back to article Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General

If the cops and Feds can't read people's encrypted messages, you will install backdoors for us, regardless of the security hit, US Attorney General William Barr has told the technology world. While speaking today in New York, Barr demanded eavesdropping mechanisms be added to consumer-level software and devices, mechanisms …

Page:

                  1. Prst. V.Jeltz Silver badge
                    Pirate

                    corr!

                    I've got a welder and some glue!

                    imma gonna make my own pc too!

                    With blackjack! and hookers!

                  2. Charles 9 Silver badge

                    If that were true, you'd be considered a national security asset some time back and taken over by a state agency. No computer on earth is a match for an army and its (all-mechanical) weapons as far as human-level technology is concerned.

                    Oh, and someone would've been able to beat a TEMPEST room by know if anything you said was true. As that would be a national-security-level event, news would be all over it (including agencies outside the affected nation's sovereignty).

        1. Anonymous Coward
          Anonymous Coward

          Secure Indeed.

          I have an old netbook that is completely secure - the Wifi is borken, the USB Ports are dead, there is no ethernet jack, AND the screen is cracked to the point of not functioning.

          1. StargateSg7

            Re: Secure Indeed.

            Well then! I will just use software to flicker your onboard graphics chip, CPU, or various OTHER controllers to emit low-data rate RF/EM noise at specific rates and intensities that represent a valid encrypted data stream of the onboard data that the BIOS hacks captured! An external reader sna d DSP software we convert the NOISE back into normal data which one can use for nefarious purposes!

            Bada bada BING!

            .

        2. NoneSuch Silver badge

          "whatever you want , it doesnr matter if those transmission media are compromised they dont have the key and cant decrypt it."

          No, but as the folks you listed have policies against encrypted content, they can delete it, or simply not accept it.

      1. Prst. V.Jeltz Silver badge

        There are legit attacks that could easily neuter your whole big scheme

        Yeah? then how come ransomware works?

        why is no one neutralising that scheme?

        1. Charles 9 Silver badge
          FAIL

          Because Stupid is involved, and You Can't Fix Stupid, even though we MUST to keep them taking the rest of us with them.

    1. martinusher Silver badge

      Its not the algorithm....

      If you want to attack some encrypted data then trying to break the algorithm is a waste of time, you go after the keys. This is where you trade convenience for potentially compromised security -- close to absolute security can be attained with a one time pad and standalone encryption equipment but its a hassle to use (unless you're really worried about government eavesdropping). So you go for the more convenient options of key management and encryption built into applications or available as a library service.

      Barr's wet dream will only work if you're only allowed to use encryption in a small number of widely used, compromised, applications. I'd guess that he'll want to make using anything else a felony but that probably won't work in the US (damn Constitution/Bill of Rights!). Most people will go with the program because they're not that interested in security -- they've got little to nothing to hide so adequate security will do. Those that they really should keep tabs on won't be using breakable applications.....unless they're really stupid. Its pretty obvious but trying to tell Barr or any of his ilk anything is a waste of energy.....anyway, he's probably got heaps of experts lined up ready to cash in who will tell him anything he wants to hear.

      1. Anonymous Coward
        Facepalm

        Re: Its not the algorithm....

        Or worse. These kind of laws may put in screen scrapers/keyboard loggers in the actual hardware. No amount of HTML is gonna fix that, unless you are asking the user to encrypt *their* speech before typing. :P

        1. Doctor Syntax Silver badge

          Re: Its not the algorithm....

          If that happens US tech products become unsaleable in the rest of the world.

          1. Charles 9 Silver badge

            Re: Its not the algorithm....

            Until they find out the US moled every other tech company in the world. Then it's full-on DTA mode.

          2. Reg Reader 1

            Re: Its not the algorithm....

            I don't believe that Trump and the Oligarchy care, at all, about the world not buying America. Their setting up a takeover, imho. Trump still seems to a large base, mostly of the base, with guns loaded I'd bet.

        2. StargateSg7

          Re: Its not the algorithm....

