Slashdot Mirror
FBI Again Calls For Magical Solution To Break Into Encrypted Phones (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: FBI Director Christopher Wray again has called for a solution to what the bureau calls the "Going Dark" problem, the idea that the prevalence of default strong encryption on digital devices makes it more difficult for law enforcement to extract data during an investigation. However, in a Wednesday speech at Boston College, Wray again did not outline any specific piece of legislation or technical solution that would provide both strong encryption and allow the government to access encrypted devices when it has a warrant. A key escrow system, with which the FBI or another entity would be able to unlock a device given a certain set of circumstances, is by definition weaker than what cryptographers would traditionally call "strong encryption." There's also the problem of how to compel device and software makers to impose such a system on their customers -- similar efforts were attempted during the Clinton administration, but they failed. A consensus of technical experts has said that what the FBI has asked for is impossible. "I recognize this entails varying degrees of innovation by the industry to ensure lawful access is available," Wray said Wednesday. "But I just don't buy the claim that it's impossible. Let me be clear: the FBI supports information security measures, including strong encryption. Actually, the FBI is on the front line fighting cyber crime and economic espionage. But information security programs need to be thoughtfully designed so they don't undermine the lawful tools we need to keep the American people safe."
FBI mouthpiece is a fucking idiot. Jesus Christ, why is listening to people who clearly know better than them so goddammed difficult?
If you believe in privacy, and believe you have "nothing to hide" at the same time, you're a goddammed idiot
I'd like a magical pony. I know magic doesn't exist, but that shouldn't mean I can't get a magical pony.
#DeleteChrome
There is no security when a backdoor exists. Once it is known, everyone will work to get in, and you wont find out it was cracked until it has been heavily exploited.
But it turns out that a $5 wrench turns out to be as good as key escrow.
Anytime someone says they support strong encryption but want to be able to bypass whenever they have the need, my head wants to explode. Any bypass, back door or master key, no matter how well designed, perfectly implemented, or zealously protected, fundamentally weakens the encryption they claim to support. If a way around the encryption exists, someone will find and exploit it. Pure and simple.
I'm all for law enforcement being able to do their job. But I'm also all for strong encryption - my job in information security depends on it, and the sensitive information of millions of people would be at risk without it. Encryption is a tool, like a hammer: people with bad intent can use it to build harm as well as upstanding citizens can use it to build good. I'm sorry, but law enforcement needs to find another way to get to those nails, rather than make hammers defective for everyone.
But information security programs need to be thoughtfully designed so they don't undermine the lawful tools we need to keep the American people safe.
So here's what the industry should do...
Yes, you can use strong encryption on your phones. You then provide a super-convenient way for your customers to unlock their phones via biometrics. Then you convince the courts that, while they can't compel you to give up your password, there's nothing wrong with forcing people to unlock their phone with their fingerprints, face, etc.
There. Problem solved. You still have strong encryption but the government can compel you to use your fingerprint to unlock your phone.
"the FBI is on the front line fighting cyber crime." Ironic, considering that governments commit more cybercrime than any petty criminal could ever dream of.
The FBI was watching the 9/11 attackers to see what they would do. The FBI was warned by Russia about the Boston marathon bomber. FBI was given tips about Florida school shooter.
Yeah, FBI, keeping America safe.....keeping the government safe from its citizens anyway.
Phones and tablets synchronize everything to the cloud. Why can't they use the existing warrant system to get the data they need from cloud providers (albeit still encrypted, but they can attack that offline), or are Apple/Google/Microsoft hosting everything in Ireland now with a big FU to the USG?
...is a 2nd amendment issue. The right to strong encryption is really part of the right to bear arms.
... for TSA luggage locks. I can pick up a set of luggage lock keys from Alibaba for $5. Sure feel like my luggage is secure knowing any joker can get the key to open my luggage, even if the TSA agent himself doesn't steal things from it.
Oh so they want full trust do they? Well, if they want us to trust them - trust by the way, that they have repeatedly proven that they have not earned or deserve - then there must be these conditions in cases of violation...
If any individual in that organization violates any of the rules set out to protect people's privacy, in any way, shape or form, either directly or indirectly, then they must, must be punished!
And I do mean punished. They should be terminated from their position - immediately - without pay. They forfeit any severance. They forfeit their retirement fund. They forfeit any future government employment in any level of government. They forfeit their current life savings. They forfeit their house. Basically, do the whole 'asset forfeiture' stuff to them.
