Slashdot Mirror
FBI Director: Without Compromise on Encryption, Legislation May Be the 'Remedy' (cyberscoop.com)
An anonymous reader shares a report: FBI Director Christopher Wray said Wednesday that unless the U.S. government and private industry are able to come to a compromise on the issue of default encryption on consumer devices, legislation may be how the debate is ultimately decided. "I think there should be [room for compromise]," Wray said Wednesday night at a national security conference in Aspen, Colorado. "I don't want to characterize private conversations we're having with people in the industry. We're not there yet for sure. And if we can't get there, there may be other remedies, like legislation, that would have to come to bear." Wray described the issue of "Going Dark" because of encryption as a "significant" and "growing" problem for federal, state and local law enforcement as well as foreign law enforcement and intelligence agencies. He claims strong encryption on mobile phones keeps law enforcement from gaining access to key evidence as it relates to active criminal investigations. "People are less safe as a result of it," he said.
More like the government institutions are less safe from the people.
This guy sounds like one of those out of touch eurotrash politicians. STFU and be better at your job asshat.
Either private companies give up our privacy by allowing the government access to our communications...... or laws will be passed FORCING them to give up our privacy.
And we wonder why the United States Government won't pass a law protecting our personal data.
When encryption is outlawed, only outlaws will
-----BEGIN GPG MESSAGE-----
Charset: utf-8
qANQR1DDDQQJAwKQIuGxR9ku8L/SQgH6kXzdtVHv9IwDWcZVsGX5G2UZje9L8VoC
Y6faoCNMAg+Zq8S92arz+DV/yEsZo3jBoCFZBsOPqXOO8ATiMmoSQA==
=7Ce4
-----END GPG MESSAGE-----
If the private sector does not recognize 3.2 as the true value of Pi, then legislation may be the only remedy.
Math doesn't have it. If there's a shared key to all our communications, it will sooner or later leak and it will render all encrypted data wide open. Also, I presume that for some reasons Christopher Wray doesn't keep a copy of the keys to his house at some government agency, no?
Governments and often unrelated companies are less privy to our private lives as a result of it. FTFY.
before smartphones came along? Why do they not get that the people don't want them to be able to utilize new technology to make solving crimes any easier than before?
Everyone is guilty of something. The only way the system works is if the balance between cost of prosecution and magnitude of the crime worth prosecuting remains stable (or given that we already incarcerate far more than most, shifts a bit in favor of crime). If prosecution becomes cheaper and easier, we can quickly become a police state without changing any laws.
When encryption has backdoors, then NO ONE will have encryption at all
You CANNOT have 'backdoors' in an encyption algorithm and still have effective encryption, goddamnit!
Clearly the FBI and Congress doesn't give a rat's ass whether or not anyone has secure systems or not, so long as they can stick their little brown noses into everyones business. Who cares if every computer in the country is easily hacked by even script kiddies, everyones identity is stolen, and everyones bank accounts drained and credit cards charged up? The Feds will have 'unbreakable' encryption, as will all elected officials and of course The Rich, they'll all be exempt from it, while the rest of us are wide open to whoever wants to victimize us.
Them, them, FUCK THEM.
They just read your mail illegally, instead.
They can track who you contacted, when you sent something, any time a dollar changes hand, any item you send in physical mail, but for some reason ease dropping on conversations in iMessage, Line or Whatsapp is the biggest obstacle they have? If anything they should be able to do the same police work they always have but even better now that they are collecting a ton of meta data and other various digital information about a subject.
"People are less safe as a result of it." People are less safe by leaving their room every day. Some things are just expected to be "less safe" but we do them because we want to be more than prisoners.
They keep talking about "compromise" as if Tim Cook and Larry Page have everyone's encryption keys in a file on their laptops that they refuse to hand over for convicted mobsters. That sort of mindset just does not reflect the nature of the situation.
Here is what it ultimately boils down to:
1. The user - and only the user - has the encryption key.
2. Companies are compelled to sell devices that cannot be secured at all, because a 'master key' lives somewhere.
That's it. Those are the two options. There is no way for the phone to verify if there is a warrant, or if the person inputting the master key is truly a law enforcement agent or not, or any other way to ensure the individual using the master key is justified in doing so, or any means of discriminating between a hack and a court order.
If Wray would like to come up with a third option that doesn't ultimately fall into the category of one of the other two, he's welcome to try. Smarter people have failed.
