentication using shared secrets.

Third, let's imagine they use names rather than IP addresses. Almost nobody uses DNSSec (because it's crap) and DNS is very easy to poison. Again, all your top secret keys go to Joe "Just Doin My Job" Mafia-IT-Dude Bloggs.

Fourth, I thought Sony and the recent scandal whereby ALL antivirus vendors sent US government information to Russia had kind of disabused people of the idea that intelligent people were running corporate databases.

Fifth, the DoD was bloody broken into by viruses on thumb drives that copied information across airwalls. Then there were Manning and Snowden - not criminals, but obviously accessing highly classified information that nobody had bothered to secure. The Chinese got hold of the current generation of stealth fighter plans because the DoD dumped hard drives without wiping them. And you trust the government not to do anything stupid. Sorry to disappoint, but you couldn't find stupider if you hunted through the WalMart greeters. These are not people I'd trust with the time of day.

Sixth, in order to have every key, they'd have to disable SSL and TLS. Completely. As these use ad-hoc keys. In fact, they'd have to get rid of IPSec as well. Every connection you made would have to use the same key. This would make international banking interesting. Particularly for fans of Bletchley Park. Perhaps you don't understand how cryptography works. When you use the same key for everything, it doesn't.

Re:Oh bullshit

[jd]

Given how many keys would be generated if people continued using IPSec or TLS, it's obviously impossible to catalog them all along with the timestamps for their validity. That means everyone must have identical keys. That means exposure by one person exposes not just that one thing but absolutely everything.

Worse, because all messages would have to be encrypted with the same key, a Bletchley Park-style attack would quickly figure out what they key is. If you know the structure and enough of the plaintext content, then the remaining 1% should be easy to crack.

Re:Encryption enables criminals

[jd]

If there are two independent keys that decrypt the message equally, then there are N independent keys that decrypt the message equally, where in many cases N approaches all the possible decryption keys. The pin is not something you compare X with, so simply having a second isn't simply comparing X with two values rather than one. The pin is a part (Byzantine Encryption) or all of the decryption key. Having two means your algorithm has got to have f(x, k) and f(x, y) produce identical values. For most functions, that means making k and y irrelevant. Which means your encryption isn't just weak, it doesn't exist.

EFF now says all printers have tracking

[Excelcia]

The EFF no longer maintains the list. The original list was simply those printers that produced documents where the EFF could not see any yellow tracking dots. The EFF has put this note on that list:

(Added 2017) REMINDER: It appears likely that all recent commercial color laser printers print some kind of forensic tracking codes, not necessarily using yellow dots. THIS IS TRUE WHETHER OR NOT THOSE CODES ARE VISIBLE TO THE EYE AND WHETHER OR NOT THE PRINTER MODELS ARE LISTED HERE. THIS ALSO INCLUDES THE PRINTERS THAT ARE LISTED HERE AS NOT PRODUCING YELLOW DOTS.

This list is no longer being updated.

Simply put, the EFF believes all printers have forensic tracking codes.

Re: November

[RoccamOccam]

This bill isn't about a fetus, dolt.

Let See .....

[WindowsStar]

Ok, let's see how this works, disgruntled Silicon Valley Company worker is fired. Leaks backdoor to internet. Now encryption is worthless. True story.

Re:Encryption enables criminals

[Gaxx]

With Paxman frowning "Come on, come on. It's not difficult. At least not unless you're a politician"

Re:Encryption enables criminals

[Agripa]

Because encrypting also hides information from criminals.

The difference between our government and criminals is that criminals are more honest in not expecting you to praise them for stealing from you.

Re:Encryption enables criminals

[Agripa]

I expect for 99.99% of all encrypted data it is just information that isn't proof of wrong doing.

If 99.99% of drug sniffing dog "indicators" were false positives, the courts would still consider them reliable.

Re:November

[david_thornley]

If the baby is already out, what does it need with special protective laws? There's already laws about murder and malpractice.

How many laws do you want passed on a single issue? And where did you get the idea that the Feds have the constitutional authority over this (assuming that the birthing room isn't crossing the boundary between two states)?

Re:you said violent crime wouldnt go down

[BronsCon]

You don't think the victims are innocent? Also, and I repeat myself, guns aren't going anywhere. The cat's out of the bag; we would have needed stricter gun laws before guns began to outnumber people in this country. I'm all for compromise where there is some benefit to be realized, but you won't get me to agree to it when the time for that benefit has long passed. That's where we are today and it's really not my fault you're too goddamned dense to see it.

