A little bit ago I said I was most interested in finding out how much it would cost me to feel I'd done my share and how much extra I'd need to pay to look down my nose at other people.
I was wrong. What I really want more is to know is how I can cash in.
There are plenty of people talking about the stupidity or absurdity of government interference in encryption. I think we're all on the same page on that, so lets talk about the bigger game.
So, essentially most of what you've said is some sort of agreement with my initial premise. That's fine, but that's not the point. I do appreciate that you bring up app encryption:
The app must then send a unique key to the government whenever the user changes his key.
You then go on to detail the ways that can be defeated, but I don't think it is possible to keep anyone who really wants good encryption from having it, so I don't see that as a flaw, and honestly I doubt Congress will either.
That will only get you the low-level scum
Do you honestly think the bill is about getting high value criminal and terrorist targets? I'm convinced it is about being able to spy on everyday normal people. I'd love to be convinced I'm wrong.
Five years from now, Apple and Google will produce phones and push updates so that every phone is encrypted with keys that Apple or Google controls. People won't stop buying iPhones or Android phones.
You're the one who isn't getting it. You're fighting the wrong battle, and even if you could win, you're losing the war.
Every person who relies on this "can't be done securely" argument is helping the government case.
When you rest your argument against government interference in encryption on the idea that it can't be done securely, all it takes is one reasonable method convincing legislators that your argument is completely invalid. The way I've outlined is what I consider a best case scenario out of dozens, any of which may be what is being pitched to congressional security and national defense committees right now. When all the online and media discussion is that "it can't be done securely" then any plausible counterargument is sufficient for government to ignore it.
Sure leaks and compromises could happen. Consider the encryption keys used for websites though, the number of CAs compromised has to be just as high since they're higher value targets though, and they hold a single key capable of much more damage. Or consider the keys the military uses for encrypting their communications, again a much higher value target and again with no history of the kind of leaking you're suggesting.
That's what I see now. Everywhere I hear that "it can't be done securely" and I think of all the places a third party already has access and people don't care because, to the public, it is "secure enough." If those of us who care about this issue lose, it's going to be due to the legislators being convinced that third party access can be "secure enough" to be publicly acceptable.
The reason you need to redirect your passion is because the way we're going, we're going to lose.
Check out what the presidential candidates are saying about the issue! Every one of them is convinced that government needs access through partnerships with technology providers. None of them gives any credence to the idea that it can't be done without compromising the security of the public. Any security expert they might hire will confirm that a third party can have access to secure communications without fear that the security will be compromised. Every one responsible for the legislation that will kill personal encryption already relies on email and websites which have a built in third party access ability. They bank with someone who uses a certificate that allows anyone with control of that server to see all the transactions they do. They email through servers that allow anyone with control of that server to see all the emails they send. They already trust systems that have the very type of security the media and most of the users on this website argue is inherently flawed.
You're reading this on a website where the security depends on a single secure key being kept secure. The email of practically everyone who reads this post is depending on someone keeping a key secure, someone who could read any communications depending on it, someone who could share that key with government, potentially (plausibly already) having already shared it.
How many emails do you receive that are signed with keys under the sole control of the sender? Practically none. People don't care. This is the inherent flaw in the argument everyone seems to be depending on. People don't care if Apple (and by extension the government) has access to their phones. They already trust Apple and the government as much as they ever will and no number of "what if" scenarios will change that.
Five years from now, Apple and Google will produce phones and push updates so that every phone is encrypted with keys that Apple or Google controls. People won't stop buying iPhones or Android phones. Apple and Google will be able to decrypt the contents of any phone they produce, and will do it under sealed letters thousands of times every day. They'll do it because the public and legislators consider that "secure enough" and we will look back and realize we lost because the argument "it can't be done securely" was never the one that we could win or the one that actually mattered most.
There are plenty of people talking about the stupidity or absurdity of government interference in encryption. I think we're all on the same page on that, so lets talk about the bigger game.
So your proposing the government keep databases of billions of keys spread across multiple agencies and you someone think this won't turn into a huge fucking security disaster?
No, I'm not proposing that, as indicated in the first sentence of the start of this thread. In fact, assuming that we're discussing the bigger game and how the best way to manage multiple party access, I didn't even specify the government keep the whole keys:
For example you might have the manufacturer in control of one part and the FBI in control of a second part and if you're especially paranoid, a third part is in the control of a court local to the manufacturer.
You must have missed that sentence since it sounds like you were assuming I think that it is a good idea that the government has control of all the parts of any key necessary to unlock a phone.
Nor did I suggest at any point that a disaster was anything but unavoidable if the government mandates multiple party access. However, if you mandate a unique key per phone and mandate that control of that key be split into three parts controlled by three different types of entities, one of them not a government agency, then it eliminates the ability of any single group to be pressured into giving up all the keys they're responsible for and even if one of them is completely compromised, the decryption information is still not divulged. The most likely security disaster is that keys are lost and the government cannot get information that has been deleted despite having a legal right to and the manufacturer is shut down by the government or the government is pitted against itself between different jurisdictions. The unavoidable disaster is the harm it does to the ability of the US to participate in global trade.
There are plenty of other threads pointing out how stupid and absurd it is for the government to mandate dual access encryption. I started this thread to address three things: 1) It's a myth that secure access to encrypted data is impossible with multiple parties, and people saying otherwise weaken the argument against the idea that the government should not interfere, 2) most security can be broken without requiring dual access systems from manufacturers, and 3) the fight over encryption access by the government is plausibly just misdirection to avoid discussion about the more likely ways they've already compromised security.
Your tone suggests you disagree with me but the topic of your disagreement makes me doubt you understood the original post. Kudos for caring about the issue though, the worst thing that can happen on this issue is apathy!
I was talking solely about OS encryption, partly because that seems to be the focus of legal discussions, but also because application level encryption is a much lengthier and undeniably messy discussion.