It is not the job of the security services to prevent crime/terrorism/kiddie porn/copyright infringement/whatever. It is their job to investigate after the fact in order to convict those responsible. That's how our justice system works. The only justification for the ability to decrypt all encryption is for (attempted - in reality it will never work) prevention.
After a crime has been committed, in order to obtain evidence, the authorities can always obtain a warrant to compel a device owner to decrypt/unlock a device. If the owner refuses, that's what contempt of court is for. If the device owner is dead, who gives a fuck what's on the phone? If the owner (presumed criminal) is willing to sit in jail indefinitely for refusing to unlock/decrypt, that is an acceptable outcome.
Please, I don't give a rat's ass about what evidence you can or can't gather from devices. It isn't pertinent to the discussion. People should be able to have private conversations that you don't get access to under ANY circumstances for whatever damn reason they please. Go F yourself. You anti-american, anti-democratic, nazi, communist, dick-weed. YOU are the enemy of the people. The "criminals" and "terrorists" are the least of our problems. You are and your ilk are to be feared and removed from office. You are the danger. You are not the solution. You are the problem.
For over two hundred years we didn't have cellphone encryption so there is no reason to start now! If we had a right to encrypted communications the founding fathers would have put it into the Bill of Rights. Just think of all the crimes that would never have been solved if people could have used encrypted cell phones. History has proven one thing the only way to solve crimes is by getting access to personal cell phone data.
Anytime any political type of any stripe says they just want compromise, what they mean is they want capitulation.
You know what would be an even better tool to help those efforts? Having a sane, rational foreign policy that doesn't result in the creation of terrorists in the first place.
that is some weapons grade trolling -- kudos.
and he'll get his legislation.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Our government already knew everything there was to know about the 9/11 attack and chose not to act. You're a liar who knows they are lying as they are lying. Everyone here sees that. You are transparent.
Two Issues to consider - If an application was built with a backdoor the hackers of the world would invest their considerable talents and efforts into finding that back door and they will find it once found it will be abused. Once the back door has been uncovered the company who built the application would be required to fix it. Now who is going to pay for the fixing? Not the company because they know the same things that one is reading now. YOU will pay for the new application. YOU will pay to inform ALL the people who are using this now worthless application that it is broken and needs to be updated. YOU will pay to download and ensure that the new version is in use. This will happen over and over until YOU give up your foolish mandate. The state of Mississippi once considered mandating PI as 3. Same issue, politics needs to understand mandating foolish ideas makes one look like the fool they are! --- Since the world has MANY countries in it, any mandate for USofA would not apply to the other countries. Any person wanting or needing a non-FU encryption application would find one from some other source and use it. How are YOU going to mandate what application one uses to encrypt? You can't! Poof! There goes universal back door access!
Remember when all of those people screamed we should give up our firearms. They're screaming we need to give up our privacy and all other rights as well. Republicans and Democrats are a danger to all of us. Hopefully Trump will destroy the deep state before they destroy him.
Spies and soldiers (especially on the spy side) need as good or better security than I need to talk to my bank. The CIA, military and (Canadian) CSE know it's a trade-off. The FBI and RCMP pitch it as a trivial question with an obvious answer.
For every hard problem there is always one clear, obvious and simple answer.. and it's wrong .
davecb@spamcop.net
One other thought, if they're so worried about the Russians hacking our elections, why the hell would they want to cripple encryption? This all doesn't sound right. Alarm bells should be going off for everyone.
Good comments:
"... there is still open source, free and openly available encryption."
"... there are phones moving across political boundaries."
Many people in government and in management of private companies have NO knowledge of technical issues. That doesn't prevent them from having what they consider to be a strong and sensible opinion. They don't recognize they are ignorant.
ALSO: Back doors are not an answer. They will ALWAYS eventually be compromised.
I believe strong encryption protects me against both criminals and my government. We all know criminals are, well criminals! But the bureaucratic leadership of the NSA, DOJ and FBI IS corrupt. And at the moment, FBI Director Christopher Wray and his corrupt partners running the DOJ and NSA are the greatest cyber threat in America.
;)
FBI Director Christopher Wray's statement that "strong encryption on mobile phones keeps law enforcement from gaining access to key evidence" is in my case falling on deaf ears. I do not see a problem here. Things are just as they should be.
And FBI Director Christopher Wray can pound sand. And he IS the weasel I suspected he was.
Just my 2 cents
Spoken like a true amateur that failed (or never had) Crypto 101. You know why most home-brew crypto is never broken? Because the people that can do it do not want to waste the little time that usually takes. This situation changes when somebody is willing to pay for it, but you do not read about it in the scientific literature, because nobody cares.