          "....Or worse. These kind of laws may put in screen scrapers/keyboard loggers in the actual hardware. No amount of HTML is gonna fix that, unless you are asking the user to encrypt *their* speech before typing. :P.... "

          Actually YOU CAN DO THAT TOO !!! If you have a good enough memory or are math oriented. You can write pad-based code phrases into your word processor/text editor which look like nonsense phrases BUT are in fact pre-determined encryption codes translated by your mind as you type!

          Use common song lyrics that are switched around in certain ways to represent common English phases. MANY people know enormous amounts of song lyrics so it's NOT that hard to create a MIND-ONLY cipher that even a supercomputing system would have a hard time deciphering due to the sheer number of combinations available to represent pre-determined phrases as agreed by two-or-more friends, family and business associates!

          .

      2. Doctor Syntax Silver badge

        Re: Its not the algorithm....

        "they've got little to nothing to hide"

        They think they've nothing to hide. In fact they have.

        Would Barr be prepared to go to jail as an accessory to wire fraud after the first bad consequence surfaces?

      3. PerlyKing Silver badge
        Meh

        Re: Those that they really should keep tabs on won't be using breakable applications

        I suppose that the problem with using alternative applications is that it automatically becomes suspicious.

      4. Dr Dan Holdsworth
        FAIL

        Re: Its not the algorithm....

        If you are a terrorist and wish to further your cause, then you need to recruit followers. Recruiting followers by definition means talking to people whom you do not know, in an open and entirely clear-text sort of way. You have to have publicity, and it is this need for publicity that enables law enforcement to make a list of potential suspects.

        Once you have identified a recruiter and started to analyse the terrorist network, you once again do not need to break their codes. It is nice if you can, but most of the time knowing who is talking to whom is much more use; this again does not need encryption compromise.

        Finally, when you have a terrorist network identified, then you will have a network of cells who mostly don't know each other. The thing here is that you don't need to know what this lot are saying to further compromise them; repeatedly getting local law enforcement to pick up key figures and then let them go without charge very quickly is one good way of convincing the rest of the paranoids that their network is compromised and that these key figures are police stooges.

        Mostly, you do not need to be able to break terrorist comms to disrupt their networks.

        1. martinusher Silver badge

          Re: Its not the algorithm....

          That's the entire raison d'etre of social media applications - they generate a web of who knows who. Trying to explain this to someone like Barr is like talking to a brick wall, they've got this fixed mental model of how things work and the only way they can operate is by forcing the world to conform to that model.

          There was a recent article in Russia Today about how drug dealers were trying to circumvent this problem of hiding their networks and how it doesn't work that well. The methodology they used was sophisticated but it failed like all security schemes fail -- because of the human element.

          https://www.rt.com/russia/464562-dead-droppers-russia-drug-war-spice/

    2. Anonymous Coward
      Anonymous Coward

      Do you mean EFF himself as in Electronic Freedom Foundation himself? Could be worth watching.

  1. Old Used Programmer Silver badge

    Big Business vs. Individuals

    So... Barr is okay with big businesses using strong encryption, but not anybody else? Has he noticed that organized crime *is* big business? Does he think that criminals or terrorists that are sophisticated enough to use encryption at all will stop at using weak encryption with back doors, rather than using the best they can obtain?

    In short, is Barr that stupid, or what?

    1. Mark 85 Silver badge

      Re: Big Business vs. Individuals

      I think the "or what" category applies. He knows full well what he's doing and why. What the clown doesn't realize is that if works for the Trump administration then it will also work for administration Barr doesn't agree with.

      Stupid? Probably just a loyal lapdog idiot.

      1. veti Silver badge

        Re: Big Business vs. Individuals

        The endgame here is to ensure there will never again be an administration that he doesn't agree with. That's the logical trajectory of US politics right now.

        That's why the Supreme Court has disclaimed all interest in gerrymandering, and the last act of the outgoing Rep state governor in Wisconsin was to sign a law stripping his own office of powers. If you really believe, as increasing numbers of these scumbags do, that the other side is Evil, then you can't allow democracy.

