Slashdot Mirror
Senator Asks FBI Director To Justify His 'Ill-Informed' Policy Proposal For Encryption (gizmodo.com)
In a speech earlier this month, FBI Director Christopher Wray said the inability of law enforcement authorities to access data from electronic devices due to powerful encryption is an "urgent public safety issue." He proposed that Silicon Valley companies should add a backdoor to their encryption so that they could both "provide data security and permit lawful access with a court order." One person is not amused by Wray's proposal. Senator Ron Wyden criticized Wray on Thursday for not consulting him before going public with the proposal for encryption. Wyden said today, via Gizmodo: Your stated position parrots the same debunked arguments espoused by your predecessors, all of whom ignored the widespread and vocal consensus of cryptographers. For years, these experts have repeatedly stated that what you are asking for is not, in fact, possible. Building secure software is extremely difficult, and vulnerabilities are often introduced inadvertently in the design process. Eliminating these vulnerabilities is a mammoth task, and experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely.
[...] I would like to learn more about how you arrived at and justify this ill-informed policy proposal. Please provide me with a list of the cryptographers with whom you've personally discussed this topic since our July 2017 meeting and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity. Please provide this information by February 23, 2018.
[...] I would like to learn more about how you arrived at and justify this ill-informed policy proposal. Please provide me with a list of the cryptographers with whom you've personally discussed this topic since our July 2017 meeting and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity. Please provide this information by February 23, 2018.
I'll just leave this here.
The problem is not at all new, and the Senator is right to allude to the Lawman's predecessors.
In Soviet Washington the swamp drains you.
Because encrypting also hides information from criminals. If I'm buying something online, I want to give my credit card information to that site, not the whole world. If the site encrypts the traffic, it can protect my data. If it doesn't, anyone can listen in and then charge items on my credit cards. (It gets worse if you need to use a site to submit more personal information like your social security number.)
If the authorities have a backdoor key, it's only a matter of time before the criminals get that key too. Even if we assumed the authorities had the purest of intentions (a HUGE assumption mind you), I would still want encryption without "police only" back doors to protect against malicious users abusing the back door.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Senator Ron Wyden: intelligent and well-informed
FBI Director Christopher Wray: either imbecile and/or not to be trusted
#DeleteFacebook
As a republican living in OR, thank you Mr. Wyden. I wish more of legislature had an iota of common sense and understanding relating to tech before shitting out half-assed regulation with absolutely no care taken to unintended consequences.
We should be more focused on keeping the pigs honest than catching the *incredibly* rare bogeymen.
One of the aspects of a free society, is the general concept of innocent until proven guilty. We encrypt in order to protect our information from bad actors. A government is managed by people not all of them trustful, so the government shouldn't get my data, unless absolutely needed say via a warrant. Because I am innocent until proven of a crime, so my encrypted communication shouldn't be considered anything nefarious until I am expected to be up to something concrete.
I expect for 99.99% of all encrypted data it is just information that isn't proof of wrong doing. But lets say this post from Jellomizer connects me to my boss who may disagree with such a position could get me fired, because my Point of view while perfectly legal may not be in sync with the company policy.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
I don't know anything about this Senator; but on this one topic alone, he would have my vote!
I'd suggest we all write him and thank him for his courage and intelligence...
https://www.wyden.senate.gov/c...
We encrypt in order to protect our information from bad actors.
Rob Schneider's always after my password!
systemd is Roko's Basilisk.
It just hit me that one of the reasons this story is so strange, is that someone in government (who is this Senator Wyden?) is treating the situation in a way that you might expect from an adult. I'm not used to this.
Are we sure he's a Senator from a state in America? I don't want to later find out that Oregon is a place in Wales or something like that.
Nope - the key difference is whether your government is into control freakery.
Uncrackable encryption is available to anyone who bothers to ask, and has been since before the invention of paper. Anyone can create completely uncrackable one-time-pad based systems with a pencil and paper and the use of a few brain cells. Steganography was known to ancient Greeks, and plenty of ancient codes have still to be broken.
I bet there are quite a large number of languages in regular use that no-one in the CIA, FBI or TSA can speak. It is also true that some TLA agencies can crack Rot13, but presumably quite a few can't. Mandating buckets with holes in is not going to eliminate theft of liquid either. Sometimes you will have to do detective work to solve crimes but "You can't win them all". Mandating that everyone writes all their thoughts in a placard and holds it above their heads at all times won't stop people from lying. Hell, nothing stops politicians from lying. And there is clearly no limit to stupidity.
Sent from my ASR33 using ASCII
It looks like the senator gave him a month to dig up an excuse, and left him with very little wiggle room. It's nice to see a tech-savvy representative, and specifically one that knows how to close all the escapes at the same time to speed up the process. I'm sure the director would love to be able to stall for 30 days and then step back up into the light and kick the can down the road another 30 days, but I don't see that happening this time.
He's either going to have to dig up some at least semi-reputable cryptographers to throw under the bus, or admit that he's "pulling a trump" and ignoring all the experts around him in favor of his own opinions on the matter. (though in this case it's almost certainly coming down to just doing specifically what he's been told to do, more of a "trump by proxy" move) It's rather irritating to see we've set things up so that certain people can't make certain rules, but then we go and let them replace the person responsible for that rule with someone that will do whatever they tell them to - it defeats the purpose of the separation.
I'm also a little bit curious why I haven't seen this whole idea get compared with the TSA's baggage locks? Isn't that basically the same idea as this, though on a much more limited scale? Mandating a government back-door, and all the unintended as well as the widely-anticipated problems that you get as a result?
I work for the Department of Redundancy Department.
One-time pads are not really feasible. An earlier Slashdot post suggested not thinking of one-time pads as encryption, but as a way of time shifting use of a secure channel. If you have a secure channel now over which you can distribute n bits of data, then you can distribute an n-bit one-time pad and then later you can use an insecure channel to send an n-bit message securely. Having to distribute a key as long as a message is not very easy, and the requirement that the pad be generated with a cryptographically secure random number generator makes it a bit harder.
That said, algorithms like RSA and AES are pretty simple to implement. Most of the attacks on implementations of these have been timing vulnerabilities (requiring an attacker either on the same machine or very close on the network), or attacks on incorrect use of the crypto primitives in more complex cryptosystems. You can take the code examples from Applied Cryptography, change the #defines to give you longer key lengths (many of the examples use insecure key lengths to avoid export restrictions), and you've got an implementation of a secure algorithm. If you're encrypting offline and exchanging messages via some channel where an attacker has no control over or visibility of your timing, it's probably secure.
I am TheRaven on Soylent News
Wyden was always reliable on this sort of issue. If you search his name, you'll see a lot of past stories not unlike this one on various encryption or privacy issues.
We could use more people in Congress like him.
As a conservative, I stand with Democrat Ron Wyden in his position. And that fact made me realize something.
To liberals who often want to ban firearms: if you support Ron Wyden's reasoning about encryption, then please realize conservatives have been making the same arguments about firearms and the second amendment since forever. (e.g. if you ban strong encryption de jure, then only criminals will have strong encryption and that will be used against the average law abiding citizen).
To conservatives to often want the state to have strong enforcement powers: don't be hypocrites. If you support the FBI/NSA/CIA desires for compromised encryption for the effectiveness of law enforcement, realize that the same logic will be used against your second amendment rights.
We the people need to work together to make sure that the state doesn't abuse it's power, and this relates to encryption and firearms. Don't let the government use partisan politics to turn us against each other so that they can do as they please.