Home-brew crypto stopped to be an option a few decades back.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
For decades the IRS was able to run sophisticated operations in Ireland.
This despite not having the internet or computers.
Google "Numbers stations", again been around for decades.
This has ZERO to do with making anyone "safe", its all about being able to control the masses.
I'll get modded to hell for this, but I kind of agree with him?
Most people I know have no qualms about the way old-school wire-taps worked.
Law enforcement got a warrant from a judge, and only if the judge thought that there's enough reason to suspect the target is on to something, only THEN could they hook into a user's phone lines or open their mail. (or at least that's how it was supposed to work).
This, IMHO, seems like a good balance between the right to privacy and law enforcement needs, and has enough judicial oversight to not be easily abused.
I have no idea how one could implement a similar scheme nowadays. Backdoors are dangerous, and the oversight mechanisms have been broken for quite a while (just say "it's for national security!"). But having some means for the 'good' guys, with sufficient oversight, to be able to use surveillance to catch the baddies doesn't seem too bad to me?
repeat for count=0..32
Your honor, those files contain only random bytes; there is nothing to decrypt.
"Reality is that which, when you stop believing in it, doesn't go away." - Philip K. Dick
Why would a locked backdoor change anything when there's already a frontdoor with the same quality lock? Apple&co can just push an update to your phone to own your phone if they want ...
Just what is the point of your position Christopher Wray?
Let us say that I want to discuss what should happen to Putin's (censored)?
Should that (censored subject) be available to Putin?
Weak crypto is WEAK! Really, Chris it is WEAK - that is why it is called Weak, Bad, Backdoored.
Sit in on a 2 hr lecture on Crypto before you decide what is best, Chris.
We don't want our thoughts exposed to Russia, or anyone not on our mail list - Chris.
Like the old export restrictions on strong cryptography, is USA going to ban imports of strong cryptography?
"I'm sorry, you can enter USA with your phone, it's too secure. Dispose of it or get back on the plane home"
The goal in most investigations seems to be collect everything (wildly invade peoples privacy) and then decide what is relevant later.
Which makes all evidence gathered inadmissible, as well as any further evidence found because of the illegally obtained evidence.
It's the best way to have a court case thrown out, the criminals walk free, and never able to be prosecuted for those crimes again.
Correction - they want the ability to illegally invade our privacy *back* - they've been invading it at will for many decades, and for the last couple decades have been doing it at a scale and invasiveness to dwarf anything ever before seen in all but the most dystopian fantasies. The rise of encryption has been a direct response to that unbridled power grab, and now they're trying to cast off those unwelcome limits on their unsupervised power. I mean hell, when they flat out lie to Congress about their activities, repeatedly, you've got to realize that they are no longer in any way a legitimate government agency.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
That's like saying that because we had that big flood costing hundred of lives, it's necessary that everyone wears seatbelts!
No. And you should be hung for treason for pushing for it. As should anyone in office pushing for it. You are conspiring against the people of the United States and should just be convicted of treason, and hung for it. Publicly. Put me on the jury, I'd vote to convict you. I'm sure there are a lot of us who'd vote to convict you. Just leave us alone.
This sig intentionally left blank.
Back before the days of cell phones, judges could give prosecutors the ability to (1) break into someone's house, (2) install a device like these and then collect data.
You could also take someone's smart phone, root it, and install a surveillance software (with the same due process above). Even with encryption, if I have access to your phone (and it's unlocked -- figuring out a 6 key pass-code by spying isn't exactly James Bond's hardest mission) I would have access to your private key to decrypt said messages.
What law enforcement wants here are not the old rights they've always had -- but new ones. As the late Antonin Scalia wrote for the unanimous court regarding the unconstitutionality of planting a GPS device without a warrant:
“What we apply is an 18th century guarantee against unreasonable searches, which we believe must provide at a minimum the degree of protection it afforded when it was adopted,”
-- Political fascism requires a Fuhrer.
I still like the Safe Metaphor - the safe manufactures don't give backdoor codes to law enforcement. Instead, you have people in law enforcement learning how to crack the safe. What needs to happen is either law enforcement learns password cracking tools and the like, or more likely to have a separate branch, that specializes in password and phone cracking, which each law enforcement, from local to FBI, can send the items to with the corresponding warrant.
oh wait, I guess it still counts if you're the one capitulating...