And let's not just stop at that individual. Their entire department/division should also be investigated. Everyone in it should be interrogated. Their families too. Any found complicit should suffer the same punishment. That'll keep everyone on their toes, making sure others aren't violating the rules, avoid them protecting each other or higher ups under some code of silence, or try to frame just the one individual to avoid getting caught.
Basically, they should be treated just as they've treated past whistleblowers. Anything less means they really just get carte blanche to violate the rules at their leisure.
Any why no due process? Simple: if they break the rules, they can't be trusted - the very basic thing they're demanding. It's their job not to break the rules. Don't do the job, get fired! Break the rule, get punished!
If I tell you "don't push that button" then you turn around and push it, it's the same thing: Your job was to not push the button. It required no effort to not push the button!! You couldn't follow the basic rule; in fact, you deliberately went out of your way to break it. If you do push the button, you can't be trusted. Why should I trust you if you can't follow the rule?
AC comments get piped to
"But information security programs need to be thoughtfully designed so they don't undermine the lawful tools we need to keep the American people safe." Which one is it? you want our transactions to be safe and our information secure, or you want to argue some point about having access to data to keep us safe? On the second point, who feels "safe" when the government, or anyone else with the same tools, can get into our private systems at any time? We already have mass surveillance, yet, we still have terrorism, and crime.
FBI = Fat, Bald & Ignorant
Is it at all possible to encrypt something with 3 keys? I've only ever heard of 2 keys being used before. When the encryption is done, one is sent to the recipient and one sent to the authorities?
Actually, the FBI is on the front line fighting cyber crime and economic espionage
So it looks like a US agency has finally decided to take responsibility for our nation's information security disaster!!!
Just an idea - feel free to blow holes in this.
Phone has a mode when locked to provide a cryptographic hard public key... some annoyingly long string of values > 1024 that changes periodically.
That + device serial number (or some other relating bits of info) goes to the mfgr for a one-time use unlock code that is only valid for a time limited period. Long enough to be useful, not long enough to be perminant.
Mfgr doesn't have to provide unlock w/out court order (yes, it can be the double-secret probation kangaroo court we have, but at least there is some sort of due process).
Requires that the phone physically be the hands of the police state.
Hard enough, with enough other bits of info needed, that difficult for even 'nation-state' actors to hack.
As cracking becomes easier, string becomes longer.
Thougths? Discuss amongst yourselves.
Fred in IT
Finally, the exploitable back door problem has been solved! Believe me! Leave it to the God Emperor to know the person with the technical savvy to create an un-exploitable back door. Trust me, this will be the best back door ever!
Back in the '90s, Ray Ozzie and Charlie Kaufman patented a scheme they called differential workfactor cryptography, as a way of selling copies of Lotus Notes abroad while satisfying US export restrictions for cryptographic software (I don't remember whether they were successful). In a nutshell, the idea is that a portion of each private key would be provided to the US government, so that the government's cracking task for any given key became "computationally difficult" instead of "computationally infeasible"; enough to supposedly prevent the government from going on a fishing expedition, cracking all the keys w/o individual-specific motivation.
I haven't heard much about that idea in the 20 years or so since.
Look, it's really fucking simple ... strong encryption by its very nature can't just be bypassed, because it's mathematics.
So, either he's too stupid to understand what "strong encryption" means, is lying about supporting it, or is completely fucking delusional that there can be encryption which only law enforcement can readily bypass. If the FBI can bypass it, then sooner or later defeating it will be trivial because you'll have something which a gaping hole in it.
And, really, encryption is kind of like the 5th amendment, you know, that whole right to avoid self incrimination. Or the 4th amendment, of being secure in your person and papers ... my phone is my papers, asshole.
Nobody owes you the right to decrypt their data, this is law enforcement decreeing that keeping secrets from the government (law enforcement is government) is illegal.
And surprisingly, the people who normally howl the loudest about the individual's right to privacy from the state are the ones who back this -- a shocking amount of Republicans have bought the argument that boils down to "you have nothing to fear if you have nothing to hide".
Because, deep down, Republicans are far more about government control over citizens than they're capable of understanding or admitting. In fact, just state "security reasons" and they'll support undermining pretty much every civil liberty there is in a heartbeat.