Open source software makes most of the rules lawmakers might try to impose pointless. Further, even if they did manage to impose some sort of rule, the ability of people not subject to the jurisdiction of the lawmakers to implement good cryptography in their applications goes unabated. It makes the exercise both futile and dangerous, which is the reason I started off by pointing out that we're on the same page for whether or not government should try outlawing math. Who else but Dr. Evil would push both the application level encryption discussion I wanted to avoid and also the many other scenarios that weren't mentioned in my post? Kudos for refusing to ignore the real implications. I wish you'd spent your energy on one of the other multitude of posts so I wouldn't feel compelled to reply, but someone has to present counter arguments if there is to be any discussion, so I will.
Just imagine how you would do it for PGP or SSH.
Okay, for both, or any other software library or application, the government could offer safe harbor if the software company responsible demonstrated the application would first transmit the encryption key to a government server before beginning service. It's not uncommon for video games and even operating systems to check in with an authority first now, so it wouldn't be much of a stretch to just mandate it for everyone. That avoids any need to manage certificate authorities or pay extra for the privilege of being spied on. Those who refuse safe harbor could still be in compliance if they do something similar on their own servers, which makes those pesky warrants necessary, but with secret courts and secret orders given in secret letters, I would be surprised if that sort of thing hasn't already happened.
Haven't there already been cases where authorities were compromised by the government? Wouldn't it be easier for the government if they could just make it part of the mandate? Outlaw software already exists, so it wouldn't even start a new black market, just extend it drastically.
... legacy devices? about foreign devices? what about devices exported from the U.S.?
Those already in place would be grandfathered in and become more valuable overnight. Foreign devices would get told to play ball or be banned, probably under the guise of "bringing jobs to law abiding US citizens." Why wouldn't lawmakers want to have the ability to peer into communications of devices exported from the US?
Of course it would fail to prevent serious crime. Of course it would cost the US billions in lost trade opportunities. Of course it would strengthen the market for open source applications created outside the US. Do you really think that is a serious consideration for law makers? Congratulations, now I'm commenting on "the stupidity or absurdity of government interference in encryption."
There are plenty of people talking about the stupidity or absurdity of government interference in encryption. I think we're all on the same page on that, so lets talk about the bigger game.
Of course if you ignored me the first time, there's no reason you wouldn't again. Still, I think it was worth repeating.
This is exactly the myth I was referring to. Your comparison to the TSA keys would make sense only if each suitcase had a different and unique key that the TSA could only get if it had three different organizations provide their part of that secret unique key for that specific suitcase.
Like so many people, you're assuming that the government would control one key which could unlock all phones. That's exactly wrong. The government wouldn't control a key, or even half a key, but at most one third of a key, and each phone would need a different key.
There are plenty of people talking about the stupidity or absurdity of government interference in encryption. I think we're all on the same page on that, so lets talk about the bigger game.
I see two, or maybe three levels to this game: What if done correctly? (-ish) I'm tired of hearing that a backdoor can't be done securely. Of course people have been doing dual access secure control for a long time. Essentially, you have one key used to encrypt the phone, which is normal for single access, but you have two key decryption methods, which is what makes it dual access. It means you have to secure the second method, which can be done by breaking it into multiple parts and putting that control under different agencies. For example you might have the manufacturer in control of one part and the FBI in control of a second part and if you're especially paranoid, a third part is in the control of a court local to the manufacturer.
In short it is possible to do dual access securely, but the other question is what the result of such control means. Is it better for the public, better for the country, better for you?
Why do they want you to think this is what is going on? I don't believe encryption has been broken. The math is too strong. The technology required to brute force a crack of the encryption is decades away optimistically, perhaps impossible. However, the ability to compromise the apps and updates installed on active suspects' phones isn't nearly as unattainable. If the FBI, NSA or DHS wants to monitor your activity they don't need to crack the encryption, just get the phone manufacturer to sign a compromising piece of software you already probably automatically trust. The simple fact is that if you're a suspect and you've allowed any app or update then you're probably already compromised. They'd rather you didn't know that. I'm not sure I want you (the potential criminal or terrorist) to know it, but I believe truth is vital even if if it isn't comfortable.
What if it is worse? Lets assume it is worse than we guess. Perhaps secret letters and secret courts have already done such a thing. The recent farce with the FBI vs Apple could be just that, a farce. It could be a deliberate public show (the FBI insisted it be public instead of secret as requested by the Apple) designed to keep people from considering how comprehensively the privacy of the average citizen has already been compromised. Consider the possibility that everything you or your family does with a mobile phone is already available to law enforcement at will.
And really, how does any of this harm you? Are you have secret thoughts that are awakened by someone who has a different view of their gender? Do you need to protect your own gender identity by suppressing someone whose identity is different? What are you afraid of?
No. I don't have secret thoughts, mostly I have fuzzy ideas and poorly thought out decisions. I have lots of feelings and am aware of them but mostly don't care since I have opinions. I'm an Murican.
As somebody wise said, "Life isn't easy when you're an adult. You have to think about stuff and it sucks."
Oh, what do I think? Getting past the baby puppies that make up my concrete arguments, I think two things at once. First, I have a hard time accepting a person's minority status based on what they choose to do rather than the physical characteristics they have no choice in. Second, every time I've encountered facilities designed to welcome people regardless of their situation, it has been a good thing. As a single father I can't count the times that a bathroom break was complicated by the fact that I had daughters.
I'm pretty hardcore right wing, so I believe in freedom, even when that pisses people off. At the same time, I support those businesses that make everyone feel welcome.
I believe in the idea that our society should be modeled after the idea that people are good and will make good decisions without being forced to by law. I recognize the limits of that ideal; I'm aware that sometimes people suck and legislation can help with that. Generally speaking, I'm in favor of protecting freedoms by legislation and I'm surprised that the freedom enshrined in our constitution, religious and otherwise, being protected by law can cause such a ruckus.
It's possible IBM supplied all the iPads and training in addition to the app itself.
I know it is fun and easy to criticize the TSA, and I am in favor of replacing them entirely with any of a dozen different possibilities. That said, there is a big difference between developing an app and supplying hardware and doing testing and training. I could build the app but I have no idea what the cost would be to test it sufficiently to meet government standards, then train the staff to use them, then equip the staff with hardware to use it. The cost of the app could literally be $0 and still top $1 million after the testing, training and equipment costs.
