Slashdot Mirror
Justice Department Revives Push To Mandate a Way To Unlock Phones (nytimes.com)
"FBI and Justice Department officials have been quietly meeting with security researchers who have been working on approaches to provide such 'extraordinary access' to encrypted devices," reports The New York Times (alternative source), citing people familiar with the matter. Justice Department officials believe that these "mechanisms allowing access to the data" exist without weakening the devices' security against hacking. Slashdot reader schwit1 shares the report: Against that backdrop, law enforcement officials have revived talks inside the executive branch over whether to ask Congress to enact legislation mandating the access mechanisms. The Trump White House circulated a memo last month among security and economic agencies outlining ways to think about solving the problem, officials said. The FBI has been agitating for versions of such a mandate since 2010, complaining that the spreading use of encryption is eroding investigators' ability to carry out wiretap orders and search warrants -- a problem it calls "going dark." The issue repeatedly flared without resolution under the Obama administration, peaking in 2016, when the government tried to force Apple to help it break into the iPhone of one of the attackers in the terrorist assault in San Bernardino, Calif. The debate receded when the Trump administration took office, but in recent months top officials like Rod J. Rosenstein, the deputy attorney general, and Christopher A. Wray, the FBI director, have begun talking publicly about the "going dark" problem. The National Security Council and the Justice Department declined to comment about the internal deliberations. The people familiar with the talks spoke on the condition of anonymity, cautioning that they were at a preliminary stage and that no request for legislation was imminent. But the renewed push is certain to be met with resistance.
This is basically impossible without banning general-purpose computing devices entirely. Even if phones have a backdoor, what's to stop someone from loading a Linux variant designed outside the US onto a laptop and using it for secure communications?
Entirely banning "unhackable" communication would require a walled garden that looks more like Alcatraz for every single compute device sold in the world.
So the US is becoming China-lite now? How soon before we get our own Great Firewall, too?
Amateur Radio satisfies all my communication needs, no more phone.
People revive push to remind the Justice Department about the Constitution.
And the Fifth Amendment in particular.
I'd expect the issue to surface as many times as necessary until the Justice (lol) Department gets what they want.
They do not givr a crap about EU rules. Yes they are probably bugged by China, but China does not give a crap about me either.
Let the Chinese and EU/US spies beat the crap out of each other If I can support them ruining each other, then as long as it happens without affecting me much, I'm all for it. They're all bastards, no matter the country.
And yes: If I had to move to China, I would probably buy a US/EU phone :)
These companies don;t just do business in America. If the U.S. Government gets it, then other governments will likely follow suit. Blanket refusal is the only answer to protect global civil rights.
That way they will willingly give up their password, thereby avoiding Forth Amendment issues.
Darkness is the natural way of things. The agencies and enforcement have had a bumper few years when the internet came of age giving them basically free access to huge volumes of data they would have never historically had access to.
This was only because of poor implementations and performance limitations on historical hardware. Now those performance issues are a thing of the past and we've got better at writing and testing code those agencies feel entitled to complain about losing access to something they should never have had access to in the first place.
There can be no going dark without (unintentional) illumination.
This should be easy- just find a way to invalidate the basic laws of physics and mathematics, and voilà, you got it!
Just cruising through this digital world at 33 1/3 rpm...
Current crypto isn't good enough. No amount of talking to consumer tech / engineers / "security researchers" will make it work.
Like moving from symmetric key to asymmetric key, a whole new way of doing crypto mathematics will be needed to solve this. So get some mathematicians on super-magic-only-good-guys-can-spy algorithms.
You misunderstand. Its not necessarily about being hackable or backdoored. There is no need to remove the current level of encryption and digital signatures and other technical security features, nor is it necessary to prevent further advances in these areas. All that government would need to do is require Apple/Google/Microsoft/etc to archive your passcode, and give up your passcode when presented with a warrant. Yes, that is not desirable. However it is not "banning unhackable communication".