Or, to put it another way, my 1911 sat on display at the gun shop for a year before I bought it and killed nobody in that time. I've owned it for over a year and it has still killed nobody. If guns were the problem, I'd at least have a hole in my foot by now, but I don't.

Your move.

Re:you said violent crime wouldnt go down

[BronsCon]

That makes no sense... you see, a bomb will blow you up along with the bad guy who also has a bomb. You can, however, stop the bad guy who has a gun, without shoooting yourself, if you also have a gun. Go ahead, try to stop him with a knife, or by shouting "OH LOOK, HE HAS A GUN, THAT IS SO UNCOMMON THAT I NOTICED IT, BUT I AM UNARMED BECAUSE CARRYING A GUN IS SO UNCOMMON, SO I REALLY CAN'T DO ANYTHING TO STOP HIM!"

Yeah, making it an "unusual" sight will really help a lot.

I don't know where you're from, buddy, but people walking around with guns out is already an unusual sight in most parts of the US. Being the first person in the room to draw a gun and point it at someone is going to get attention; if other people in the room also have guns, you aren't gonna be shooting anyone. However, if you're the only person in the room with a gun, well, how does you having a gun being unusual stop you from using it? Let's see, someone sees it and calls the cops, who come and stop you... minutes later after you've already cleared the room (and your weapon)?

It takes seconds to draw down on a bad guy with a gun and put two in him if, God forbid, I should ever find myself in that situation. It takes longer than that to even dial 9-1-1. Where the hell do you live that police will have arrive and defused the situation before you've even called them?

Remember: When seconds matter, the police are just minutes away.

Re:you said violent crime wouldnt go down

[BronsCon]

Your posts are becoming more trollish. I question whether you're even the same AC; no matter, though, as I find this entertaining either way.

You've just illustrated my point, actually. One less gun in the hands of a law-abiding gun owner does not equate to one less gun in the hands of criminals. What we see in other countries is truly only possible because they never had guns the way we have guns; we, on the other hand, have... If we make it more difficult for law-abiding citizens to obtain guns, they'll be the ones without guns -- criminals sure as hell won't give theirs up.

When that happens, go right ahead and try disarming the gun-wielding criminal with a spoon.

While they can be prepared in ways that make them an alright offensive weapon, the humble spoon isn't so great for defense.

Or hunting.

Oh, and as for your desire to see handguns highly regulated but allow open purchase of long guns, let's see how well that rifle works for you when you're out hiking and come across a black bear. They can be pretty damned sneaky until they're right up on you and that long gun simply ain't gonna do the job of you can't fit it between you and the target. That's why I do carry my 1911 when hiking; I'm on private property, so no permit needed, and a .45ACP to the skull will stop a bear. Thankfully, I've never had to use it, but there have been a few situations where it's been a close call.

Shoot one of those guys with a rifle, at a distance appropriate for a rifle, and you'll have FWS or your local fish and game department so far up your ass you won't shit for a week. There's no way you're convincing them the bear was a threat at that range.

Re:you said violent crime wouldnt go down

[BronsCon]

Glad to see you finally realized spoons are no match for the indiscriminate killing power of a gun.

I never said they were.

Now you just need to understand not all 12 year old girls are criminals.

I also never said they were. The ones who would kill with a gun are, though; and they would just as well kill with a spoon.

If you're going to troll, at least put some effort into it.

Re:you said violent crime wouldnt go down

[BronsCon]

You haven't really thought about this much have you. How many 12 year old girls accidentally kill themselves or someone else with a spoon?

It's you who hasn't thought much about this, my friend. In those cases, the guns aren't the problem, irresponsible gun owners and lack of training are the problem. A 12 year old living in a house with a gun should know how to safely handle that gun, even if only to be able to lock it in the gun safe should it ever accidentally be left out; and it should be locked in a damned safe if there are kids in the house. Hell, if should be locked in the safe if there are untrained adults in the house.

If you're going to blame a tool, blame the one who left the weapon out and leave those of us who are responsible enough to keep our shit secure the fuck alone.

You want handguns regulated, but you want open sales of long guns. Do you not realize that the same 12 year old could accidentally kill someone with a rifle? Again, you're the one who hasn't thought this through. Don't worry, I've been on your side of this argument; I eventually got better.