Slashdot Mirror

← Back to Stories (view on slashdot.org)

Justice Department Revives Push To Mandate a Way To Unlock Phones (nytimes.com)

Posted by BeauHD on from the here-we-go-again dept.

"FBI and Justice Department officials have been quietly meeting with security researchers who have been working on approaches to provide such 'extraordinary access' to encrypted devices," reports The New York Times (alternative source), citing people familiar with the matter. Justice Department officials believe that these "mechanisms allowing access to the data" exist without weakening the devices' security against hacking. Slashdot reader schwit1 shares the report: Against that backdrop, law enforcement officials have revived talks inside the executive branch over whether to ask Congress to enact legislation mandating the access mechanisms. The Trump White House circulated a memo last month among security and economic agencies outlining ways to think about solving the problem, officials said. The FBI has been agitating for versions of such a mandate since 2010, complaining that the spreading use of encryption is eroding investigators' ability to carry out wiretap orders and search warrants -- a problem it calls "going dark." The issue repeatedly flared without resolution under the Obama administration, peaking in 2016, when the government tried to force Apple to help it break into the iPhone of one of the attackers in the terrorist assault in San Bernardino, Calif. The debate receded when the Trump administration took office, but in recent months top officials like Rod J. Rosenstein, the deputy attorney general, and Christopher A. Wray, the FBI director, have begun talking publicly about the "going dark" problem. The National Security Council and the Justice Department declined to comment about the internal deliberations. The people familiar with the talks spoke on the condition of anonymity, cautioning that they were at a preliminary stage and that no request for legislation was imminent. But the renewed push is certain to be met with resistance.

22 of 171 comments (clear)

  1. Impossible by b0s0z0ku · · Score: 4, Insightful

    This is basically impossible without banning general-purpose computing devices entirely. Even if phones have a backdoor, what's to stop someone from loading a Linux variant designed outside the US onto a laptop and using it for secure communications?

    Entirely banning "unhackable" communication would require a walled garden that looks more like Alcatraz for every single compute device sold in the world.

    1. Re:Impossible by brian.stinar · · Score: 3, Informative

      Electronic Frontier Foundation laughed. 'There's no use trying,' she said. 'One can't believe impossible things.'

      I daresay you haven't had much practice,' said the Justice Department. 'When I was your age, I always did it for half-an-hour a day. Why, sometimes I've believed as many as six impossible things before breakfast.”

    2. Re:Impossible by gweihir · · Score: 2

      These are politicians and career civil servants. They do not have any understanding of the concept of a "fact". There is also the little problem that as soon as a backdoor is implemented, nobody sane will store anything of value on phones anymore. But that is even worse than a "fact", it is a "deduction". The morons making laws do not even know that can be done.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  2. They want this by OffTheLip · · Score: 2

    I'd expect the issue to surface as many times as necessary until the Justice (lol) Department gets what they want.

    1. Re: They want this by arth1 · · Score: 2, Insightful

      I donÃ(TM)t know the answer to how we fix it, but I do know that the attack on the second amendment makes taking the rest of our rights away easier for them.

      Not really. When have 2nd amendment proponents ever done anything to protect people's privacy rights? I don't see them protesting data collection or the right to free thought, and certainly not using their weapons against any oppressor.
      If anything, it appears to be the 2nd amendment riders who want panopticon state, with suppression of views and freedoms they don't like. Show me a gun liberty group that will pick up their weapons and stand up for rights of people like homosexuals, atheists or ethnic minorities...

    2. Re: They want this by Anubis+IV · · Score: 4, Informative

      When have 2nd amendment proponents ever done anything to protect people's privacy rights? I don't see them protesting data collection

      Actually, gun rights proponents are almost certainly the most successful lobbyists against data collection in modern America, which, depending on your views, may not be a good thing.

      Mind you, it’s their own privacy that they’re interested in protecting, but they’ve lobbied Congress so we’ll that it’s currently illegal for the US government to create or maintain databases of gun owners, historical gun purchases, or even the guns themselves, despite massive efforts by people on the other side of those debates to collect exactly that information. And even the paltry records that do exist (i.e. records from private gun stores that went out of business), are not allowed to be computerized. If you’d like more information, it’s easy to come by because the ways that the ATF has been hamstrung by the NRA get re-reported every time there’s another major shooting. And it’s not just at the national level either. Gun enthusiasts are quite active in protesting locally as well.

      https://www.bloomberg.com/news... (paywalled)
      https://www.informationweek.co...
      http://www.heraldtribune.com/n...
      https://www.usatoday.com/story...

