Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General If the cops and Feds can't read people's encrypted messages, you will install backdoors for us, regardless of the security hit, US Attorney General William Barr has told the technology world. While speaking today in New York, Barr demanded eavesdropping mechanisms be added to consumer-level software and devices, mechanisms …
If that were true, you'd be considered a national security asset some time back and taken over by a state agency. No computer on earth is a match for an army and its (all-mechanical) weapons as far as human-level technology is concerned.
Oh, and someone would've been able to beat a TEMPEST room by know if anything you said was true. As that would be a national-security-level event, news would be all over it (including agencies outside the affected nation's sovereignty).
Well then! I will just use software to flicker your onboard graphics chip, CPU, or various OTHER controllers to emit low-data rate RF/EM noise at specific rates and intensities that represent a valid encrypted data stream of the onboard data that the BIOS hacks captured! An external reader sna d DSP software we convert the NOISE back into normal data which one can use for nefarious purposes!
Bada bada BING!
.
If you want to attack some encrypted data then trying to break the algorithm is a waste of time, you go after the keys. This is where you trade convenience for potentially compromised security -- close to absolute security can be attained with a one time pad and standalone encryption equipment but its a hassle to use (unless you're really worried about government eavesdropping). So you go for the more convenient options of key management and encryption built into applications or available as a library service.
Barr's wet dream will only work if you're only allowed to use encryption in a small number of widely used, compromised, applications. I'd guess that he'll want to make using anything else a felony but that probably won't work in the US (damn Constitution/Bill of Rights!). Most people will go with the program because they're not that interested in security -- they've got little to nothing to hide so adequate security will do. Those that they really should keep tabs on won't be using breakable applications.....unless they're really stupid. Its pretty obvious but trying to tell Barr or any of his ilk anything is a waste of energy.....anyway, he's probably got heaps of experts lined up ready to cash in who will tell him anything he wants to hear.
"....Or worse. These kind of laws may put in screen scrapers/keyboard loggers in the actual hardware. No amount of HTML is gonna fix that, unless you are asking the user to encrypt *their* speech before typing. :P.... "
Actually YOU CAN DO THAT TOO !!! If you have a good enough memory or are math oriented. You can write pad-based code phrases into your word processor/text editor which look like nonsense phrases BUT are in fact pre-determined encryption codes translated by your mind as you type!
Use common song lyrics that are switched around in certain ways to represent common English phases. MANY people know enormous amounts of song lyrics so it's NOT that hard to create a MIND-ONLY cipher that even a supercomputing system would have a hard time deciphering due to the sheer number of combinations available to represent pre-determined phrases as agreed by two-or-more friends, family and business associates!
.
If you are a terrorist and wish to further your cause, then you need to recruit followers. Recruiting followers by definition means talking to people whom you do not know, in an open and entirely clear-text sort of way. You have to have publicity, and it is this need for publicity that enables law enforcement to make a list of potential suspects.
Once you have identified a recruiter and started to analyse the terrorist network, you once again do not need to break their codes. It is nice if you can, but most of the time knowing who is talking to whom is much more use; this again does not need encryption compromise.
Finally, when you have a terrorist network identified, then you will have a network of cells who mostly don't know each other. The thing here is that you don't need to know what this lot are saying to further compromise them; repeatedly getting local law enforcement to pick up key figures and then let them go without charge very quickly is one good way of convincing the rest of the paranoids that their network is compromised and that these key figures are police stooges.
Mostly, you do not need to be able to break terrorist comms to disrupt their networks.
That's the entire raison d'etre of social media applications - they generate a web of who knows who. Trying to explain this to someone like Barr is like talking to a brick wall, they've got this fixed mental model of how things work and the only way they can operate is by forcing the world to conform to that model.
There was a recent article in Russia Today about how drug dealers were trying to circumvent this problem of hiding their networks and how it doesn't work that well. The methodology they used was sophisticated but it failed like all security schemes fail -- because of the human element.
https://www.rt.com/russia/464562-dead-droppers-russia-drug-war-spice/
So... Barr is okay with big businesses using strong encryption, but not anybody else? Has he noticed that organized crime *is* big business? Does he think that criminals or terrorists that are sophisticated enough to use encryption at all will stop at using weak encryption with back doors, rather than using the best they can obtain?
In short, is Barr that stupid, or what?
I think the "or what" category applies. He knows full well what he's doing and why. What the clown doesn't realize is that if works for the Trump administration then it will also work for administration Barr doesn't agree with.
Stupid? Probably just a loyal lapdog idiot.
The endgame here is to ensure there will never again be an administration that he doesn't agree with. That's the logical trajectory of US politics right now.