Fuck the FBI on this one, and fuck Christopher Wray for being a lying sack of shit fascist., and fuck anybody who supports this.
Papers please, comrade ... not showing your secrets to the government is not legal. You must comply with the state. Failure to follow all instructions from the state is grounds for arrest.
Land of the free?? Home of the brave??? Good fucking luck with that, that shit all ended a little over 17 years ago ... and now Americans are falling over themselves to give up their basic freedoms.
This is the kind of shit petty dictators and tyrants demand.
Simple fix. Tariffs. It will solve the encryption imbalance and make phones great again
Be Excellent To Each Other
Ok, fine. Don't believe it.
But if you're honest, you'll definitely recognize that everyone else believes it. Apparently you're the one smart person in America, and you're surrounded by fools and so-called "experts" who lack your insight.
Now prove everyone else wrong, inventor Christopher Wray.
"Believe me!" -- Donald Trump
And I'd like a unicorn!
A well hung unicorn!
If you want a pretty decent example of this, look at the encryption methods used in such things as DirecTV or Dish Network receivers. For many years,the "smartcards" containing your authorized programming were hacked in a cat and mouse game. You had to buy this programmer devices or that piece of PC software to keep up with it, but it was absolutely possible to unlock those things so you had all the programming without paying (or with just paying for a bare minimum subscription to keep something flagged as an active account).
Then, both of them discontinued their existing card technology and rolled out mandatory upgrades, and the hole was effectively sealed. Nobody I'm aware is really hacking these things anymore, in any big commercial way?
As I understand it, many of the previous hacks were really the result of leaks.... Someone was paid off to reveal a way to access the card and modify it.
That's always going to be the "weak spot" ... having such a hole that you're aware of and leave in there for internal use. If you give keys to a "trusted third party" like the FBI -- same problem only amplified because now the info exists both with the manufacturer AND the agency holding the keys. Twice as likely it will get leaked out by somebody, somewhere.
The FBI would never lie or abuse their power....
5 out of 6 people enjoy Russian Roulette & 6 out of 7 Dwarfs are not Happy
ship these guys a few kilograms of good quality Cocaine. It seems clear that they are starting to be able to talk after the last lot, but are not yet making sense. It is probably simpler and more effective for everyone if we just push them back into their drug induced addled fantasy world that to try to sober them up and break the bad new that what the rocks told them just is not true.
That way: they'll be happy and we'll all be happy!
This has nothing to do with encryption. It has little to do with Law and Order. It has to do with CONTROL. Let's face the facts: The vast majority of law enforcement, whether they admit it to even themselves or not, are in it because they want CONTROL of as many people around them as possible, and law enforcement careers give them that. They could investigate crimes and enforce the law regardless of encyption, but the fact that they can't CONTROL companies like Apple and force them to do as they are told, when they are told, without question makes them so angry that I'm sure they think about just putting a gun to Tim Cook's head and threaten to blow his head off unless he knuckles under and does as he is told to do. Surprise, surprise: many of our politicians aren't much better! They get into politics because they want power, and being an elected congressperson gives them that. They may not carry guns, but they still wield power, and in their anus-clenched-so-hard-they-could-make-diamonds obsessive-compulsive ultra-A-type personalities, they can't tolerate not knowing everything about everyone, immediately, without delay or reason why. So we have what we've got here today: a bunch of thugs with badges and guns, and a bunch of elected old farts who shuffle papers and make back-alley deals, and they all want to sift through your underwear drawer when you're not home. Naturally, they all need to be told to fuck the fuck off, not yours, you can't have it -- and they need to continue to be told that, ad infinitum.
... safe from what? Personally, I feel less of a threat from hackers or businesses (they track everything I do, but they only want my wallet) than from government agencies that want TOTAL control.
If you design a flawed lock, with many keys, developers will design a better lock. This problem will never be solved because there will always be groups who don't and won't allow others into their data. Even if the government passes laws requiring flawed locks, not all developers will listen. I'd rather give my device up, then allow law enforcement in, without the right to total privacy, you may as well have non at all.
I have been hearing Liberals and Progressives telling me for 2 weeks non-stop how the US Constitution only gives me the right to use whatever tools were in existence at the time it was written (or amended). Personal computing devices most certainly did not exist in the early 1790s when the amendments known as the Bill of Rights were adopted so they cannot possibly be covered by the 4th Amendment anymore than television and radio are covered by the 1st Amendment.