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Comment removed based on user account deletion
Comment removed based on user account deletion
Comment removed based on user account deletion
Comment removed based on user account deletion
Any claims by the government that they can keep their hacking tools / backdoors secure were disproved by the Snowden data theft. Whatever the excuse, someone was able to steal extremely sensitive data from the NSA. Is there any real reason to think that other intelligence or law enforcement agencies would do a better job? So any tools the government has are likely to end up in the hands of other (possibly enemy) governments, and in the hands of organized crime.
The government has lost its credibility on this for a very long time.
So no, I do not believe the world will be a better place when no American's information is secure.
In addition, even if the government could be trusted to secure the information, I do not want to give them the power that that information represents. Governments can go bad, and open access to everyone secrets in the country is not a weapon that I trust in anyone's hands. I accept that the result of this is a higher rate of ordinary crime and terrorism. As things sit in the US now, that is a bargain that I am happy to accept.
Hehehehe, I know enough to know how difficult it is to actually get right as it comes very much down to the details. Just throwing a few s-boxes that look good into a Feistel-network will _not_ cut it. Puts me far ahead of you, apparently. But I also have enough understanding to see how even absolute experts can fail at it. As examples, the AES competition or the password hashing challenge were quite instructive.
At this time, rolling your own crypto (unless you are one of maybe 100 people on the planet that really know how to do it) is a pretty sure way to failure. Recommending to people to do it is active sabotage and can only be called malicious. The other thing is that it is useless to do so anyways, because what are you going to use it for? For communication it has no worth, because others would need to use it as well. That would automatically make it a target for those that want to break it. For file/disk-encryption, if you are concerned, just layer a few algorithms with independent keys. If you actually knew how this works, you would know that there is no way in hell to break into something like this (done right of course).
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
BTW, "be restricted"? That is some very uncommon use of language in civilian society. Are you a fed or with some other TLA? Would explain why you are maliciously trying to get people to shoot themselves in the foot. Anyways, you are pretty clearly part of the problem here.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
It is completely useless though. No modern carefully and publicly reviewed cipher has been broken in the practical sense in a long, long time. (Note that "publicly reviewed" also means that actual experts did take an interest.) However, a lot of implementation mistakes _have_ been used to do successful attacks. You are barking up the wrong tree.
There is also a risk-management angle here: If, say, AES has a backdoor, it would not be a "nobus" backdoor, as these basically do not work for block-ciphers. Nobody would take the risk of putting something in there that an attacker can also find. If you distrust ciphers, then distrust ECC with curves where you cannot verify how they were generated. ECC very much does allows "nobus" backdoors.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Strong encryption already exists and the best you can hope to do via legislation is create a black market for it. Considering what an abject failure the war on drugs has been it is safe to say that the war on encryption will encounter similar pitfalls.
This is untrue. Scholars in the middle ages were mistaken about many aspects of cosmology, to be sure, but the whole flat Earth business is a myth in more ways than one. First, it's important to understand that there were no official dogmas on these matters. But setting that fact aside (which requires a discussion of how dogma, canons, and councils work), there's a more directly relevant fact. The major Christian teachers during the middle ages treated the world as spherical. Hell, even the guys who objected to Galileo in later years thought of the world as spherical.
The reasons for this have to with the Aristotelian physics to which the objectors to Galileo were regrettably too committed. To oversimplify their position: earth (dirt, minerals, etc.) and water goes down; air and fire go up. If the former go down from all directions and the latter go up, you cannot but have a spherical planet with airy, firey (and quintessential!) things above it. Indeed, the objection to Galileo is based partly on this Aristotelian understanding of the elements (How can the Earth be moving in a circular fashion if the natural motion of its primary constituent--earth--is simply down?). To be sure, we have a better understanding of physics today than did the scholastic disciples of Aristotle, but I hope you can see that even in their view a flat Earth is incoherent.
TL;DR: Neither the Church nor educated medieval folk in general bought into any flat Earth nonsense. This is merely a popular myth. Modern flat Earthers are even behind Aristotle (d. 322 B.C.) on this one. Now, whether the spherical Earth was thought of as moving or fixed in the center of the universe is another story altogether...
P.s. I only offer this lengthy correction because sometimes I fear we give modern flat Earthers the appearance of having even more credit than they deserve. Conspiratorial minds can dismiss claims of what we can discover with government funded rockets and satellites. "No one believed this round earth stuff until the government forced it on us all and fabricated the evidence!" My response is something along the lines of, "Come on. Medieval people knew the Earth was round. Eratosthenes had a pretty good estimation of its size, given the limited tools he was working with. Come join the third century B.C., will you? Grab a pocket calculator and look down a well."
