back to article Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General

If the cops and Feds can't read people's encrypted messages, you will install backdoors for us, regardless of the security hit, US Attorney General William Barr has told the technology world. While speaking today in New York, Barr demanded eavesdropping mechanisms be added to consumer-level software and devices, mechanisms …

Page:

      1. sabroni Silver badge

        Re: for stuff that sounds like not gibberish

        How do you eliminate false positives though? I'd imagine that with a short message and the number of books you suggest using there'd be a number of pefectly parsable results.

        1. Charles 9 Silver badge

          Re: for stuff that sounds like not gibberish

          That's how the plods can beat a one-time pad. If they intercept such a message they can mess it up, breaking the synchronization. That's also how they can beat stego: by mangling any of the images and videos sent over the wires. Once the synchronization is broken (and synchronization is essential to a one-time pad), they lose their ability to communicate, and that can be good enough for them.

          1. John Robson Silver badge

            Re: for stuff that sounds like not gibberish

            You just use 10 bits of your pad as an initialisation on startup.

            So the first ten bits of the message are actually a key into the one time pad.

            A little wasteful, but not that much.

            1. Charles 9 Silver badge

              Re: for stuff that sounds like not gibberish

              Then it's no longer a one-time pad. Plus it still doesn't help if a message gets garbled along the way as ALL the bits can get scrambled, INCLUDING the first ten or whatever. Put it this way. The effectiveness of a one-time pad is dependent on a reliable means of communication: open or not. A distorted message is useless in this scheme.

              1. StargateSg7

                Re: for stuff that sounds like not gibberish

                You can USE the distortion itself as a messaging schema!

                The amount and position of image distortion, destruction or change IN ITSELF is a piece of information that can be related to a given pre-determined code and/or phrase. And if the distortion or change is applied randomly, you can create BOUNDARIES that infer that ANY changes or distrotions that fall within a specific range of change values and/or distortion value is an acceptable representation of a given code.

                This allows for Steganography that is resistant to randomized bit flipping or bit-swapping or otehr randomized distortions because the 3rd party distortions and changes IN-THEMSELVES are a means of data exchange! Basically you are using a 3rd party's IT weapons against themselves!

                .

                1. Charles 9 Silver badge

                  Re: for stuff that sounds like not gibberish

                  You assume they have control of the distortion. I'm assuming the plods do due to being the MITM. In my case, the distortions can be controlled such that any attempts to further distort it to introduce stego can be detected.

          2. This post has been deleted by its author

      2. Sir Runcible Spoon

        Re: Nope

        you've only to combine it with rot-13 to make the code nigh on unbreakable as you'd have to analyse the output from *every* book to end up with something you could then try and parse as 'normal text'. Other options are available (such as using a book you wrote yourself, or adding an abitrary number to the book refenece numbers etc.)

        1. Anonymous Coward
          Anonymous Coward

          Re: Nope

          In A Perfect Spy, Magnus communicates with the Czechs via an old edition of Simplicissimus. There are many, many books in print which are not going to be in any library accessible by a given state. At one company I worked for we had a code book which was a particular edition of an obscure German -English dictionary. Doubtless crackable, but not with a level of effort which would justify a competitor finding out the book to bill, scrap rates and quality levels for the previous month.

      3. revenant
        Happy

        Re: Nope (Library of Congress)

        Does the Library of Congress also suck in all the badly-written and badly proof-read eBooks that Amazon is flooded with? If not, then one of those would be a good place to start.

        1. Charles 9 Silver badge

          Re: Nope (Library of Congress)

          Amazon is based in the US. The plods can get to those easily enough.

      4. Prst. V.Jeltz Silver badge

        Re: Nope

        i thought the public/private key thing got round the problem of key exchanges entirely?

      5. tiggity Silver badge

        Re: Nope

        Too much processing - and it assumes you know how their book code is operating (lots of variants in how you give the reference to the particular word - just using an arbitrary (number "wrap around" logic instead of actual page) agreed between the communicators chucks a huge spanner in the works).

        Or there's (as alluded to earlier by FT reference) conspirators use a rotating series of freshly published magazines / newspapers instead of a "static" publication.

        Book codes are still good (even more so if codes are "hiding in plain sight" via stego methods and so may easily not be spotted)

        Frankly if I was a major crook, terrorist etc. i would not be using mainstream "apps" to communicate anything sensitive - back-dooring popular apps would only get the low hanging fruit, not the really dangerous communications.

        1. Doctor Syntax Silver badge

          Re: Nope

          a rotating series of freshly published magazines / newspapers instead of a "static" publication.

          Or comments n a forum.

          1. Loyal Commenter Silver badge

            Re: Nope

            Or comments n a forum.