Don't like it? Then get of the Leftist bandwagon trying to completely ignore one-tenth of the Bill of Rights and stop promoting false ideas about what rights we have.
If you support a string of lies against one right, those same lies will be used against your interests in regards to other rights.
misdirection by the FBI since they are having such a storm of failures and corrupt actions being disclosed. Hey don't look at that, look over here at the shiny object! ;)
Were the tip calls from citizens about the parkland shooter encrypted? Yet they still did nothing! They are so busy trying to take down the President, they are not even looking at doing their real jobs.
This all just an attempt to get the media and public to look a different direction! The top 40% of DOJ and FBI leadership need to be cleaned out completely. Then we rebuild from there
Just my 2 cents
Sessions, the AG, has until Thursday to answer if the rules for obtaining FISA warrants have been changed since Congress passed them (they haven't). If they are following the currently passed rules, multiple people at the FBI and DOJ have broken 5 specific laws in obtaining FISA warrant against Carter Page, four times.
Sessions has until tomorrow to tell Congress what actions have been taken against those agents, or why no action has been taken. Here is a list of some of those agents:
James Comey
Weiserman
Loretta Lynch
Peter Stroke
Rod Roseinstein
Bruce Ohr
Lisa Page
Susan Rice
A number of these people are still working at the FBI and DOJ, including the second spot in the DOJ behind Sessions. In fact Roeseinstein is the most appropriate person to appoint a special council to investigate FISA abuses since Sessions believes his recusal means he shouldn't. However, Roseinstein is obviously guilty of breaking 5 laws in obtaining illegal FISA warrants and has no interest in appointing a special council to investigate himself. There is clear evidence, in the public domain, he broke multiple law but he did not hesistate to appoint a special council to investigate Trump Russia ties despite him knowing there was no evidence, and still is none a year later.
FBI and DOJ have done their best to destroy their credibility. Muller is doing his best to help them in this endeavour.
An IG report, due around April 1 by Michael Horowitz will be an interesting read if he is not forced to redact the entire thing because of the outrageous amount of corruption he has uncovered, quite a bit of it being public already.
So yes, the FBI can't be trusted. They have broken laws and then covered up how they have broken laws and then refused to prosecute after those broken laws have become public knowledge. The FBI currently believes it does not answer to anyone. They should be disbanded at this point.
Btw, did the NSA beg for this too? Or is there no need because the FBI does already or they can already get in (via other means)?
Unbreakable encryption is a threat to our country. Radical islamic terrorists will use it to attack and destroy all the things we keep dear. We should boycot any of the company that refuses to put (perfectly secure and that only law enforcement can access!) backdoors into their encryption products. If they still refuse we must legislate their supplication and where necessary imprison their CEO's and engineers. The threat of radical islamic terror is REAL and this is a key tool in protecting our nation.
You clearly never saw anyone else take it while you were clean.
It makes people massively over-confidend and catastrophically paranoid.
(Without the ability to _actually_ achieve shit.)
It completely explains the media industry, by the way.
I mean I personally saw even the CIA getting hacked by basically script kiddies back in the days.
It WILL leak.
According to the news lately, there seems to be no shortage of private firms who are willing to do this work for them.
But, this probably isn't about ' criminal ' phones is it ? They want the ability to get into any phone on demand. Having another firm do it for you creates all that nasty paperwork that can come back to haunt you later.
If they can do it in house, then they really don't don't need to ask permission.
As a lead cryptographic security engineer on the world's largest operating system, I think I have pretty clear visibility into the problems and potential solutions... and the truth is that while there's no information-theoretic reason why a law-enforcement access system couldn't be built while keeping the systems secure from everyone else, I have zero confidence in the industry's ability to do it in the foreseeable future.
The truth is that we have not been able to build truly strong security into consumer devices yet. We're getting closer. The work that Apple has done is excellent, and I think the Pixel 2 is even better, but the fact is that devices still get popped with monotonous regularity. The most we've been able to achieve so far is to raise the cost of extracting data from them, as the FBI found out when they were able to pay for the extraction of the data on the San Bernardino shooter's phone.
The FBI is asking industry to "innovate" in the same way that NASA might ask SpaceX to innovate by producing a fully reusable direct-to-Mars-and-back passenger spacecraft. Sure, there's no reason it's physically impossible, but we're quite some distance from being able to get live people to Mars at all. The FBI wants to build a secure back door while we're still working out how to make sure the hinges are mounted on the inside of the front door and the lock isn't easily pickable.