      I do agree with the overarching point you were trying to get at, but that particular argument you used to make your point was an extraordinarily poor choice.

    3. Re: They want this by drinkypoo · · Score: 2

      Not really. When have 2nd amendment proponents ever done anything to protect people's privacy rights? I don't see them protesting data collection or the right to free thought,

      I see it constantly, often literally in the same sentence (let alone paragraph, rant, or screed) as defense of the second amendment. Of course, they're usually misguided enough to believe that only democrats want to get their personal data and persecute them (for being rednecks) when in reality the republicans are also happy enough to get their personal data and persecute them (simply for being exploitable) but the point still stands.

      Show me a gun liberty group that will pick up their weapons and stand up for rights of people like homosexuals, atheists or ethnic minorities...

      Well, there was the Black Panthers... But the truth is that those gun liberty groups do have substantial overlap with anyone who cares about personal freedom, including from being spied upon.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    4. Re:They want this by Plus1Entropy · · Score: 2

      Campaign finance reform, replace First-Past-the-Post (e.g. with Instant Run-off), draw districts mathematically (e.g. with the shortest split-line method), and make all primaries in every state open to any registered voter.

      Right now we have a system where the incumbency rate is at (or near) an all time high while the approval of Congress is at (or near) an all time low, so why should they give a shit what citizens think?

      --
      Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
    5. Re: They want this by a.e.brownlee.iv · · Score: 2

      Some yes, but making this sweeping generalization is nuts. Have you actually talked to any pro-self defense people? The vast majority I know are against all forms of government surveillance and data collection.

    6. Re: They want this by Whorhay · · Score: 3, Informative

      The Black Panthers were supporters of the 2nd Amendment and utilized that right to protect their communities from police oppression. They would fill one or more cars with visibly armed members and then follow Police Patrol vehicles around town. They'd get out of the car and stand around at a safe distance whenever the Police had an interaction with a member of the community. The Police were still perfectly able to engage in performing their job duties, but didn't dare try abusing their position with the Black Panthers keeping a close eye on them. From my understanding this action by the Black Panthers was actually what precipitated a lot of the anti open carry and 2nd Amendment efforts by various localities, in our modern era.

  3. Re:In other news by giggleloop · · Score: 2

    Bearing in mind that Trump wanted the IP addresses of 1.3 million people who visited a protest website against his inauguration, I'd add the 1st amendment in there quite heavily too.

  4. Quite possible ... by drnb · · Score: 4, Informative

    You misunderstand. Its not necessarily about being hackable or backdoored. There is no need to remove the current level of encryption and digital signatures and other technical security features, nor is it necessary to prevent further advances in these areas. All that government would need to do is require Apple/Google/Microsoft/etc to archive your passcode, and give up your passcode when presented with a warrant. Yes, that is not desirable. However it is not "banning unhackable communication".

    1. Re:Quite possible ... by drnb · · Score: 2

      What if you're running an OS where Apple/M$/Google/etc is not privy to your LUKS passphrase? Will this ban any OS that doesn't require a "cloud" login?

      What I referred to is not a cloud login. Its a one-time archiving of your "passcode" when it is initially set or changed. Day-to-day passcode use would remain offline.

      Is this a problem for open source, yes, but that is something separate from technical feasibility. Is this a problem for Linux users, possibly not for many. Red Hat, Canonical, etc could archive things just like Apple, Google, Microsoft, etc.

      Again, none of this is desirable. I'm just arguing against the notion of "impossible". If you don't accept the unpleasant facts how can you effectively address the problem? Lets not misrepresent things and be as ill-informed as the government often is.

    2. Re:Quite possible ... by drnb · · Score: 2

      Unless the hardware with the VM running on it has a logger built in, what's to stop people from just running an encrypted VM?

      Nothing. Just like there is nothing to prevent you from encrypting your data independently of OS supplied and automatic disk encryption/decryption, independently of your cloud storage provider's automatic encryption. So yes, you can still beat the feds, but that's a different argument than "its impossible" or "it will kill open source", a better argument to pursue.

    3. Re:Quite possible ... by BronsCon · · Score: 3, Informative

      Indeed, fewer people to bribe means they can demand a higher price for their corruption.