Someone else pointed out this is typical clickbait. It's got a shocking headline but then scant details on what actually caused the scenario. If they'd instead said "TSA has IBM develop an app that IBM contributed for free in exchange for exclusive rights to train staff for $10/hr each on how to handle customer service. Additionally, IBM will supply sufficient devices to have a minimum of two for each airport line at 5% profit per device" then the headline wouldn't generate nearly so much interest and the criticisms would be much better founded.
I wouldn't be at all surprised to find out that the bureaucracy that guides the TSA spent far more than is reasonable. I just didn't see enough details in TFA to assume that is actually the case. Does *anyone* have a breakdown on what kind of training, what kind of testing, what kind of devices were purchased?
I think it's worth discussing exactly how the encryption works again.
When the phone boots up, the data is still encrypted. Having access to the data while still encrypted is what they had but couldn't use. Once the PIN is entered, the data key is decrypted, which is what allows the OS to access the previoulsy encrypted data.
The data that is necessary to present the unlock screen is stored on the chip and can be overwritten, but doing so erases the key needed for the OS to access the encrypted data.
If you can get the phone after the PIN has been entered and the phone hasn't been rebooted, then the OS has access to the data. The problem is simply that you have to get past the PIN screen first. (That's not how jailbreaking works, by the way.) Entering the wrong PIN ten times will erase the key, which renders the encrypted data worthless again.
On the phone the case was about, it is possible to push a software update for the PIN entry screen without entering the PIN. It doesn't give you access to the encrypted data, but it could disable the part of the system that erases the decryption key. That would allow someone to enter more than ten guesses, unlimited guesses, in order to get the data key decrypted which would allow access to the previously encypted data.
Yes, I'm saying chip level encryption is worthless since the OS decrypts the data
The chip level encryption isn't worthless since the OS decrypts the data only after the PIN has been entered, and only if it is entered correctly within the first ten tries. The newer phones don't allow modification of that PIN entry screen the same way as a phone this old does.
And your story indicates that at that time, you did not.
Granted, messing with a gun without asking someone about it first, particularly as a teen, might not have been the best choice, but I assumed it was loaded until proven otherwise and kept it pointed where even if it went off unexpectedly it wouldn't hurt anyone. Things don't always go as planned, and guns are dangerous, so yeah, that's precisely what handling a gun safely looks like.
That article describes it thus. "It looks like a rifle large enough to part a meteor, sink a battleship, or down a MIG with one shot. The reason is, it’s actually a shotgun, which explains the huge barrel but not the action."
I'd like to say "right, you never hear about a mass shooting at an NRA meeting" and then.... my "neighbors" held a 'Draw Muhammad' event. To your point though, despite an attempt, idiots with guns vs idiots with guns ended quickly with one wounded security guard and two dead would be mass shooters.
Maybe more idiots with guns would prevent mass shootings more effectively than only criminals with guns. But you have to ask what is worse, the rare mass shooting in the headlines that statistically has no relevance to your personal safety or the far more statistically relevant suicides and accidental deaths.
I know that's a pretty cynical and wishy-washy stance to take, so where am I coming from? I grew up around guns. At my local farmers co-op store, the natives would gather round and discuss the weather over coffee while their unlocked pickups with guns in the racks sat outside unlocked, windows often open and sometimes with keys in the ignition. Nobody would think of stealing a vehicle knowing there were fifteen old hunters with no better dream scenario than a chance to shoot a deserving stupid thief. There are two mitigating factors to temper my comfort with an armed populace. First, the accident, and second the depression. I'd want more details if I was reading so I'll share.
The Accident. I was in my mid to late teens, I don't remember exactly. I do recall the gun. It was a bolt action gun I'd never seen before in my grandma's closet. The bore was way to big to be a rifle and it had an adjustable choke, which would make sense on a shotgun, but shotguns are single shot, pump action, and double-barrel. I mean, I've never used an over-under but I would have recognized that! Bolt actions, like lever are just for rifles. Even semi's could be either, but a bolt? That's not a shotgun, it can only be a rifle, but the smooth bore, huge barrel size, and adjustable choke could only be a shotgun.What's a young teen to do? Obviously, I had to examine it. Grandma's closet had guns for as long as I can remember, but they were never loaded, cause that would be irresponsible and nobody in my family would be irresponsible with guns. Cool, I could play with it and find out exactly what kind of gun I'd discovered. Despite my confidence and comfort with the situation, I know how to handle a gun safely. I always treat it like it is loaded until I confirm otherwise for myself. As I searched for the safety and tried to work a bolt stiffer than I'd ever worked before I must have brushed the trigger because it went off. Did I mention it was at a family holiday gathering? That kind of sound, in house, even if in a closet, draws attention. I mention this because you might worry somebody was hurt and the only thing hurt was my confidence and pride. Also a ceiling and a luckily placed two-by-four in the attic. Turns out, it was loaded and not everyone in my extended family had the same "it's always unloaded in the house" rule.
So the moral of The Accident is that with proper training and experience even kids are protected from dangerous gun situations. The second factor has a shorter story. I've experienced depression. It sucks. Not having a gun probably isn't responsible for my survival, but I can't absolutely rule it out.
So I guess my stance is that guns aren't the problem, education and safety training combined with thoughtful consideration are the real solution. Shortest version: it kinda sucks to be a moderate libertarian.
As an occasional listener to NPR podcasts and local stations, I've noticed there are more sponsors mentioned on the podcasts I listen to. It might be just the ones I listen to, but it does raise an interesting question: Are the podcasts a way to make money more effectively than the radio stations? It's certainly possible to produce podcasts with less overhead, but I imagine there are far fewer listeners. I'm not sure if it really could be enough to offset the local stations' declining income but I'd like to see local stations promoting their own branded and income generating podcasts.
I wondered about this. If Apple is forced to produce software with a backdoor built in, can they still approve apps that create real security?
Headline: Apple endorses privacy app, this app changes the private keys in your phone and re-encrypts it so that nobody, hackers or governments, can decrypt the data on your phone without your password. The app is available for download now from the creators in Elbonia which is outside US jurisdiction.
You're assuming that the user wouldn't be able to remove or modify the public key stored on the phone. I'm assuming the user wouldn't be able to change the data encryption key stored on the phone. I'm not sure which would work best from a programming perspective.