All of this, of course, is addressing the question of technical feasibility. A separate, and perhaps even more important, question is whether or not it should be done even if it could, and what sorts of protections it would require. Mobile devices are repositories of far more personal information than any other single, non-living source has ever been. I think something more than a simple search warrant should be required -- again, assuming it were even possible.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
But I just don't buy the claim that it's impossible.
Guess what? Math works whether you buy into it or not, bitch.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Go fish.
Christpher Wray complains that there is no encryption back door, while simultaneously complaining that there are too many cyber threats.
The FBI has several fundamental problems:
1) Their leadership has no idea what they are talking about or doing.
2) They ignore actionable Humint for Sigint.
3) They are reactionary.
4) Nobody wants to work for them anymore.
The failure of every branch of the United States government to hold anyone accountable (Equifax, Russians) causes everyone to lose faith in their leadership.
The massive quantity of 'phone home' technology in digital devices means they have massive footprints, so it's not so much criminals "going dark" as the FBI demonstrating continued laziness. Usually the FBI waits until there's suitable outrage when it wants to suggest typical government "might is right"; so I wonder why this sudden demand for the spotlight? This is the start of a propaganda campaign but methinks, maybe not about privacy back-doors.
Perhaps it's a distraction from the statistically insignificant mass murder of 17 teenagers among this year's 10,000 gun homicides. Bureaucratic indifference was in the world's spotlight when teen survivors of a school massacre spent their time protesting, not grieving. Or to be precise, it's a distraction from the aptly-labelled cowardice of law enforcement on the day. It's fascinating that no-one's asking "where's our 'tough on crime'?" or "where's the militarized response that police roll-out for unarmed 'criminals'?". It's automatically accepted that well-paid, well-armed police won't do their job, so make the teachers do it for free. Such willingness to push civilians into a war-zone is more disturbing than any oppression described in Orwell's 1984.
... they do use "cloud" services. But their OWN one. Which is merely a $20 Raspberry PI equivalent, at home, with all the software and physical security bells and whistles.
(Like deleting the in-memory decryption keys on the slightest hint of somebody meddling with the hardware. Like a change in signed ping time to a watchdog, or spike/dip in power levels, or the motion sensor picking something up, etc.)
The reason is backup. You have to assume your phone will be taken. Or have a way to quickly save evidence that you are commanded to delete.
A client did that when uncovering the link between the CIA and terrorist head nutjob Hamid Gul, when interviewing the "ex" CIA officer in question. (They raided his hotel room and told him to "delete fucking everything". Funnily, interviewing Gul, with two guards constantly waiting for the order to kill him if he says the wrong thing, was the less distressing situation. ... Law enforcement ... terrorists ... what's the difference?)
Once upon a time, detectives used to "detect." Now they want to get everything by pushing a button.
Please give Kapersky a callback. They have solved this problem & would like to help you. Oh btw, they also want you to run their software on your own machines...........
When people present the problem as if it is the solution.
They can't burn all encryption books, so this only shows their ignorance of the technology.
Perhaps the FBI should go back to what they did to gather information before we had cellphones.
Overwriting it once is good enough. There's no evidence that anyone has ever pulled off an real-world attack such as Gutmann described, and the people who have tried this under ideal situations (very old drive, never previously written, target data was the only thing on the drive, overwritten once) only managed to recover a few characters. In this century, recovering overwritten data is impossible, and the odds are that it was never practical to begin with.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
How hard is it to read write-only memory (from the perspective of the outside world) that only the trusted enclave can read? If you don't have a machine to read transistor states yet, make one. Surely that's easier than waiting for quantum computers.
First thing that comes to mind: hard disk heads. They can read magnetic poles from a piece of metal. You might find magnetic poles or something in that ball park in memory cells too.
The DRM people are screaming now: NOOOO, they'll steal our Blu-Ray keys! And that's how you make sure you don't get crackable encryption: you tell the media associations that people will steal their stuff.
Have gnu, will travel.
Your right to remain silent is actually enforceable.