That's why the Supreme Court has disclaimed all interest in gerrymandering, and the last act of the outgoing Rep state governor in Wisconsin was to sign a law stripping his own office of powers. If you really believe, as increasing numbers of these scumbags do, that the other side is Evil, then you can't allow democracy.
(And yes, the Democrats are moving the same way. Arguably the only reason they're lagging is because they're the underdogs, so have more to gain from pluralism. If Americans can't get over this, the country is finished.)
"I don’t even know where to begin," the professor added.
Well, I'm not a professor ...
But I'm quite sure I know exactly what his first thought was: Damn! Another premium certified asshole just doing his thing within the present US administration.
... is Barr that stupid, or what?
See above.
O.
Barr may be stupid and/or ignorant, but that is irrelevant. The only requirement on his part is that he honestly believe the rest of the country is. (And in the case of how this particular policy would directly impact them he would likely be right.)
(Big Brother icon, though I feel Brave New World would be more appropriate).
The Guzman trial proved exactly that. He had his own encrypted comms system setup by an IT contractor who was flipped by the FBI and he inserted a backdoor for the FBI to eavesdrop. With billions and liberty at stake spending a few million a year on systems is nothing. Of course now that all was revealed during that trial, organised crime will be making sure their IT people are either one of their own or locked up in a small room and effectively held prisoner.
"Of course now that all was revealed during that trial, organised crime will be making sure their IT people are either one of their own or locked up in a small room and effectively held prisoner."
The former can still be tailed or moled (that's how they got bin Laden), the latter would likely go stir crazy and they'll have to kill him (or he'll kill himself), meaning they won't get a solution.
There are well trodden ways of organizing things to alleviate this problem. In simplistic terms, split the project down into bite sized pieces that don't in and of themselves reveal or betray the overall goal. There are issues around how to bring it all together but I'd rather not say too much about that as I'm sure I just saw a shadow cross the sun...
"There are well trodden ways of organizing things to alleviate this problem. In simplistic terms, split the project down into bite sized pieces that don't in and of themselves reveal or betray the overall goal."
But SOMEONE has to be able to put it all together. That's who the plods target or mole.
Well, if small businesses could afford secure encryption, then ordinary people might get their hands on it. Or the bad guys might start a small business. It's pretty hard for a terrorist cell to set up a Fortune 500 company on short notice without attracting attention.
Lawyers again believing that the laws of nature, mathematics and physics can be overridden simply by legislating it.
That takes a level of arrogance, that, thankfully I have not met or a new level of stupid that should not be allowed to pollute the gene pool.
I suspect, to my horror, it is probably a combination of both
This post has been deleted by its author
I believe there was such a proposal tabled in one particular state, though - to give credit - the proposal was shot down pretty quickly by the rest of the house - I don't believe it even made it to a vote. I doubt the US will be so lucky this time. Australia wasn't... see: Laws of Mathematics vs Laws of Australia, one-or-another of the faceless revolving prime-ministers for the year, circa 2018.
Making pi = 3 is actually more sane. Though still insane. It's a measurements and commercial weights kinda thing. It would just mean anyone selling "pi length rope" would sell it as 3 of that (foot/cm etc).
Still unfair, a scam and illogical and wrong. Making profit off the extra not given to the customer. But it's at least understood how and why, and "workable" (just as many other industries use their own terminology for "standard" sized portions/measurements/sales sizes... I mean, just look at McDonalds and "small/medium/large" ;) ).
But here... here is a request that is totally unworkable.
They weren't making pi equal to three to match Holy Scripture. They were simply passing a resultion that said they recognized that the great discovery of pi being equal to some slightly wrong value by a circle-squarer was a valuable mathematical discovery so that they wouldn't have to pay a royalty when they updated and corrected their school textbooks.
The law would not have prevented engineers and machinists in the state from continuing to use the real value of pi, it would only have gotten the state laughed at.
If the criminals know encryption is cracked then they will use other methods to communicate.
As it states written (paper) is exempt from this, so why not communicate using the post, or use the older book based coding system.
I.e both buy the same book, use the page,line,word reference key. Or produce a document that contains the words they need.
For example 36,1,2 36,12,1 36,12,4
Yes it is a bizarre phrase but to solve it you need this month’s Fortean times (issue 381)
Wonder who is going to work it out?
Unless you go full one-time pad (with the associated key exchange headaches), I think that these book-based ciphers won't work anymore against a state-sponsored actor. It's just to easy to suck in a digital version of the library of congress and try every possibility. Much, much easier than even cracking DES.
(how many books? a billion? With magazines, round it up to four? Searching through 2^32 options for stuff that sounds like not gibberish is something my laptop can probably do)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