        (And yes, the Democrats are moving the same way. Arguably the only reason they're lagging is because they're the underdogs, so have more to gain from pluralism. If Americans can't get over this, the country is finished.)

    2. el kabong

      It's both

      Yes barr's stupid squandering what's left of america's tech credibility for no real benefit, most definitely stupid, a complete fool. He's also what.

    3. oiseau Silver badge
      WTF?

      Re: Big Business vs. Individuals

      "I don’t even know where to begin," the professor added.

      Well, I'm not a professor ...

      But I'm quite sure I know exactly what his first thought was: Damn! Another premium certified asshole just doing his thing within the present US administration.

      ... is Barr that stupid, or what?

      See above.

      O.

      1. VikiAi
        Big Brother

        Re: Big Business vs. Individuals

        Barr may be stupid and/or ignorant, but that is irrelevant. The only requirement on his part is that he honestly believe the rest of the country is. (And in the case of how this particular policy would directly impact them he would likely be right.)

        (Big Brother icon, though I feel Brave New World would be more appropriate).

    4. hplasm
      Holmes

      Re: Big Business vs. Individuals

      "organized crime *is* big business"

      ...the reverse is also true.

    5. Sulky

      Re: Big Business vs. Individuals

      The Guzman trial proved exactly that. He had his own encrypted comms system setup by an IT contractor who was flipped by the FBI and he inserted a backdoor for the FBI to eavesdrop. With billions and liberty at stake spending a few million a year on systems is nothing. Of course now that all was revealed during that trial, organised crime will be making sure their IT people are either one of their own or locked up in a small room and effectively held prisoner.

      1. Charles 9 Silver badge

        Re: Big Business vs. Individuals

        "Of course now that all was revealed during that trial, organised crime will be making sure their IT people are either one of their own or locked up in a small room and effectively held prisoner."

        The former can still be tailed or moled (that's how they got bin Laden), the latter would likely go stir crazy and they'll have to kill him (or he'll kill himself), meaning they won't get a solution.

        1. Julz Silver badge
          Black Helicopters

          Re: Big Business vs. Individuals

          There are well trodden ways of organizing things to alleviate this problem. In simplistic terms, split the project down into bite sized pieces that don't in and of themselves reveal or betray the overall goal. There are issues around how to bring it all together but I'd rather not say too much about that as I'm sure I just saw a shadow cross the sun...

          1. Doctor Syntax Silver badge

            Re: Big Business vs. Individuals

            I doubt organised crime would worry about such details. Dead men don't talk etc.

            1. Charles 9 Silver badge

              Re: Big Business vs. Individuals

              They also don't produce products, and unless you keep things current, things get broken.

              1. Anonymous Coward
                Anonymous Coward

                Re: Big Business vs. Individuals

                Ithiunk you may be wrong about that. Let's face it, the average oligarch can easily afford a software factory beyond the reach of US law.

                1. Charles 9 Silver badge

                  Re: Big Business vs. Individuals

                  INCLUDING the clandestine laws?

          2. Charles 9 Silver badge

            Re: Big Business vs. Individuals

            "There are well trodden ways of organizing things to alleviate this problem. In simplistic terms, split the project down into bite sized pieces that don't in and of themselves reveal or betray the overall goal."

            But SOMEONE has to be able to put it all together. That's who the plods target or mole.

    6. STOP_FORTH
      Joke

      Re: Big Business vs. Individuals

      What about Big Business versus Small Business? Why do small businesses not deserve protection? Is it because Big Business is less corrupt?

      1. ThatOne Silver badge
        Devil

        Re: Big Business vs. Individuals

        > Why do small businesses not deserve protection?

        Because it didn't spend enough in election funds.

        1. STOP_FORTH
          Devil

          Re: Big Business vs. Individuals

          Fair enough, how big a contribution do I have to make so that I can use encryption?

      2. John Savard Silver badge

        Re: Big Business vs. Individuals

        Well, if small businesses could afford secure encryption, then ordinary people might get their hands on it. Or the bad guys might start a small business. It's pretty hard for a terrorist cell to set up a Fortune 500 company on short notice without attracting attention.