Let me be clear: the FBI supports information security measures, including strong encryption. Actually, the FBI is on the front line fighting cyber crime and economic espionage. But information security programs need to be thoughtfully designed so they don't undermine the lawful tools we need to keep the American people safe. --Christopher Wray
Translation from FBIese: We would like you all to use very secure encryption that no one can break into except for us
I have 0 doubts that they sincerely want this.
Nerd Harder!
Why can't we go back to using jumpers to configure slot adapter cards? Why? I say!
Imagine I want to tell Travelsonic something secret. I don't have his email address or any other way to contact him other than posting here, for all to see. My desire is to post openly, where everyone can read it, but only Travelsonic can tell what it means. We have no means of agreeing on a secret password or anything.
Cryptography experts tells us that's impossible. Or was impossible, until Diffie and Hellman figured out a very clever way to do it. Diffie-Hellman key exchange is now used all the time, of course. It's a brilliant solution to a problem that seemed impossible for many years.
Therefore I don't think it's unreasonable to say "I understand we don't have any way to X, but it's possible that some clever innovation can somehow achieve this goal, something nobody had thought of yet.". In his remarks he acknowledged that there is not a solution, currently. He said he's not proposing any law or regulation, because there isn't any law that could make sense right now. He's right, most any such law that could be passed today would be bad.
In fact, I happen to know of some innovative ideas that partially solve the need. It's possible to do encryption in such a way that you can't read the message, but you can check if the message has certain strings in it. You can build a chip that, without revealing some fact , cryptographically proves that the fact is stored in the chip.
Simple salted hashing of text and call message numbers makes it impossible to know who someone called, yet still possible to answer whether they called one specific number. So the FBI could find out whether a suspect called Muhammad Atta, without being able to tell who else they called. This isn't super-advanced technology - every web site that has password login uses salted hashes, or should be using them.
I'm fact saving only the salted hash of the numbers you call and text would be MORE SECURE than what your phone does today.
This guy may, five years from now, propose something stupid. If so I'll oppose it. I don't see expressing a desire to consider what innovative solutions might solve certain needs, with a search warrant, as stupid. Such a search might have some uninformed people making dumb proposals, but he made none in this case.
Anyone with the slightest clue does not usr a password, but a key file that is itself encrypted with a password, so you can wreck it, and ruin any chance to ever get in again, even if you write the password on a large billboard.
Sure, they will torture you anyway, because like rape, it never was about secrets/sex, but about power.
But, as I said, they will torture you anyway. Even when you would actually give them access. So you might as well not.
Apple has the signing certificates. Apple has complete control. Apple is advertising the phone as an LEO defeat device and therefore complicit.
Remember, the walled garden is there to trap you, not protect you.
Director Wray "doesn't buy the claim that it's impossible" for "2 + 2" to equal anything but "4"?
so if you got that stuff into your device and they cant get it out who says they already don't already have a copy of what was sent to your phone anyway in that bunker just east of slc ut.?
Even if someone were to achieve the impossible, and all encryption, everywhere had a backdoor, and no one was ever corrupt, and all foreign entities complied... Even in this perfect scenario, you can still have "encryption" with other types of obfuscation such as ciphers and stenography. For example, an OTP (one-time pad) cannot be broken. You can hide messages in plain sight using many different methods. My point is that you cannot legislate secrecy. Humans will always have the need for secrecy and will always find ways to hide information, whether some government agency has some "key" to it or not.
Then you can just charge people when you find encrypted data. Problem solved. Choose whatever penalty you like life imprisonment. I can't see what could go wrong here.
That's certainly doable, and a good way of looking at it.
Also in these discussions we should keep in mind the difference between *with a proper warrant*, based on probable cause, vs random searches such as a the border. In my opinion, for someone whose *job* is to catch bad guys, mostly very bad bad guys, and get evidence of what happened, it's not unreasonable for them to say "I'd like some of the really smart technical people to think about how we investigate crime in 21st century without impacting security too much". There ARE things that can be done, such as your example. Given physical possession of a phone (via a warrant to seize it due to probable cause), it's technically / mathematically possible to allow them to see "this phone did not call this number", without any possibility of revealing which numbers it DID call.
Manufacturer has unique key per device.
Justice dept has key 2
Law enforcement has key 3 held by 3rd party Security company.
Judges order unlocks the use of all 3 Keys which must be handled by another 3rd party forensics company which must use a system that pulls the Keys securely so nobody can view them in transit to the device.
Complicated as hell, but without access to the unique key and the other 2 Keys nothing can be decrypted.
