Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tech Giants Hit by NSA Spying Slam Encryption Backdoors (zdnet.com)

Posted by msmash on from the right-back-at-you dept.

A coalition of Silicon Valley tech giants has doubled down on its criticism of encryption backdoors following a proposal that would give law enforcement access to locked and encrypted devices. From a report: The group, which focuses on efforts to reform government surveillance, said in a statement that it continues to advocate for strong encryption, and decried attempts to undermine the technology. "Recent reports have described new proposals to engineer vulnerabilities into devices and services -- but they appear to suffer from the same technical and design concerns that security researchers have identified for years," the statement read. The renewed criticism follows a lengthy Wired article, in which former Microsoft software chief Ray Ozzie proposed a new spin on key escrow. Device encryption has hampered police investigations, and law enforcement officials have pushed tech companies to fix the problem -- even by way of suing them.

10 of 129 comments (clear)

  1. They could have had backdoors by houghi · · Score: 4, Interesting

    They already could have had backdoors, but noooo, they had to forbid Huawei to enter the US market.
    Oer perhaps Huawei did not have any backdoors and they knew it would be unpossible to convice them to have backdoors and they thought they at least had a shot with the other players. (Or all the rest already HAS NSA backdoors)

    Or the backdoors are already in placve and this is to both safe face for the companies AND to let people believe their data is safe.

    I remember a time when I was innocent and thought that all those people with tinfoilhats where crazy. Times have changed.
    Also remember that it is only paranoya if you THINK you are being followed, not when you actually are.

    --
    Don't fight for your country, if your country does not fight for you.
    1. Re:They could have had backdoors by HiThere · · Score: 2, Interesting

      Being actually followed doesn't mean you aren't paranoid. The question to consider is "What does it take for you to believe you are being followed?". Even paranoids require some evidence, and even non-paranoids can be convinced by certain levels of evidence.

      A friend of a friend demonstrated that there can be interesting levels of complexity. He became convinced that there was a powerful conspiracy out to kill him. Then he noticed that they hadn't been successful, and became convinced that there was an even more powerful conspiracy protecting him. And apparently he really was convinced of both conspiracies. This allowed him to live quite placidly in the mental institution that he ended up in, feeling securely protected.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  2. This is the fight that will define the future by Rick+Schumann · · Score: 5, Interesting

    This is the battle for the future of the Internet, computing, and ultimately the privacy rights of every single citizen of the United States, and perhaps the entire world.
    If the anal-retentive, power-grubbing law-enforcement and politician types get their way, then there will be no such thing as 'private communications', 'secure data', or for all intents and purposes 'privacy' -- unless you're law enforcement, a politician, or (of course) The Rich. There will also, ironically, be less of things called 'justice' and 'law and order', because in their mad, foaming-at-the-mouth dash to have access to all things at all times, bar none, they will open the door for criminals to freely and easily take whatever data or communications they want; even your average script-kiddie would soon enough be able to break into whatever data-store they want. Your financial accounts? Your very identity? Up for grabs -- unless you're a cop, are a politician, or have money.

    THAT IS WHY THERE HAS TO BE A LINE DRAWN IN THE SAND; HERE, AND NO FARTHER.

  3. The problem with Ozzie's system by UnknowingFool · · Score: 5, Interesting

    In the article Ozzie proposes a slight modification to the golden key solutions previously proposed. Instead of a single master key that would unlock every single device or system, his system relies on the manufacturer or creator to create specific asymmetric paired keys. When law enforcement requires a device or account to be unlocked, the manufacturer can unlock with their private paired key. In the case of San Bernandino, Apple would unlock only that particular iPhone.

    The problem with this is that it requires the creator or manufacturer to be the stewards of these keys for an indefinite amount of time. In the case of Apple, they have to maintain keys for as long as an iPhone could exist which could be decades. It is also going to be problematic for companies or organizations that no longer exist. When companies go bankrupt, one of the few remaining assets they could sell is their data.