CIA also got caught spying on the senate. Lied about it after getting called out... Vice did a FOIA request and some patriot sent them the apology letter that was drafted to the senate but was never sent. They stuck by the lie til the end.
I object to power without constructive purpose. --Spock
- Unlimited immigration.
- Letting crime run rampant without any attempt at enforcement or punishment.
- Running grand social experiments on the population.
- Raising tensions with Russia.
- General war-mongering.
- Elites fighting among each other with no regard for actually taking care of the country.
Encryption actually ranks pretty low on the list of things that keep people unsafe.
"I don't want to characterize private conversations we're having with people in the industry. " Somebody missed Irony 101 at the academy...
Unless you are dumb enough to both be poor AND live in a major metro area (seriously, greyhound can solve that for $50 so you have it coming) the biggest threats when it comes to crime are circumstances and paranoid law enforcement.
the signing keys are only helpful for hacking phones that are already connected to a network and fetching updates.
and that's not what this is about anyways, this is about government wanting you to have encryption on your phone that is flawed by design, nothing more. if 10000 departments in usa would have boxes to decrypt your phones.. well, you might just as well not encrypt your phone in the first place since people who steal phones would also have those boxes.
sure would make stealing phones more profitable.
world was created 5 seconds before this post as it is.
Are you an idiot? Because it sounds very much like you are. (Or course, you would be unaware of that, so this is a retorical question....)
First, do you really think anybody except a very experienced mathematical cryptographer _can_ actually evaluate s-boxes? If so, you are utterly delusional.
Second, if they outlaw, say, AES, they would outlaw home brew ciphers at the same time. They tried this already, and you should know unless you have no knowledge of the history of cryptography. And if they do and you just cannot get implementations anymore, in what way would just re-implementing AES be inferior to cooking your own thing? Of course, you may not actually have the standard lying around. I do.
Seriously, you are making all the clueless-crypto-nerd mistakes and you are giving really bad advice. Stop.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Panopticons for everyone!!!!!!
Yes, but the government doesn't have the right to say you must use the telephone so that they can easily intercept your conversation when they want. You get to choose how you communicate. If you choose a method that is interceptable, then the government can, with warrant, intercept it. The government doesn't have the right to tell you you have to use an interceptable communication medium.
His statement that there's room for compromise is correct. The compromise is that law enforcement accepts that default encryption is in place, it's going to keep getting better, and they're not going to get to dictate or legislate anything about it.
The lame "it makes it harder to do our jobs" doesn't fly. The numbers are against them. The total number of people using devices with default encryption vs the number of devices they want to encrypt makes their sample statistically insignificant.
People want secure encryption. Not "secure except for anyone who has the keys to decrypt it under dubious circumstances" encryption. Companies know that and they're going with what their customers want.
There's an entire division of government dedicated to doing things like breaking encryption. Let them earn their paychecks by working on ways to break encryption. If they can't then that's not the consumer's problem.
Demanding less secure encryption is a slippery slope. If they can force it to happen then they've got precedent for other kinds of default access. Key locks? Need a master key for those so we can enter without constraint. Vehicles? Master key. Email? Master key/default access.
You can't give up one kind of security without putting every other one at risk.
In the UK, that "secure place" is a laptop left in a taxi or pub, somewhere in London.
In the US, it is a mainframe with the root password set to "password".
Sent from my ASR33 using ASCII
Willful destruction of evidence is a crime if you do it because you think you might be prosecuted for it. It will save your secret plans to rule the world, but it won't save you from prison.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
To add to your points even experienced respected cryptographers fuck it up some times. Doing cryptography is hard and doing it right is even harder. Concepts like confusion and diffusion are difficult to master and implement. The a good bet for an amateur would be to take an existing block cipher and increase the round count if they wanted to roll their own but then they would need to also generate more round keys. So maybe the best course of action would be to take a 3DES approach to AES and create 3AES. If someone told me today to make some custom block cipher that is what I would do as it would be no worse than existing AES.
Time to offend someone
Don't mistake malicious intent for ignorance...
How in the world did law enforcement manage to do their jobs BEFORE they had massive amounts of metadata to drink from?
And now they say they need the data too because without it we're not safe. So they're saying they were completely unable to execute law enforcement duties BEFORE the ability to massively spy on everyone became possible? How in the world did they EVER manage to catch any criminals?
Horse shit. Completely & utter horse shit.
Nice to see we still all agree on something.