Why not just legislate that all citizens must be implanted with a monitoring chip at birth?
Problem solved.
blow up the injustice department
ae911truth dot org
They seem to be collecting it all, anyway.
Thousands of years of empirical historical evidence conclusively demonstrate that government always tends to seize as much power for itself as posisble. There is no such thing as a government that respects the citizenry over the long course of time.
As long as you justify the state, you will fail. The state must be abolished, and a truly market-based order of voluntary and capitalist-driven rules implemented in order to create a civilization that serves the consumer rather than the oligarchs.
"Today, Nancy Pelosi and Chuck Schumer have co-sponsored and introduced the Anal Probe Equality Act (APE Act). Pelosi was quoted as saying about the importance of the bill's passage; "With the passage of this APE Act, no more will some American be discriminated against by Right-Wing UFOs anal-probing only a privileged few!"
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Add one more Federal Agency to the war against freedom.
If you have physical access, you know the encryption methods and device its just a matter of compute power.... right? Hence the limitations to key lengths?
A simple fact that somehow seem to be very, very hard for some to understand. Or maybe that just don't want to understand it?
" ... these "mechanisms allowing access to the data" exist without weakening the devices' security against hacking"
Well, I've heard of such things, but I'm a little skeptical, having never seen one or heard any competent security professional describe them as hypothetically possible.
Key escrow and LEAF. A bad idea then, a bad idea now. https://academiccommons.columbia.edu/catalog/ac%3A127127
More I hear about this, more I think NSA already has access to all smartphones. They only use it for important things and with other leads to disguise this ability.
The idea is to store an electronic key on the device that would be separately encrypted. This looks like a very bad idea as if the system writes that access key into the memory, this part is accessible physically. Whoever thought about this assumes that there is a decryption known only to the manufacturer or FBI which allows to unlock the device. What do you do if for some reason a third party finds out to unlock or access it remotely? Suddenly, all phones, including the ones of the morons who came up with the idea, will be wide open to everybody. This is unrelated to the technology used. They try to solve a problem, risking a meltdown of a large part of information infrastructure. Also, how long would it take after the implementation that nobody would buy phones from US manufacturers any more?
Wrong. It's the Trump Administration now requesting a back door into all our devices. Why are you trying to divert blame elsewhere?
There is no stopping it. Either side.
LE is going to keep pushing for it until they get it, Team FuckYou is going to keep writing workarounds to thwart it and the folks you want to catch with your new backdoor are simply going to cease using the compromised products altogether and find something else.
Kind of makes me wonder the real reasons for banning Huawei phones from the US markets. National Security or the fact they won't play ball with the DOJ. . .
”They included Ray Ozzie, a former chief software architect at Microsoft; Stefan Savage, a computer science professor at the University of California, San Diego; and Ernie Brickell, a former chief security officer at Intel.”
I can’t speak to Professor Savage’s expertise; but just having these particular guys from Intel and Microsoft involved should scare the crap out of you.
#DeleteChrome
And with Internet access?
Because if yes: Are you selling?
What good is posting what you want, when you are not free in what you want?
Your reality is based on "sources", and even what you perceive directly is filtered through the bias of your mindsets and views, which are heavily modulated by past "sources".
In a world of deliberately manipulating sources, individual ownership of your personal view and mindsets is a mere
illusion.
Censorship is for n00bs. Professionals with a high budget easily make you want what they want.
And the more confident they are that they can tell and can protect themselves, the easier it is. Because they are less wary and doubting.
It wasn't that long ago that radical Islamic terrorists used tech like this to attack and kill thousands of our patriotic fellow Americans. Why should it be so bad to find a way to stop these attacks? Liberals and unpatriotic leftists need to stop and think for a minute about how they would feel if one of ThERE loved ones was killed by Muslims. Having a perfectly secure way for law enforcement to track muslims is a small price to pay for this security. Thank God we have a president and Congress that are not afrade of being politically incorrect and are doing exactly what it takes to keep this country safe.