    It doesn't shift the problem of risk to the stewards. It is still possible that the keys could be stolen; it just means hackers do not have to steal a single key.

    Practically how will this work with independent developers? Open source developers would never follow this system.

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
  4. Backdoors in devices = quartering troops in homes by WillAffleckUW · · Score: 4, Interesting

    Simple Constitutional Argument.

    There's a reason why you don't want backdoors to be open to the government.

    --
    -- Tigger warning: This post may contain tiggers! --
  5. Cryptography is a commodity by Anonymous Coward · · Score: 2, Interesting

    PGP came out how many decades ago? And yet it's still better than what most people use today.

    There's a technologicially-easy but socially-hard solution to this problem: stop using "tech giants"' products to secure your communications. Free is the right way to do this genre of software, because there's no one particular individual to coerce into weakening it. And that's really what we need: independence from meddling, because purposely-making-it-wrong is pretty much the main weakness we're facing today.

    Proprietary software makes have obviously gone to extreme effort to avoid making their stuff work well, and it's time we relieved them of this expensive burden. That's how it should be presented to them.

  6. The irony, as I understand it... by Anonymous Coward · · Score: 5, Interesting

    Is that Qualcomm (who is used in basically all the chinese phones not using MediaTek SoCs, since afaik RockChip doesn't produce any cellular SoCs) already has a master signing key for all their SoCs, with a per vendor child signing key. So in theory any Chinese phone should be compromisable by the Chinese government, and those phones are a subset of the phones compromisable by the NSA and select 5 Eyes partners. When you factor in that all ARM/MIPS hardware was effectively designed by British companies (now owned by Softbank and... who for MIPS?), and all x86+PPC hardware is designed by US controlled corporations with much of it designed in foreign countries (Intel's Israel branch doing major portions of both x86 design and Intel ME today.) the picture of just how backdoored modern hardware should be considered is *NOT* pretty.

    In order to have a chance at any sort of national security, or secure processors, we really need either openly audited designs produced internationally, published transparently, and then audited by parties suspcicious of the manufacturing nation. And we need fabs producing versions of these chips on each of the major continents, ideally under politically hostile regimes. Only by playing each party against the others will we have a chance at sabotage free chips, as each party is jockeying for a bigger piece of the trust pie.

    1. Re:The irony, as I understand it... by Aighearach · · Score: 4, Interesting

      ARM doesn't design hardware though, they only define an instruction set. Each company that makes an ARM chip had to either design or license an implementation of their own, and that is where any backdooring would happen. ARM doesn't even include any peripherals like memory!

      That really shows how considered your comments were. ;)

      Most of the ARM chips I use were designed by Texas Instruments, in Texas. They do have one chip fab in China, a bunch in the US, a couple in Japan, and a couple in Europe, though the ARM chips are probably mostly produced by contract fabs.

      If you think "you're" "playing each party against the other," that tells me you're looking for somebody to play you, and feed you the correct supporting PR.

  7. Re:Here's the problem, feds, listen up by Anonymous Coward · · Score: 3, Interesting

    Even China, one of the most restrictive countries with a surveillance state that would make Orwell wonder whether they used his books as manuals, wasn't foolish enough to demand something like this from its industries. That alone should tell you just how bad an idea it is.

    However, China does mandate that certain people groups physically install spy software on all their devices under penalty of law. Installation that must be verified by the local law enforcement.

    Which if the US Gov't doesn't get back doors, will be the next big push "Protect America! Install this great piece of spyware, er security software!"

  8. Re:Backdoors in devices = quartering troops in hom by sconeu · · Score: 4, Interesting

    Yep. 1st, 2nd, 3rd, 4th, and 5th amendment violations.

    1st: Crypto is speech. Courts have ruled.
    2nd: Crypto was under ITAR, therefore it's an armament.
    3rd: specified here
    4th: Beaten to death. .GOV needs a warrant
    5th: Obvious

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.