There are may situations where compromise is possible. (Maybe not likely in our current political climate, but technically possible.)
This is not one of them. This is a binary choice. Encryption is secure or it isn't. It works or it doesn't. It keeps the "good guys" out or it lets the "bad guys" in. Because computers are not magic and cannot tell the difference between a good guy and a bad guy.
Those are facts. A phone that is secure except to US government representatives following due process is a fantasy. You can ask for a compromise between facts and fantasy all you want, but you're not going to get one.
... and did the satirical version!
Publishing source code for how to encrypt securely is First Amendment protected free speech - this was settled in the Pretty Good Privacy case in the 1990's. Phillip Zimmerman put the source for PGP in a dead-tree book, to make absolutely sure the First Amendment would be cited.
So, actually we have a constitutional right to see how to communicate securely.
To a Lisp hacker, XML is S-expressions in drag.
Can't really tell, AC, but you seem to be upset that this complication could occur. You see, the thing is, Christopher Wray isn't. If they are trying to hang something on you, you go to jail. If you are part of their club, you're as free as Hillary.
It goes back to that monologue out of "Atlas Shrugged". Laws aren't made to enforce justice. They're made to entrap. We're all guilty of something if somebody like Mueller wants to push it. This is just a law that will make pushing easier for those that consider themselves better than the rest of us.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
And yet, all those panties got in a wad, because Trump said he took Putin at his word vs all those spy/intelligence agencies.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
How about this for a compromise: I give up my right to keep my conversations to myself, while everyone in Congress, along with all upper administrative personnel in the government are forced to wear body cameras.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
We already have relevant laws:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The Fourth Amendment prohibits legislation that forbids people from keeping their "papers and effects" encrypted when no warrant has been issued. When a warrant has been issued:
nor shall any person [...] be compelled in any criminal case to be a witness against himself
The Fifth Amendment forbids compelling anyone to provide self-incriminating testimony, why should compelling anyone to provide self-incriminating evidence be any different?
Mandating key escrow might be constitutional. Then they could convict for the crime of having an un-escrowed encrypted device even if they couldn't prove terrorism or pedo charges. Remember, Al Capone was convicted of tax evasion, not murder or racketeering.
data when they pry my Palm device from my cold dead hand!
Life is in a state of dynamic equilibrium, it both blows and sucks
Everything the government needed to stop 9/11 was in a government database prior to the attacks. But nobody saw the evidence because the American intelligence agencies are burried under so much data they can't process it.
Perhaps because Putin's government makes out own deeply corrupt intelligence agencies look like lilly-white pillars of virtue in comparison. Russia is basically run like a mafia after all, and there is no honor among thieves.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
3DES has the problem that the keys are not independent. I don't think anybody ever found a flaw with that, but a lot of experts found this troubling. Increasing round count is also tricky, because of the key-schedule. I think the best course of action for an amateur is to just bite the bullet and use several ciphers with independent keys and just accept the longer key-length. But seriously, I don't see any need for new ciphers at this time. Breaking AES directly will be infeasible for quite a while, probably for very long. Basically all practical attacks in modern times are via protocol and implementation flaws.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Good thing the opaque envelope was invented before the FBI was created, or they'd be furiously working to get it banned, too.
Can't have criminals and terrorists and -- Think of the children! -- child pornographers and such communicating undetected.
There's no time like the present. Well, the past used to be.
You are correct that I haven't written the legislation. But the broad strokes of the case to support exempting uncommon spoken language from regulation of encryption is similar to the case for 40-bit "export-grade" encryption back in the 1990s.
Just because you have your data pre-sorted doesn't make it any more correct.
I never said a 3DES approach was great only that if someone wanted to roll their own for increased security taking that approach with an existing cipher would be the best option. I did address the key schedule issue when just increasing the rounds as I did state that they would have to generate additional round keys. Cascading ciphers is already used by some tools, see old TrueCrypt or VeraCrypt, but there you are still dependent on a single password.
I didn't make any statements on the feasibility of actually breaking AES. I believe that currently the estimate to break AES128 on an ideal classical computer using the best methods available puts the energy requirements at about 10% of the total annual US energy consumption. If one assumes that there exists an ideal quantum computer that can handle it then AES256 would have the same energy requirement, if not then AES256 has the energy requirement on the order of the mass energy of our sun on an ideal classical computer. This type of discussion is always a fun one because one can always bring up Bruce Schneier's "orgy of computation" statement which is probably one of my favorite ones of all time.
Time to offend someone