Fine... Let's start by installing an intentional backdoor into the phones carried by the head of the CIA, DOJ, FBI, NSA, and any other agency where they handle top secret information. Then as part of the pilot program to determine the feasibility, they will be required to store sensitive and/or personally incriminating information on the device for the duration of the test, and anyone attempting to (or succeeding at) break into those devices will be given full immunity. Surely they would be just fine with this since only the "good guys" would be able to access the devices without authorization.
If our government can enter a backdoor for plain old crimes, Russia and China can for reasons why we have a 4th Amendment -- spying on and hassling all who challenge their power.
These are not things that disappeared 240 years ago. They are chronic problems that will exist forever, and if technology can perma-block bad governments, we should adopt it, not lament it.
Each notch in the belt of an FBI agent or local police officer represents over 2.5 billion worldwide who live, and don't have to imagine "If you want a picture of the future, imagine a boot stamping on a human face — forever."
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
But the renewed push is certain to be met with resistance.
...by reality? It's rarely stopped the government before.
They will need to be better than every other person online in the world. There's some really great talent out there, and you will always find someone better than you... and thats the problem right there.
[($)]
Should we have freedom of privacy? My contacts, whether friends, family or business associates shall not be subject to government scrutiny.
Wrong. It's the Trump Administration now requesting a back door into all our devices. Why are you trying to divert blame elsewhere?
BOTH Parties have been pushing this.
The one area where there is bipartisan agreement is that people have too much money, liberty, and privacy.
I simply expect the Democrats to jump in with both feet to beat the Republicans to the punch.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
We need to surveil Senators and Congressmen (and women) with this possible new system. Pound-for-pound and dollar-for-dollar these dodgy individuals have more undocumented boi- and girl-friends and more chest freezers full of undocumented cash per capita than any other demographic. They do real damage to other people, the economy, and legal frameworks of this country. Keeping a constant, almost police-state-like surveillance system trained on them should be of the utmost importance. Fortunately most of them don't remember what the Stasi was so this should be easy to enact into law at the state level along with term limits.
Out personal information is widely available to multiple groups. The government has easy access to an almost endless amount of information about us. There is:
The 3rd party doctrine roughly states that we can only assert a privacy right over information we directly control. If the information is shared with a 3rd party, they we don't control it, and we can't assert a privacy right over it. As the 3rd party doctrine has expanded, we have lost privacy over any shared information.
Now, law enforcement wishes to move beyond the limits of the 3rd party doctrine. They advance the legal theory that we should not be allowed to control our own information/privacy AT ALL. They believe that the desires of law enforcement should always outvote an individual's desire for freedom, privacy or liberty. That we should never be allowed to be secret, private or alone.
The proposals for "Responsible Encryption" are a simple end-run around the 1st, 4th and 5th amendments to the US constitution. Instead of debating this crap, we should be demanding stronger privacy protections. We need to restrict the 3rd party doctrine. We need to penalize any lawyer or judge who participates in granting "General" warrants. We need to restrain the Intelligence community from conducting mass surveillance on the US public.
Do not grant the state any advantage over the rest of us, never! Let's do whatever is necessary to protect our right to private, unhindered communications. Arguing about it is stupid.
... learn mathematics? Sigh. Maybe if they shoot everyone who does math, they can get rid of enough people? Is there even enough space? Gonna need mass graves, like the Soviets. Then they'll have more than one thing in common with their intellectual brethren.
We should also put listening devices in everybody's homes, just in case they are talking about a crime where the FBI cannot listen. (and no, I'm not talking Alexa, but who knows...)
In case they are somewhere that electricity isn't, such as camping, we should have a government agent accompany everyone so that we can hear what they are talking about.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Encryption technology is a a form of self-defense, encryption == arms, even in the way it is treated for export control.
If congress/gov't tries to take control of it, they are violating your 2nd amendment rights.