            Take the thrid letter of the second word of the fifth sentence of...

            "This post has been deleted by its author"

      6. Anonymous Coward
        Anonymous Coward

        Re: Nope

        There are a few examples of "rainbow" data storage on paper. I forget which one it was I saw a long time ago. Printer + scanner are your friends... oh, and hope it does not rain on post days. XD

      7. Inkey
        Facepalm

        Re: Nope

        That's where a cunning linguist would come in, to place 8 or 9 juici bits (or use a programmatical approach... Say the library of Congress)... Just give it a really expensive amount of choices to make..

        Its not like they can track everything.... Oh wait.. My bad

    1. This post has been deleted by its author

  1. IGotOut Silver badge

    Why is everyone so mad?

    The USA can have their own broken encryption (remember the fiasco when they banned exporting strong encryption technologies) and the rest of the world, including those brown people that they hate so much, can carry on using the good stuff.

    1. VikiAi
      Unhappy

      Re: Why is everyone so mad?

      I think everyone is mad because the US has lost its place as a tech-stupidity leader to Australia in this case.

      1. el kabong

        US and Australia are engaged in a close fight

        each fighting hard to outstupid the other. The outcome is uncertain, bets are off.

    2. Charles 9 Silver badge

      Re: Why is everyone so mad?

      What's to stop the US from moling all the other stuff and making them useless as well. Plus there's the China angle. Is everyone else prepared to take their sensitive electronics in-house?

      1. Doctor Syntax Silver badge

        Re: Why is everyone so mad?

        "What's to stop the US from moling all the other stuff and making them useless as well."

        Contrary to common US opinion they don't rule the world. The only effect would be to make the products of US-owned corporations unsaleable elsewhere. As I keep saying, if US politicians achieve what they keep aiming for their tech industry will relocate itself wherever there's a tech-friendly government* leaving local franchises to sell broken products to the US market.

        *Yes, there would be such things. In fact there'd be strong competition in this field just as there is in tax at present. The rewards would be huge.

        1. Charles 9 Silver badge

          Re: Why is everyone so mad?

          But high barriers of entry AND no guarantee they aren't moled, either.

          "Contrary to common US opinion they don't rule the world."

          Or that's what they WANT you to believe when they're actually pulling a Rothschild and simply controlling things from BEHIND the scenes.

          1. Loyal Commenter Silver badge

            Re: Why is everyone so mad?

            Would that be Vladimir Rothschild?

        2. Reg Reader 1

          Re: Why is everyone so mad?

          @Doctor Syntax

          More and more countries are moving in the direction of dictatorship. They'll all want a piece of that equipment.

    3. Reg Reader 1

      Re: Why is everyone so mad?

      I suspect it's steps toward sowing fear into the free think people amongst the populace. Nothing to do with what is a crime now, but what may be a crime in the future. Like saying anything derogatory about a member of Government, especially a Trump.

  2. Queeg

    Life imitating art...

    https://www.imdb.com/title/tt0387808/

    .

    .

    .

    still waiting for that sarcasm icon guys.

    1. Anonymous Coward
      Anonymous Coward

      Re: Life imitating art...

      I just wonder how many more centuries of inbreeding* it would take to make Trump the smartest one.

      * That's what I call limiting the genetic stock to white people only.

  3. Mark 85 Silver badge

    Add a rider to the bill for this....

    Simple and will cost the government a small fortune. If the government approved encryption is hacked, your bank account cleaned out (or other injury in the legal sense caused), the government is responsible for costs and penalties.

    Wait... the government won't agree and won't pay. F*** it. Just say no to Barr's plans.

    1. Flocke Kroes Silver badge

      Re: government is responsible for costs and penalties

      Stop thinking about it as government money. It is tax payers' money.

      If Barr wants warrant breakable encryption he can hire people to code it with his own money. I will even let him accept (taxable) donations for his cause. He can then demonstrate its security by using it for all his bank accounts and business transactions. He can make the entire security community eat crow by demonstrating secure warrant breakable encryption is possible.

      1. Charles 9 Silver badge

        Re: government is responsible for costs and penalties

        The truly rich don't put their real money in bank accounts. They hold it in real estate and other appreciable tangible assets that also are harder to tax as long as they're simply held and not traded (most taxes on assets hit upon sale, not while holding--it's part of the Tax Planning 101 strategy).

        1. Doctor Syntax Silver badge

          Re: government is responsible for costs and penalties

          Never mind his assets, just make him an accessory to any wire fraud that happens in consequence.

          1. Charles 9 Silver badge

            Re: government is responsible for costs and penalties

            Nope. He's in a position that he can turn the them around and pin the accusers with direct terrorism charges AND have corroborating evidence manufactured to suit.