      When you can offer any store clerk $20 you can easily find one (out of millions) who'll take it. The price goes way up when only a handful of people have access; but you know this to be true, so you approach them with a number with at least a couple of commas in it.

      Think about it, we're talking the kind of person who willingly took a job policing encryption keys "to help bad guys get caught". Who here actually believes they wouldn't take 20 years salary to out someone accused of $random_bad_thing by a government official with an axe to grind and a $1mil check?

      And the kicker is that person could be their ex, the guy who cut them off on the freeway that morning, or their daughter's new boyfriend; and $random_bad_thing could be completely fabricated.

      But yes, the archives would be protected and access would be limited and audited. Surely someone making $50k/yr would never take 20 years salary in exchange for breaking the rules; after all, it takes so much longer than 20 years to find a new job.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    4. Re:Quite possible ... by youngone · · Score: 2

      We have been through this before, when the US government decided that strong encryption was a weapon, and could not be exported.
      They lost then and they will lose this fight also because the rest of the world know how to do maths and can't really prevent Americans getting access to the results.
      This explains the stupidity pretty well.

  5. Re: Holy police state, Batman! by c6gunner · · Score: 2

    So the US is becoming China-lite now?

    Why compare them with China? Why not the UK? After all, UK courts have ruled that prisoners can be forced to hand over encryption keys, and can be held in custody indefinitely until they comply.

    Where was your snarky comment when that was going on, BTW?

  6. Look by nehumanuscrede · · Score: 2

    There is no stopping it. Either side.

    LE is going to keep pushing for it until they get it, Team FuckYou is going to keep writing workarounds to thwart it and the folks you want to catch with your new backdoor are simply going to cease using the compromised products altogether and find something else.

    Kind of makes me wonder the real reasons for banning Huawei phones from the US markets. National Security or the fact they won't play ball with the DOJ. . .

  7. Re:global risk by 93+Escort+Wagon · · Score: 2

    And those keys held in escrow will somehow magically be immune to loss by theft or coercion.

    --
    #DeleteChrome
  8. NAS picked some shining lights for this by 93+Escort+Wagon · · Score: 3, Insightful

    ”They included Ray Ozzie, a former chief software architect at Microsoft; Stefan Savage, a computer science professor at the University of California, San Diego; and Ernie Brickell, a former chief security officer at Intel.”

    I can’t speak to Professor Savage’s expertise; but just having these particular guys from Intel and Microsoft involved should scare the crap out of you.

    --
    #DeleteChrome
  9. Re:I'm fine with this by innocent_white_lamb · · Score: 2

    It's my understanding (correct me if I'm wrong) that use of encryption is specifically banned on ham radio bands.

    Your "solution" to the problem of obtaining strong encryption iis to use a medium that already band use of encryption entirely?

    --
    If you're a zombie and you know it, bite your friend!
  10. A Golden Age of Surveillance. by dweller_below · · Score: 2
    It's a Golden Age of Surveillance. We have widely deployed multiple forms of mass surveillance without once asking:
    • Is mass surveillance consistent with an assumption of innocence?
    • Is mass surveillance consistent with government that is based on the consent of the governed?

    Out personal information is widely available to multiple groups. The government has easy access to an almost endless amount of information about us. There is:

    • Collected credit-card purchasing information.
    • Collected cell-phone tracking information.
    • Real-time car tracking.
    • Collected browser activity from Google, Web sites, and search engines.
    • Collected travel information from hotels/airlines.
    • Mass monitoring of the Internet by the Intelligence community.

    The 3rd party doctrine roughly states that we can only assert a privacy right over information we directly control. If the information is shared with a 3rd party, they we don't control it, and we can't assert a privacy right over it. As the 3rd party doctrine has expanded, we have lost privacy over any shared information.

    Now, law enforcement wishes to move beyond the limits of the 3rd party doctrine. They advance the legal theory that we should not be allowed to control our own information/privacy AT ALL. They believe that the desires of law enforcement should always outvote an individual's desire for freedom, privacy or liberty. That we should never be allowed to be secret, private or alone.

    The proposals for "Responsible Encryption" are a simple end-run around the 1st, 4th and 5th amendments to the US constitution. Instead of debating this crap, we should be demanding stronger privacy protections. We need to restrict the 3rd party doctrine. We need to penalize any lawyer or judge who participates in granting "General" warrants. We need to restrain the Intelligence community from conducting mass surveillance on the US public.