Could go further and generate unique Keys per device for all 3 parties it would be a logistical issue to be solved. This would make it more difficult to compromise.
Also any attempt to use the Keys should pop up a notification to ensure people are not getting spies on. Keeps them honest. Code open to review.
I like Occam's Razor, and it gives a better answer than the conspiracy theories.
I've done a bit of forensics, and I write a little. I can imagine how much information about a person you could get from the contents of their smartphone. For a criminal investigation, if I were in that position and I had a choice to search a persons home or their smartphone but not both, I would pick the smartphone.
The job of the FBI is to investigate crimes, and having access to a suspects smartphone would do a ton of good towards this purpose. That is why they request it. No conspiracy theory needed.
That said, I don't want them to. Even if it makes their job easier. I don't want them to because one day I could be a suspect, innocent but a suspect, and I don't want my privacy violated in such a way. Just the number of accounts on which I'd have to change my password afterwards would take me a day or two.
But can we please shelve the conspiracy theories how all of this is some part of some big plan?
Assorted stuff I do sometimes: Lemuria.org
It isn't necessary for the government to have the keys.
All that's required is for the keys to your WhatsApp or Signal or Telegram chat to be recovered for the encrypted session inside the SSL connection.
The government doesn't need to manage or own those keys but someone does.
But if those keys are kept by facebook, doesn't that mean that facebook could look in at your WhatsApp chat?
They could do that anyway - either in the past (before end to end crypto) or now (you're using their app) if they changed it - and you'd never know.
But what if someone at facebook leaked those keys or facebook got hacked and the keys revealed? Won't Joe Hacker on the street be able to decrypt everything you send? No. For starters, Joe Hacker needs to get your chat logs to decrypt them first.
End-to-end encryption is about defeating government surveillance - i.e stopping the NSA from listening in. SSL (generally speaking) is already enough to beat Joe Hacker. While Joe Hacker will have an easier job of infecting your phone/tablet/laptop/computer with malware to capture what you type, that's not the spooks' preferred option.
FBI Director Christopher Wray again has called for a solution to what the bureau calls the "Going Dark" problem...
It's not a problem, but a direct response to governmental overreach. It's a solution.
I always find it astonighing how many people who work in government don't agree with the core principles the country was founded on. It really should be a prerequisite to obtaining a job in government.
Sorry Comrade,
But Encryption that keeps data safe IS the goal, and if you can't crack it, tough.
Privacy is a right. PERIOD.
Perhaps if you and your fellow evil losers in government stopped violating Americans rights constantly and betraying the public's trust at every opportunity you'd have some sympathy out there.
> A consensus of technical experts has said that what the FBI has asked for is impossible.
Nothing is impossible, just replace FBI with Putin!
1. Unlock, else
2. Polonium-210 for you
3. Fentanyl for your daughter
4. Headshot on a bridge for your significant other
Result: unlock accomplished in record time, tenorist cell mates caught, public protected, Putin is wise leader.
Thus we can see how libertards are actually working to turn USA into another putinist dictatorship, by vehemently opposing morally and legally valid requests for technological solutions needed to ease legitimate national security and public safety concerns.
The FBI can use the backdoored devices for a year or so to make sure they're super safe... then we can all laugh and watch as their private data spills all over the internet.
FBI Director Christopher Wray said, "I just don't buy the claim that it's impossible."
Yeah, neither is building a gun that doesn't kill innocent people!
When you say "we need to keep Americans safe", what I think is "Americans need to be kept safe from you."
Every "law" enforcement agency has proven that it has bad apples who will abuse any authority given to them.
The FBI can not be trusted with master keys.
"...programs need to be thoughtfully designed so they don't undermine the lawful tools..."
"Also, we wouldn't object too strongly if those programs didn't undermine the unlawful tools we use. But keep that under your hat, we're all friends here!"
You know how if you enter your unlock code wrong once, have to wait a few seconds, three times and you have to wait a minute, ten times and you have to wait an hour? Yeah. That's how you stop enumeration of large sets.
Let me be clear: the FBI supports information security measures, including strong encryption.
Sure you do.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
Somebody get that man a math textbook.
He just needs a break from the mathematics. I suppose if he was able to lobby for the wrecking of the educational system, he may be able to age out the mathematician population, at least locally.
translates into all other dialects of the EN_xx group as
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"