        1. Anonymous Coward
          Anonymous Coward

          Re: Big Business vs. Individuals

          But can't they just wedge their way into one on the sly? Say by blackmailing an executive?

  2. FozzyBear
    Facepalm

    Lawyers again believing that the laws of nature, mathematics and physics can be overridden simply by legislating it.

    That takes a level of arrogance, that, thankfully I have not met or a new level of stupid that should not be allowed to pollute the gene pool.

    I suspect, to my horror, it is probably a combination of both

  3. This post has been deleted by its author

    1. VikiAi

      Re: The right amount of stupid...

      I believe there was such a proposal tabled in one particular state, though - to give credit - the proposal was shot down pretty quickly by the rest of the house - I don't believe it even made it to a vote. I doubt the US will be so lucky this time. Australia wasn't... see: Laws of Mathematics vs Laws of Australia, one-or-another of the faceless revolving prime-ministers for the year, circa 2018.

      1. Claptrap314 Silver badge

        Re: The right amount of stupid...

        Indiana. As I understand it, one of the members was clueful enough to get a delay while he ran to the local university & got an expert.

        <sigh> If only...

    2. Anonymous Coward
      Anonymous Coward

      Re: The right amount of stupid...

      Making pi = 3 is actually more sane. Though still insane. It's a measurements and commercial weights kinda thing. It would just mean anyone selling "pi length rope" would sell it as 3 of that (foot/cm etc).

      Still unfair, a scam and illogical and wrong. Making profit off the extra not given to the customer. But it's at least understood how and why, and "workable" (just as many other industries use their own terminology for "standard" sized portions/measurements/sales sizes... I mean, just look at McDonalds and "small/medium/large" ;) ).

      But here... here is a request that is totally unworkable.

      1. Doctor Syntax Silver badge

        Re: The right amount of stupid...

        "It's a measurements and commercial weights kinda thing."

        It makes for a bumpy ride when your wheels and tyres have gaps.

        1. Andytug

          Re: The right amount of stupid...

          It would also make your space and aeronautics programmes very......interesting!

      2. John Savard Silver badge

        Re: The right amount of stupid...

        They weren't making pi equal to three to match Holy Scripture. They were simply passing a resultion that said they recognized that the great discovery of pi being equal to some slightly wrong value by a circle-squarer was a valuable mathematical discovery so that they wouldn't have to pay a royalty when they updated and corrected their school textbooks.

        The law would not have prevented engineers and machinists in the state from continuing to use the real value of pi, it would only have gotten the state laughed at.

  4. Giles C Silver badge

    Hmm

    If the criminals know encryption is cracked then they will use other methods to communicate.

    As it states written (paper) is exempt from this, so why not communicate using the post, or use the older book based coding system.

    I.e both buy the same book, use the page,line,word reference key. Or produce a document that contains the words they need.

    For example 36,1,2 36,12,1 36,12,4

    Yes it is a bizarre phrase but to solve it you need this month’s Fortean times (issue 381)

    Wonder who is going to work it out?

    1. cdegroot

      Nope

      Unless you go full one-time pad (with the associated key exchange headaches), I think that these book-based ciphers won't work anymore against a state-sponsored actor. It's just to easy to suck in a digital version of the library of congress and try every possibility. Much, much easier than even cracking DES.

      (how many books? a billion? With magazines, round it up to four? Searching through 2^32 options for stuff that sounds like not gibberish is something my laptop can probably do)

      1. whitepines
        Angel

        Re: Nope

        Not books -- videos. Tie it to a specific pressing of a commercial movie you can get in the store. 50+GB of possible key material per disk makes this effectively immune to brute force search. Data comes from frame number and pixel in triplets...

        1. Anonymous Coward
          Trollface

          Re: Nope

          The Library of Babel might help you then? ;)

          https://libraryofbabel.info/

          (For any not getting the joke, the library has not books/data, it's generated on the fly from the request link)

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021