I think from a government perspective, recovering the password might be more useful since people tend to reuse passwords and they might get lucky and be able to use the same password but that's hardly a guarantee, since that's poor security practice. Speaking of poor security practices, I wonder if admitting there are ways to implement a relatively secure backdoor is a good idea. Well sometimes I wonder, other times I think it's better to suggest the possible best ways rather than trust that our clueless legislators will get it right on their own.
You suggest the manufacturer modify the software and also create a phone specific public-private keypair and retain that so they can get the password to be able to decrypt the key. Compared to just keeping a copy of the key like I suggested, that sounds far more complicated.
What I suspect sounded complicated to you is the idea of splitting the key. They should do that no matter what they retain, because otherwise one person can be coerced into giving up all the keys at once.
Phone encryption doesn't work like you think, so this is worse than you think
1) Encryption exists because the math has been done and is widely available. You don't have to be Apple or Google to use strong encryption. Personally I like dm-crypt with LUKS, but there are plenty of options available to secure data that don't depend on approval by the US or any government. Obama was just wrong, we've long had "black boxes" inaccessible to the government and it is literally impossible to keep them from happening. The tools already exist outside the US to securely encrypt data. If you're determined, you can even create "black box" encryption for your personal paper journal: https://en.wikipedia.org/wiki/... or http://slashdot.org/comments.p...
2) If US companies are legislated into creating back doors into their systems, then those companies will lose potential sales because a significant number of people in the world don't trust the US government. While people who really want both security and a particular brand of phone could find ways to get both despite legislated back doors, most won't because there will be easier alternatives from companies that aren't subject to US law. When Samsung decides they won't create phones subject to US restrictions, they'll sell them everywhere Apple phones used to be sold, which isn't great for Samsung if they lose US sales, but will be disastrous for US companies that would have gotten those sales. (And hired people in the US and paid taxes in the US.)
3) Each phone has a key which is encrypted with your passcode and a unique id on the phone. When you change your password, the key doesn't change, all that changes is what code it is encrypted with. There are two ways that the government could legislate access to that phone: First every phone could be required to use one of a few keys retained by the manufacturer. If any of those keys are ever shared, every phone using those keys is no longer effectively encrypted. Second, the manufacturer could keep a copy of each key used by each phone so that any one key would decrypt only one phone. You can split up the keys into parts and store them separately and offline and with different parts of each key held by different entities. That would mean that in order to secure any phone, law enforcement would have to subpoena multiple parties for each part of the key specific to the phone they want to decrypt. Either method fails for the government if a criminal cares to put in the effort, since all the criminal has to do is get the key stored in the phone originally to be changed, usually a fairly trivial hack. The downside is that the countermeasure is to have the current key always electronically transmitted home, which would likely be required, making alternatives used and US distrust more and more likely to be problems. So it isn't true that "it's only a matter of months before criminals and other nation states have that key" but the other issues are just as bad.
Early on in the internet, I was (sadly) consumed with the idea that since html and vbscript (sorry) were both just text, which could create other text, then it ought to be possible to create a program which would create other programs, test and apply the results. I was the AI researcher you picture, except with few resources, not much ambition and no pants.
The real problem I faced with designing such a system was motivation. Not motivation for me, motivation for the resulting project. I was content to consider viruses, malware, trojans and money, but I couldn't come up with any motivation to instill in the product which would result in something useful.
I killed a couple servers. Let the magic smoke out of my prized sun box and mostly I just failed to imagine some way that a self improving and replicating system could result in something that actually had a purpose.
Twenty years later, I'm still at a loss. How do you motivate software? I can program things (in better languages now, thank you) to create other programs, programs with intentional results even, but what's the point? Software goals aren't my goals and most of them result in something similar to the magic smoke I witnessed rising from a box I overtaxed then fiddled with to no tangible result.
If we (humans) ever create actual strong AI, it will be with a motivation that we actually care about and think can be achieved. It's amazingly easier to do parts of that job than it was when I started, but the issues I faced with creating something actually useful are still there. I automate jobs every day, and I'd love to create something that can do the automation for me, but it's a magnum opus that I can't really get behind because it doesn't serve the purpose more effectively than doing it myself.
My replacement could be something that I could write. But I won't, not because I can't and not because I have a moral objection, but because as the product of thousands of generations of evolution, I'm still far more efficient than a program I could write.
I'm vain and egotistical, and when they (because I'm not interested or motivated enough for it to be me) create an AI with the same capabilities and motivations, it should replace me. I'm perfectly fine with that. I expect that I won't have a clue, because my bones will be dust when it happens. But if it happened tomorrow, I could finally get around to learning enough about quantum mechanics to do something innovative with it and maybe learn to play the piano.
If there is an AI created which can do my work, do the things I care about and enjoy life, play the piano and create a better world to live in, then I'll call it my child and love it and nurture it the same way I love my biological children. AI can and may replace humanity, but to do that, it will become human. More than human. That's a dream I can barely begin to imagine, but it will make the world better, not worse, not scary and not sad. It will be the ultimate triumph of humanity when we create something that is human and at the same time more than human to follow us and carry on our best traits, but with a type three civilization instead of the current type two our most optimistic predictions for humanity reasonably currently predict.
Thank you for saying what I was thinking, but saying it better than I would.
There is no way to outlaw math. You can outlaw sharing information. You can outlaw not sharing information. When the secret is out, and in this case it is, anyone can learn to do unbreakable encryption, then it is impossible to outlaw knowledge, and in this specific instance the secret isn't secret anymore.
In this case the attempt is to make it illegal to fail to know something nobody knows. Nobody knows a way to decrypt something encrypted correctly with strong encryption. This law effectively makes it illegal to fail to know something impossible to know.
It isn't quite that easy. There is a question response validation process that the system providing the firmware has to process correctly, using a unique variable in each process, requiring Apple's signing key.
I'm not saying it couldn't be possible some other way, just that there isn't a publicly known one.
Slashdot Mirror
A little bit ago I said I was most interested in finding out how much it would cost me to feel I'd done my share and how much extra I'd need to pay to look down my nose at other people.
I was wrong. What I really want more is to know is how I can cash in.
This is what I'm interested most in. Exactly how much of my money do I have to give up in order to make me feel like I've done my share?