This perfectly illustrates how short sighted these people are, if they get the implementation that they want then they will only get the low hanging fruit of people who will only buy the phones that this is possible on. This will now create a secondary market of phones where this is not possible, look at that company marketing secure blackberry devices to drug lords. This also will not help against the criminals who constantly cycle burner phones as they usually use the cell phones that are not of the "smart" variety and never have them long enough to make them useful from the hardware standpoint (the cellular providers will already have all of the information that LEO's could use.
The sad part is that it is going to happen eventually, they are fighting a war of attrition and they will just wear everyone down in the long run.
Note to the editor:
"The FBI has been agitating for versions of such a mandate since 2010" The fbi may have been agitating since 2010 but the government in general has been playing this tune for much longer, think the early 90's and the clipper chip, and then the ban on exporting strong encryption... I mean seriously, they should have figured it out by now.
Justice Department officials believe that these "mechanisms allowing access to the data" exist without weakening the devices' security against hacking.
Utter fucking bullshit. Because "Allowing access" is the bloody fucking definition of "weakening security". oh oh, but they claim "Against hacking". What they're trotting out is a system called "Symphony". It stores a copy of the keys. You want to send a secure message, you have to let symphony be able to read it. And everyone promises that these keys will only ever be read by police with a warrant. The vital question is "What if the symphony database gets hacked?" A whole hell of a lot of trading with insider knowledge could take place without anyone knowing and those with the knowledge could get super-bloody rich. Hell, it might be happening right now. How would we even know?
But these shmucks are at least thinking one step ahead of that:
The idea is that when devices encrypt themselves, they would generate a special access key that could unlock their data without the owner’s passcode. This electronic key would be stored on the device itself, inside part of its hard drive that would be separately encrypted — so that only the manufacturer, in response to a court order, could open it.
Then the question simply becomes: "What if someone at the manufacturer loses, sells, or mishandles these MASTER-KEYS to the BACKDOOR?" This isn't even bank-run organizations or super-secret three-letter-agencies being trusted to secure these things. This is Apple and Facebook and Sony and Huawei. Do you trust them to handle the secrets of your senators?
FURTHERMORE, this is completely useless as anyone with 2 braincells that doesn't want the justice department to have a backdoor, will simply NOT USE these services. The only way this will help catch the people we want caught is if they OUTLAW any alternative. Somehow on a world-wide level. Ha, good luck with that.
If only there was some way, a back way, into the device.
I said that not really being serious, but then I thought, Hey, That's a Good Idea! What if we had a back way into the phone? A sort of... key or something. Maybe an actual key, that would keep it safe right?
And why stop with that? A key could be used to wind up the phone too! Everyone tells me how much they hate charging their phones, so a wind up phone would be a great thing. All you would have to do is sign out the key from the FBI and wind up your phone.
This is why we have the Best People. I'm a Very Stable Genius and come up with all the Best Ideas. Obama never thought of this, I'll tell you that. And Crooked Hillary, she probably thinks a wind up phone will never work. Shows what she knows!
Do you remember when I won the election? That was great, wasn't it? So many people said it wasn't possible...
Then get encryption re-categorized as a munition, so it will be protected by the NRA and 2nd amendment :)
It is funny how they're so scared of us fucking lib'ruls and even the Deep State, but apparently don't have the cognitive aptitude to understand how important encryption is to their daily security, even moreso than a gun (since the former may be the only thing protecting their freedom of movement and association enough to utilize the latter when the time comes...)
As to the liberals: Stop whining about gun control and start preaching responsibility. If more kids were taught responsibility and more wrongs righted, especially on school grounds, maybe there would be less shootings, since almost every sociopath to shoot/blow up a school was an outcast, many having been persecuted.) Reinstanting mental health care without it ruining your future opportunities would help also. Save denying rights for the criminally insane and do what you can to keep to provide the rest the outlets they need to keep from going off the rails.
America's problems are largely social and both sides are ignoring the elephants... and donkeys... and disenfranchised in the room.