Tech Giants Hit by NSA Spying Slam Encryption Backdoors

A coalition of Silicon Valley tech giants has doubled down on its criticism of encryption backdoors following a proposal that would give law enforcement access to locked and encrypted devices. From a report: The group, which focuses on efforts to reform government surveillance, said in a statement that it continues to advocate for strong encryption, and decried attempts to undermine the technology. "Recent reports have described new proposals to engineer vulnerabilities into devices and services -- but they appear to suffer from the same technical and design concerns that security researchers have identified for years," the statement read. The renewed criticism follows a lengthy Wired article, in which former Microsoft software chief Ray Ozzie proposed a new spin on key escrow. Device encryption has hampered police investigations, and law enforcement officials have pushed tech companies to fix the problem -- even by way of suing them.

Here's the problem, feds, listen up

[Opportunist]

Unlike these companies I can speak easily to you since I have no horse in that race. I don't have to bullshit you so you keep buying my software and so you don't send the IRS down on me to keep my finance department in enough red tape to ensure they don't do anything sensible anymore this decade.

Here's the problem: If you mandate a backdoor into software, nobody with at least a hint of sanity will use that software. If you mandate that all software used within your jurisdiction has to have that flaw, you put your domestic industry at a severe disadvantage over every other on the planet, because you open them up to industrial espionage.

"Government only" backdoor keys are much, but not government only for long. Such keys are valuable. They offer entrance to all the sweet, juicy R&D details that every company and some governments on this planet want. Do you think that such keys have a price? You bet. Do you think that "give me the key or your little baby girl gets a bullet through her head" is too high a price for some governments? Think again.

People have weaknesses. Everyone has them. Even if they can't be bribed, they can be bullied, coerced, threatened or simply blackmailed. Works with everyone. I have not met a single person that had no weak spot you could exploit to get them to do anything, literally anything, you wanted. For most it's family. People do a hell of a lot of things if you offer them the life of their children in return.

Even China, one of the most restrictive countries with a surveillance state that would make Orwell wonder whether they used his books as manuals, wasn't foolish enough to demand something like this from its industries. That alone should tell you just how bad an idea it is.

Re:Here's the problem, feds, listen up

[Rick+Schumann]

Friend, here's the detail you're missing: They know all this and they don't give a fuck; they want access to everything, on demand, bar none, and they don't give a fuck if that means Joe Average gets his identity stolen, bank accounts drained, and life permanently ruined, so long as they can grab more and more power. They'll gladly ruin everyone and everything just to satisfy their lust for power and control. That is why they HAVE TO BE STOPPED.

Re:Criticism or collusion

[bluefoxlucid]

We really need more heroes in Congress, like Senator Ron Wyden who both voted against FOSTA/SESTA (because it's stupid and makes the problem worse) and lost his shit at Christopher Wray for asking for backdoored encryption. Representatives with the integrity to stand for what's right even if it's a losing battle and politically unfavorable.

I'm hoping to see Rikki Vaughn replace Cardin this term; and I'm going for Elijah's seat, so there's that. We need legislation putting a stop to the overuse of powers in secret against our own citizens.

Executive Order 13526 was an important step for government transparency; and at some point, we have to work toward accepting manageable risk--allowing for that it may be slightly more-difficult to achieve a national security end goal, yet still not likely that an adversary will advance its campaign against the Nation--in order to protect the rights of our people. Yes, restricting what the NSA can pull from Facebook in total darkness and restricting the use of national security gag orders to clear and present dangers might telegraph things a bit and keep some enemies of the state circling at distance instead of sitting around while we purportedly close in on them; that's better than the State becoming the shadowed enemy of the people.

Well-known "security" guy Ray Ozzie

[93+Escort+Wagon]

As I recall, Ozzie was at Microsoft during the heyday of remote SQL ports being open by default, IIS 4, IE 6... basically back when Windows security was a laughingstock. Why anyone would take anything he says regarding security seriously is beyond me.

Let's call this what it is.

[ErikTheRed]

You can't have security and backdoors. Let's just say, for the sake of argument, that Ray Ozzie's approach - assuming it worked perfectly (heh) - of vendor-held key escrow was legislated and implemented. This is a huge leap for the industry, but they could do it. It would never be reasonably secure, and it would be near impossible to fix the flaws, but let's say it was done. The next step would be Fed-held key escrow. This is an almost microscopically tiny incremental step - just moving some boxes, folks - but at that point the concept of digital privacy is as dead as the rest of the Bill of Rights. Don't kid yourself that that isn't the end game here.

So let's call this bullshit what it is: "Flat Earth Encryption." It's technically infeasible, practically infeasible, and politically infeasible to have any sort of key escrow system that won't be abused like an underage Congressional intern.

Re:The problem with Ozzie's system

[b0s0z0ku]

As usual for a techie, Ozzie fails to apprehend the human aspect. The government only needs to force the company to agree -- risk of an audit or even criminal charges against company officials will do so. So it's still 100% the government's call.

And I don't happen to trust many governments. Even if you did trust the US government (don't forget: it's one of the world's largest incarcerators), do you trust the Chinese? Or the Russians? Both of which will be ruthless with a company's ability to do business if they're not obeyed.

Nah, better to have unbreakable devices. If a few criminals get away with it, that's life -- you can't have a perfectly safe, perfectly controlled society.

Re:This is the fight that will define the future

[skids]

It's worse than that, because then people who really wanted security would turn to concealing the fact that they were using their own non-backdoored system through a lot of clever steganography. Which means, everyone would be a suspect of using illegal cryptography, so the government would then have to develop tools to detect steganographically hidden encrypted messages. Which means doing AI/entropy analysis on "all teh data" and accusing people because some heuristic fucked up and gave a false positive.