How much extra do I have to pay to get to look down my nose at everybody else?
First:
There are plenty of people talking about the stupidity or absurdity of government interference in encryption. I think we're all on the same page on that, so lets talk about the bigger game.
So, essentially most of what you've said is some sort of agreement with my initial premise. That's fine, but that's not the point. I do appreciate that you bring up app encryption:
The app must then send a unique key to the government whenever the user changes his key.
You then go on to detail the ways that can be defeated, but I don't think it is possible to keep anyone who really wants good encryption from having it, so I don't see that as a flaw, and honestly I doubt Congress will either.
That will only get you the low-level scum
Do you honestly think the bill is about getting high value criminal and terrorist targets? I'm convinced it is about being able to spy on everyday normal people. I'd love to be convinced I'm wrong.
Five years from now, Apple and Google will produce phones and push updates so that every phone is encrypted with keys that Apple or Google controls. People won't stop buying iPhones or Android phones.
Wow. I so hope I'm wrong. </crying>.
You're the one who isn't getting it. You're fighting the wrong battle, and even if you could win, you're losing the war.
Every person who relies on this "can't be done securely" argument is helping the government case.
When you rest your argument against government interference in encryption on the idea that it can't be done securely, all it takes is one reasonable method convincing legislators that your argument is completely invalid. The way I've outlined is what I consider a best case scenario out of dozens, any of which may be what is being pitched to congressional security and national defense committees right now. When all the online and media discussion is that "it can't be done securely" then any plausible counterargument is sufficient for government to ignore it.
Sure leaks and compromises could happen. Consider the encryption keys used for websites though, the number of CAs compromised has to be just as high since they're higher value targets though, and they hold a single key capable of much more damage. Or consider the keys the military uses for encrypting their communications, again a much higher value target and again with no history of the kind of leaking you're suggesting.
That's what I see now. Everywhere I hear that "it can't be done securely" and I think of all the places a third party already has access and people don't care because, to the public, it is "secure enough." If those of us who care about this issue lose, it's going to be due to the legislators being convinced that third party access can be "secure enough" to be publicly acceptable.
The reason you need to redirect your passion is because the way we're going, we're going to lose.
Check out what the presidential candidates are saying about the issue! Every one of them is convinced that government needs access through partnerships with technology providers. None of them gives any credence to the idea that it can't be done without compromising the security of the public. Any security expert they might hire will confirm that a third party can have access to secure communications without fear that the security will be compromised. Every one responsible for the legislation that will kill personal encryption already relies on email and websites which have a built in third party access ability. They bank with someone who uses a certificate that allows anyone with control of that server to see all the transactions they do. They email through servers that allow anyone with control of that server to see all the emails they send. They already trust systems that have the very type of security the media and most of the users on this website argue is inherently flawed.
You're reading this on a website where the security depends on a single secure key being kept secure. The email of practically everyone who reads this post is depending on someone keeping a key secure, someone who could read any communications depending on it, someone who could share that key with government, potentially (plausibly already) having already shared it.
How many emails do you receive that are signed with keys under the sole control of the sender? Practically none. People don't care. This is the inherent flaw in the argument everyone seems to be depending on. People don't care if Apple (and by extension the government) has access to their phones. They already trust Apple and the government as much as they ever will and no number of "what if" scenarios will change that.
Five years from now, Apple and Google will produce phones and push updates so that every phone is encrypted with keys that Apple or Google controls. People won't stop buying iPhones or Android phones. Apple and Google will be able to decrypt the contents of any phone they produce, and will do it under sealed letters thousands of times every day. They'll do it because the public and legislators consider that "secure enough" and we will look back and realize we lost because the argument "it can't be done securely" was never the one that we could win or the one that actually mattered most.
There are plenty of people talking about the stupidity or absurdity of government interference in encryption. I think we're all on the same page on that, so lets talk about the bigger game.
So your proposing the government keep databases of billions of keys spread across multiple agencies and you someone think this won't turn into a huge fucking security disaster?
No, I'm not proposing that, as indicated in the first sentence of the start of this thread. In fact, assuming that we're discussing the bigger game and how the best way to manage multiple party access, I didn't even specify the government keep the whole keys:
For example you might have the manufacturer in control of one part and the FBI in control of a second part and if you're especially paranoid, a third part is in the control of a court local to the manufacturer.
You must have missed that sentence since it sounds like you were assuming I think that it is a good idea that the government has control of all the parts of any key necessary to unlock a phone.
Nor did I suggest at any point that a disaster was anything but unavoidable if the government mandates multiple party access. However, if you mandate a unique key per phone and mandate that control of that key be split into three parts controlled by three different types of entities, one of them not a government agency, then it eliminates the ability of any single group to be pressured into giving up all the keys they're responsible for and even if one of them is completely compromised, the decryption information is still not divulged. The most likely security disaster is that keys are lost and the government cannot get information that has been deleted despite having a legal right to and the manufacturer is shut down by the government or the government is pitted against itself between different jurisdictions. The unavoidable disaster is the harm it does to the ability of the US to participate in global trade.
There are plenty of other threads pointing out how stupid and absurd it is for the government to mandate dual access encryption. I started this thread to address three things: 1) It's a myth that secure access to encrypted data is impossible with multiple parties, and people saying otherwise weaken the argument against the idea that the government should not interfere, 2) most security can be broken without requiring dual access systems from manufacturers, and 3) the fight over encryption access by the government is plausibly just misdirection to avoid discussion about the more likely ways they've already compromised security.
Your tone suggests you disagree with me but the topic of your disagreement makes me doubt you understood the original post. Kudos for caring about the issue though, the worst thing that can happen on this issue is apathy!
I was talking solely about OS encryption, partly because that seems to be the focus of legal discussions, but also because application level encryption is a much lengthier and undeniably messy discussion.
Open source software makes most of the rules lawmakers might try to impose pointless. Further, even if they did manage to impose some sort of rule, the ability of people not subject to the jurisdiction of the lawmakers to implement good cryptography in their applications goes unabated. It makes the exercise both futile and dangerous, which is the reason I started off by pointing out that we're on the same page for whether or not government should try outlawing math. Who else but Dr. Evil would push both the application level encryption discussion I wanted to avoid and also the many other scenarios that weren't mentioned in my post? Kudos for refusing to ignore the real implications. I wish you'd spent your energy on one of the other multitude of posts so I wouldn't feel compelled to reply, but someone has to present counter arguments if there is to be any discussion, so I will.