        2. Niarbeht

          Re: government is responsible for costs and penalties

          Which, by the way, should be a hint to everyone reading as to why the opposition to a wealth tax is so strong.

          1. Charles 9 Silver badge

            Re: government is responsible for costs and penalties

            No, it just doesn't make sense to pull off. Value is relative, and smaller governments have a hard enough time assessing real estate taxes without getting disputes and court cases. Plus they can employ degrees of separation (such as trust funds) to put some distance between their assets and the tax man. As a last resort, they can always target the tax agencies themselves.

  4. jonfr

    Other countries

    Just watch other countries not give a dam about what happens in the U.S. This stupid ignorant people are just about to ruin current dominance of U.S Technical companies and that means competition is going to appear rapidly and it's going to be encrypted*.

    * Unless you happen to live in the following countries.

    - Any country with a dictator.

    1. Anonymous Coward
      Anonymous Coward

      Re: Other countries

      "Just watch other countries not give a dam about what happens in the U.S."

      Unfortunately this isn't true. Many supposedly democratic countries have tentatively suggested similar things, but they still back away because nobody wants to be the first one. But once some examples exist, they others will jump on the bandwagon. All governments would love to know everything about anyone, just in case they might need it. It's all about power, and there are a lot of utterly frustrated closet dictators out there...

      1. Anonymous Coward
        Anonymous Coward

        Re: Other countries

        Many supposedly democratic countries have tentatively suggested similar things, but they still back away because nobody wants to be the first one. But once some examples exist, they others will jump on the bandwagon.

        It will take exactly ONE mass hack to disabuse them of that notion (and they had that already, WannaCry and Stuxnet were prime examples of what will happen when the backdoor becomes an open door). The problem with everyone using COTS is that they will inflict this problem on themselves too or face FAR greater costs to keep things safe. Given that they can't even manage with current, almost safe facilities because their core vendor isn't exactly known for having a clue they then might as well publish everything they do, accidentally promoting the sort of transparent governance they have been desperate to avoid so far.

        Hmm, now THERE is a benefit: maybe we ought to ban strong encryption in government alone.

        1. Charles 9 Silver badge

          Re: Other countries

          But they're the government. They can always CHANGE the laws.

          1. Doctor Syntax Silver badge

            Re: Other countries

            The people they allegedly want to get at ignore the laws.

        2. Sir Runcible Spoon

          Re: Other countries

          Even if the continue to allow big business to use stong encryption, what about 3rd party suppliers/contactors who have access to sensitive data? Do they also get to use strong encryption or will Barr just accept there are holes in every bucket from now on?

        3. ThatOne Silver badge

          Re: Other countries

          > It will take exactly ONE mass hack to disabuse them of that notion

          Why? It will be "collateral damage". An "unfortunate incident", and that's all.

          You have this strange notion that peoples' wishes and decisions have something to do with logic and causality. Thousands of years of human history have proven that it isn't true, and people rarely chose the sensible solution. They chose the solution which, at that moment, seems to warrant the biggest release of endorphin.

  5. GrumpyKiwi

    Grumpy

    Mummy is grumpy that she can't read your secret diary anymore boys and girls. Surely you want mummy to know how many times a day you're pooping and whether you're a scruncher or a folder and whether you like mummy or not. You selflish little brats. How dare you hide things from her.

    1. Andrew Moore

      Re: Grumpy

      Mamma’s going to make all your nightmares come true.

      Mamma’s going to put all her fears into you.

      Mamma’s going to keep you right here under her wing.

      She won’t let you fly but she might let you sing...

      1. Niarbeht

        Re: Grumpy

        Mamma, should I build the wall?

  6. Colin1000

    THE LIES

    And all you American fools believe that China is the enemy when it is your own government.

    1. VikiAi
      Alien

      Re: THE LIES

      And all you human fools think that other people and their governments are the enemy...

    2. georgezilla

      Re: THE LIES

      No, actually I don't believe that at all.

      On any given day, at any given minute, all I have to do is to listen to whoever it is from the Trump Administration that is speaking,

      And all doubt vanishes.

    3. StargateSg7

      Re: THE LIES

      "... And all you American fools believe that China is the enemy when it is your own government. ..."

      ---

      AND THAT is why we have our friends Smith & Wesson, Remington, Colt, Armalite, Glock, and H&K to GUARANTEE that any government official STUPID ENOUGH to try this stunt gets a nice whack to the head applied by said friends! We can ASSURE YOU THEY WILL NOT be trying that stunt again!

      I can ALSO ASSURE YOU there are MORE THAN ENOUGH OF US to ensure such antics are PUT DOWN with extreme prejudice!

      .

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021