Just imagine how you would do it for PGP or SSH.
Okay, for both, or any other software library or application, the government could offer safe harbor if the software company responsible demonstrated the application would first transmit the encryption key to a government server before beginning service. It's not uncommon for video games and even operating systems to check in with an authority first now, so it wouldn't be much of a stretch to just mandate it for everyone. That avoids any need to manage certificate authorities or pay extra for the privilege of being spied on. Those who refuse safe harbor could still be in compliance if they do something similar on their own servers, which makes those pesky warrants necessary, but with secret courts and secret orders given in secret letters, I would be surprised if that sort of thing hasn't already happened.
Haven't there already been cases where authorities were compromised by the government? Wouldn't it be easier for the government if they could just make it part of the mandate? Outlaw software already exists, so it wouldn't even start a new black market, just extend it drastically.
... legacy devices? about foreign devices? what about devices exported from the U.S.?
Those already in place would be grandfathered in and become more valuable overnight. Foreign devices would get told to play ball or be banned, probably under the guise of "bringing jobs to law abiding US citizens." Why wouldn't lawmakers want to have the ability to peer into communications of devices exported from the US?
Of course it would fail to prevent serious crime. Of course it would cost the US billions in lost trade opportunities. Of course it would strengthen the market for open source applications created outside the US. Do you really think that is a serious consideration for law makers? Congratulations, now I'm commenting on "the stupidity or absurdity of government interference in encryption."
There are plenty of people talking about the stupidity or absurdity of government interference in encryption. I think we're all on the same page on that, so lets talk about the bigger game.
Of course if you ignored me the first time, there's no reason you wouldn't again. Still, I think it was worth repeating.
Anonymous is a coward for a reason. When I say: A is true, so lets talk about B then it's silly to say "But A is true so you're wrong!"
This is exactly the myth I was referring to. Your comparison to the TSA keys would make sense only if each suitcase had a different and unique key that the TSA could only get if it had three different organizations provide their part of that secret unique key for that specific suitcase.
Like so many people, you're assuming that the government would control one key which could unlock all phones. That's exactly wrong. The government wouldn't control a key, or even half a key, but at most one third of a key, and each phone would need a different key.
There are plenty of people talking about the stupidity or absurdity of government interference in encryption. I think we're all on the same page on that, so lets talk about the bigger game.
I see two, or maybe three levels to this game:
What if done correctly? (-ish)
I'm tired of hearing that a backdoor can't be done securely. Of course people have been doing dual access secure control for a long time. Essentially, you have one key used to encrypt the phone, which is normal for single access, but you have two key decryption methods, which is what makes it dual access. It means you have to secure the second method, which can be done by breaking it into multiple parts and putting that control under different agencies. For example you might have the manufacturer in control of one part and the FBI in control of a second part and if you're especially paranoid, a third part is in the control of a court local to the manufacturer.
In short it is possible to do dual access securely, but the other question is what the result of such control means. Is it better for the public, better for the country, better for you?
Why do they want you to think this is what is going on?
I don't believe encryption has been broken. The math is too strong. The technology required to brute force a crack of the encryption is decades away optimistically, perhaps impossible. However, the ability to compromise the apps and updates installed on active suspects' phones isn't nearly as unattainable. If the FBI, NSA or DHS wants to monitor your activity they don't need to crack the encryption, just get the phone manufacturer to sign a compromising piece of software you already probably automatically trust. The simple fact is that if you're a suspect and you've allowed any app or update then you're probably already compromised. They'd rather you didn't know that. I'm not sure I want you (the potential criminal or terrorist) to know it, but I believe truth is vital even if if it isn't comfortable.
What if it is worse?
Lets assume it is worse than we guess. Perhaps secret letters and secret courts have already done such a thing. The recent farce with the FBI vs Apple could be just that, a farce. It could be a deliberate public show (the FBI insisted it be public instead of secret as requested by the Apple) designed to keep people from considering how comprehensively the privacy of the average citizen has already been compromised. Consider the possibility that everything you or your family does with a mobile phone is already available to law enforcement at will.
And really, how does any of this harm you? Are you have secret thoughts that are awakened by someone who has a different view of their gender? Do you need to protect your own gender identity by suppressing someone whose identity is different? What are you afraid of?
No. I don't have secret thoughts, mostly I have fuzzy ideas and poorly thought out decisions. I have lots of feelings and am aware of them but mostly don't care since I have opinions. I'm an Murican.
As somebody wise said, "Life isn't easy when you're an adult. You have to think about stuff and it sucks."
Oh, what do I think? Getting past the baby puppies that make up my concrete arguments, I think two things at once. First, I have a hard time accepting a person's minority status based on what they choose to do rather than the physical characteristics they have no choice in. Second, every time I've encountered facilities designed to welcome people regardless of their situation, it has been a good thing. As a single father I can't count the times that a bathroom break was complicated by the fact that I had daughters.
I'm pretty hardcore right wing, so I believe in freedom, even when that pisses people off. At the same time, I support those businesses that make everyone feel welcome.
I believe in the idea that our society should be modeled after the idea that people are good and will make good decisions without being forced to by law. I recognize the limits of that ideal; I'm aware that sometimes people suck and legislation can help with that. Generally speaking, I'm in favor of protecting freedoms by legislation and I'm surprised that the freedom enshrined in our constitution, religious and otherwise, being protected by law can cause such a ruckus.
It's possible IBM supplied all the iPads and training in addition to the app itself.
I know it is fun and easy to criticize the TSA, and I am in favor of replacing them entirely with any of a dozen different possibilities. That said, there is a big difference between developing an app and supplying hardware and doing testing and training. I could build the app but I have no idea what the cost would be to test it sufficiently to meet government standards, then train the staff to use them, then equip the staff with hardware to use it. The cost of the app could literally be $0 and still top $1 million after the testing, training and equipment costs.
Someone else pointed out this is typical clickbait. It's got a shocking headline but then scant details on what actually caused the scenario. If they'd instead said "TSA has IBM develop an app that IBM contributed for free in exchange for exclusive rights to train staff for $10/hr each on how to handle customer service. Additionally, IBM will supply sufficient devices to have a minimum of two for each airport line at 5% profit per device" then the headline wouldn't generate nearly so much interest and the criticisms would be much better founded.
I wouldn't be at all surprised to find out that the bureaucracy that guides the TSA spent far more than is reasonable. I just didn't see enough details in TFA to assume that is actually the case. Does *anyone* have a breakdown on what kind of training, what kind of testing, what kind of devices were purchased?
I think it's worth discussing exactly how the encryption works again.
When the phone boots up, the data is still encrypted. Having access to the data while still encrypted is what they had but couldn't use. Once the PIN is entered, the data key is decrypted, which is what allows the OS to access the previoulsy encrypted data.
The data that is necessary to present the unlock screen is stored on the chip and can be overwritten, but doing so erases the key needed for the OS to access the encrypted data.
If you can get the phone after the PIN has been entered and the phone hasn't been rebooted, then the OS has access to the data. The problem is simply that you have to get past the PIN screen first. (That's not how jailbreaking works, by the way.) Entering the wrong PIN ten times will erase the key, which renders the encrypted data worthless again.
On the phone the case was about, it is possible to push a software update for the PIN entry screen without entering the PIN. It doesn't give you access to the encrypted data, but it could disable the part of the system that erases the decryption key. That would allow someone to enter more than ten guesses, unlimited guesses, in order to get the data key decrypted which would allow access to the previously encypted data.
Yes, I'm saying chip level encryption is worthless since the OS decrypts the data
The chip level encryption isn't worthless since the OS decrypts the data only after the PIN has been entered, and only if it is entered correctly within the first ten tries. The newer phones don't allow modification of that PIN entry screen the same way as a phone this old does.
I know how to handle a gun safely.
And your story indicates that at that time, you did not.
Granted, messing with a gun without asking someone about it first, particularly as a teen, might not have been the best choice, but I assumed it was loaded until proven otherwise and kept it pointed where even if it went off unexpectedly it wouldn't hurt anyone. Things don't always go as planned, and guns are dangerous, so yeah, that's precisely what handling a gun safely looks like.
It was a 12 gauge shotgun. Not unlike the one shown here: http://www.guns.com/2013/08/21...
That article describes it thus. "It looks like a rifle large enough to part a meteor, sink a battleship, or down a MIG with one shot. The reason is, it’s actually a shotgun, which explains the huge barrel but not the action."
I'd like to say "right, you never hear about a mass shooting at an NRA meeting" and then.... my "neighbors" held a 'Draw Muhammad' event. To your point though, despite an attempt, idiots with guns vs idiots with guns ended quickly with one wounded security guard and two dead would be mass shooters.
Maybe more idiots with guns would prevent mass shootings more effectively than only criminals with guns. But you have to ask what is worse, the rare mass shooting in the headlines that statistically has no relevance to your personal safety or the far more statistically relevant suicides and accidental deaths.
I know that's a pretty cynical and wishy-washy stance to take, so where am I coming from? I grew up around guns. At my local farmers co-op store, the natives would gather round and discuss the weather over coffee while their unlocked pickups with guns in the racks sat outside unlocked, windows often open and sometimes with keys in the ignition. Nobody would think of stealing a vehicle knowing there were fifteen old hunters with no better dream scenario than a chance to shoot a deserving stupid thief. There are two mitigating factors to temper my comfort with an armed populace. First, the accident, and second the depression. I'd want more details if I was reading so I'll share.
The Accident. I was in my mid to late teens, I don't remember exactly. I do recall the gun. It was a bolt action gun I'd never seen before in my grandma's closet. The bore was way to big to be a rifle and it had an adjustable choke, which would make sense on a shotgun, but shotguns are single shot, pump action, and double-barrel. I mean, I've never used an over-under but I would have recognized that! Bolt actions, like lever are just for rifles. Even semi's could be either, but a bolt? That's not a shotgun, it can only be a rifle, but the smooth bore, huge barrel size, and adjustable choke could only be a shotgun.What's a young teen to do? Obviously, I had to examine it. Grandma's closet had guns for as long as I can remember, but they were never loaded, cause that would be irresponsible and nobody in my family would be irresponsible with guns. Cool, I could play with it and find out exactly what kind of gun I'd discovered. Despite my confidence and comfort with the situation, I know how to handle a gun safely. I always treat it like it is loaded until I confirm otherwise for myself. As I searched for the safety and tried to work a bolt stiffer than I'd ever worked before I must have brushed the trigger because it went off. Did I mention it was at a family holiday gathering? That kind of sound, in house, even if in a closet, draws attention. I mention this because you might worry somebody was hurt and the only thing hurt was my confidence and pride. Also a ceiling and a luckily placed two-by-four in the attic. Turns out, it was loaded and not everyone in my extended family had the same "it's always unloaded in the house" rule.
So the moral of The Accident is that with proper training and experience even kids are protected from dangerous gun situations. The second factor has a shorter story. I've experienced depression. It sucks. Not having a gun probably isn't responsible for my survival, but I can't absolutely rule it out.
So I guess my stance is that guns aren't the problem, education and safety training combined with thoughtful consideration are the real solution. Shortest version: it kinda sucks to be a moderate libertarian.
As an occasional listener to NPR podcasts and local stations, I've noticed there are more sponsors mentioned on the podcasts I listen to. It might be just the ones I listen to, but it does raise an interesting question: Are the podcasts a way to make money more effectively than the radio stations? It's certainly possible to produce podcasts with less overhead, but I imagine there are far fewer listeners. I'm not sure if it really could be enough to offset the local stations' declining income but I'd like to see local stations promoting their own branded and income generating podcasts.
I'm impressed. I've been considering different ideas and this makes sense, sort of. I'm offended somehow, yet intrigued.
Mod parent up.
I wondered about this. If Apple is forced to produce software with a backdoor built in, can they still approve apps that create real security?
Headline: Apple endorses privacy app, this app changes the private keys in your phone and re-encrypts it so that nobody, hackers or governments, can decrypt the data on your phone without your password. The app is available for download now from the creators in Elbonia which is outside US jurisdiction.
You're assuming that the user wouldn't be able to remove or modify the public key stored on the phone. I'm assuming the user wouldn't be able to change the data encryption key stored on the phone. I'm not sure which would work best from a programming perspective.
I think from a government perspective, recovering the password might be more useful since people tend to reuse passwords and they might get lucky and be able to use the same password but that's hardly a guarantee, since that's poor security practice. Speaking of poor security practices, I wonder if admitting there are ways to implement a relatively secure backdoor is a good idea. Well sometimes I wonder, other times I think it's better to suggest the possible best ways rather than trust that our clueless legislators will get it right on their own.
You suggest the manufacturer modify the software and also create a phone specific public-private keypair and retain that so they can get the password to be able to decrypt the key. Compared to just keeping a copy of the key like I suggested, that sounds far more complicated.
What I suspect sounded complicated to you is the idea of splitting the key. They should do that no matter what they retain, because otherwise one person can be coerced into giving up all the keys at once.
Three points
1) Encryption exists because the math has been done and is widely available. You don't have to be Apple or Google to use strong encryption. Personally I like dm-crypt with LUKS, but there are plenty of options available to secure data that don't depend on approval by the US or any government. Obama was just wrong, we've long had "black boxes" inaccessible to the government and it is literally impossible to keep them from happening. The tools already exist outside the US to securely encrypt data. If you're determined, you can even create "black box" encryption for your personal paper journal: https://en.wikipedia.org/wiki/... or http://slashdot.org/comments.p...
2) If US companies are legislated into creating back doors into their systems, then those companies will lose potential sales because a significant number of people in the world don't trust the US government. While people who really want both security and a particular brand of phone could find ways to get both despite legislated back doors, most won't because there will be easier alternatives from companies that aren't subject to US law. When Samsung decides they won't create phones subject to US restrictions, they'll sell them everywhere Apple phones used to be sold, which isn't great for Samsung if they lose US sales, but will be disastrous for US companies that would have gotten those sales. (And hired people in the US and paid taxes in the US.)
3) Each phone has a key which is encrypted with your passcode and a unique id on the phone. When you change your password, the key doesn't change, all that changes is what code it is encrypted with. There are two ways that the government could legislate access to that phone: First every phone could be required to use one of a few keys retained by the manufacturer. If any of those keys are ever shared, every phone using those keys is no longer effectively encrypted. Second, the manufacturer could keep a copy of each key used by each phone so that any one key would decrypt only one phone. You can split up the keys into parts and store them separately and offline and with different parts of each key held by different entities. That would mean that in order to secure any phone, law enforcement would have to subpoena multiple parties for each part of the key specific to the phone they want to decrypt. Either method fails for the government if a criminal cares to put in the effort, since all the criminal has to do is get the key stored in the phone originally to be changed, usually a fairly trivial hack. The downside is that the countermeasure is to have the current key always electronically transmitted home, which would likely be required, making alternatives used and US distrust more and more likely to be problems. So it isn't true that "it's only a matter of months before criminals and other nation states have that key" but the other issues are just as bad.
Early on in the internet, I was (sadly) consumed with the idea that since html and vbscript (sorry) were both just text, which could create other text, then it ought to be possible to create a program which would create other programs, test and apply the results. I was the AI researcher you picture, except with few resources, not much ambition and no pants.
The real problem I faced with designing such a system was motivation. Not motivation for me, motivation for the resulting project. I was content to consider viruses, malware, trojans and money, but I couldn't come up with any motivation to instill in the product which would result in something useful.
I killed a couple servers. Let the magic smoke out of my prized sun box and mostly I just failed to imagine some way that a self improving and replicating system could result in something that actually had a purpose.
Twenty years later, I'm still at a loss. How do you motivate software? I can program things (in better languages now, thank you) to create other programs, programs with intentional results even, but what's the point? Software goals aren't my goals and most of them result in something similar to the magic smoke I witnessed rising from a box I overtaxed then fiddled with to no tangible result.
If we (humans) ever create actual strong AI, it will be with a motivation that we actually care about and think can be achieved. It's amazingly easier to do parts of that job than it was when I started, but the issues I faced with creating something actually useful are still there. I automate jobs every day, and I'd love to create something that can do the automation for me, but it's a magnum opus that I can't really get behind because it doesn't serve the purpose more effectively than doing it myself.
My replacement could be something that I could write. But I won't, not because I can't and not because I have a moral objection, but because as the product of thousands of generations of evolution, I'm still far more efficient than a program I could write.
I'm vain and egotistical, and when they (because I'm not interested or motivated enough for it to be me) create an AI with the same capabilities and motivations, it should replace me. I'm perfectly fine with that. I expect that I won't have a clue, because my bones will be dust when it happens. But if it happened tomorrow, I could finally get around to learning enough about quantum mechanics to do something innovative with it and maybe learn to play the piano.
If there is an AI created which can do my work, do the things I care about and enjoy life, play the piano and create a better world to live in, then I'll call it my child and love it and nurture it the same way I love my biological children. AI can and may replace humanity, but to do that, it will become human. More than human. That's a dream I can barely begin to imagine, but it will make the world better, not worse, not scary and not sad. It will be the ultimate triumph of humanity when we create something that is human and at the same time more than human to follow us and carry on our best traits, but with a type three civilization instead of the current type two our most optimistic predictions for humanity reasonably currently predict.
Thank you for saying what I was thinking, but saying it better than I would.
There is no way to outlaw math. You can outlaw sharing information. You can outlaw not sharing information. When the secret is out, and in this case it is, anyone can learn to do unbreakable encryption, then it is impossible to outlaw knowledge, and in this specific instance the secret isn't secret anymore.
In this case the attempt is to make it illegal to fail to know something nobody knows. Nobody knows a way to decrypt something encrypted correctly with strong encryption. This law effectively makes it illegal to fail to know something impossible to know.
It isn't quite that easy. There is a question response validation process that the system providing the firmware has to process correctly, using a unique variable in each process, requiring Apple's signing key.
I'm not saying it couldn't be possible some other way, just that there isn't a publicly known one.