Sounds like the NSA...
Really would like Cameron to be POTUS....
“Give me your tired, your poor, your huddled masses yearning for an iPhone, and we'll give you an encryption master key” seems to be the dream of the National Security Agency (NSA). The NSA's latest thought bubble, floated in front of noted cryptography journal The Washington Post, is that a “master key” for all products …
Vulture South can't wait to see the tech sector's response to these ideas.
Get fucked, would sum up the response from this particular part of the tech sector.
I have rarely heard such a stupid idea. Every device from every manufacturer in every county? Who would all then want their own set of keys. Quite apart from the technical implausibility of getting keys onto all hardware, all the user would need to do is run their own encryption on top and you're right back to where you are now. Apart from (I suspect) a good few billion quid lighter in the tax budget.
"yes in theory, but this cunning plan relies on the fact that most users aren't savvy or motivated enough to do that..."
And if you walk around a bad part of town and do not know self-defense (or are not self-defense savvy or motivated, as it were), their problem.
You either are or are not savvy. Those who take the time to become [savvy] have an advantage. It's the same everywhere - Finance, job, relationships, etc. Too bad for them.
"this cunning plan relies on the fact that most users aren't savvy or motivated enough to do that"
Not really. I'm pretty sure that the intenet would come up with a few point-and-click solutions for the less technically-inclined.
There's 4 elephants in the room for this NSA chap:
The first is that my data is mine. This assumption that a thing that is mine also belongs to someone else is colossal arrogance on the part of the NSA. Attempts to take what is mine by force will meet resistance. And talking of arrogance...
The plan falls apart as soon as other countries become involved. It seems to be a peculiarly American failing to completely forget that countries other than America exist. Other countries would (of course) want their own set of keys; thus turning the idea into an instant clusterfuck. You either end up with every country having their own set of keys (and I'm not sure if this is even possible; but I'm pretty damned sure it's not possible to do it safely); or you refuse countries, in which case you get entire countries resisting the data-rape.
This is a world where -with all the illegal data-hoovering that the public is still largely unaware/uncaring of- schoolgirls can still get from the UK to Syria undetected. Charlie Hebdo. Etc. So with all the advantages in the world; the spook agencies are just not doing the job. Giving them more powers is extremely unlikely to make any of us one whit safer. Speaking of safety...
The keys *WILL* come together and be leaked at some point. It is inevitable.
"The keys *WILL* come together and be leaked at some point. It is inevitable."
They always seem to forget (or conveniently ignore) that's there's always someone eminently corruptible in just the right place if the price is right. With ever larger amounts of money concentrated in ever fewer places, the rest is indeed a foregone conclusion.
For bonus points if you ever get the chance, ask them:
If non-US companies can be forced to make life easy for the US how does this not open the door (front, back or any other sort you'd care to name) to the same thing happening in either Russia or China when it comes to companies there dealing with data originating from the US?
This post has been deleted by its author
Seeing how it was that very same NSA which contrived and vigorously extolled those (almost universally demonstrated to be BORKED) primitives, which the entire mechanism of the "5 eyes" then crowbarred into just about every international protocol in existence, while simultaneously suppressing other (better) primitives, I can't help feeling that this "polite request" is *nothing* more than post-Snowden damage control theatre for goldfish and the braindead.
to develop non-US based encryption technology, using non-US hardware, running non-US owned OS'es.
The spooks just care enough to totally destroy their own countries economy, to help the rest of the world. They really do care that much, it is not about spying on everyone, it is about helping the rest of the world have freedom (from America).
Interesting.
While I'm sure the intent of this oh-so-gloriously-public spookgasm was to pretend by implication that they don't already pwn the lot of it. Contrary to the Snowden "revelations". You're suggesting that all this astonishingly raucous splashing and flailing is just making their situation worse? Fanning the flames?
Damned if they do...
Github already hosts some forks of well known encryption libraries for users in the Middle East and I've read reports that the Syrian opposition uses modified open source programs to communicate as they cannot trust anything developed in the west. So I fail to see how this most ridiculous of ideas is going to help. Indeed how are these people even employed coming up with such stupid ideas.
Our world wide web is becoming more segregated by the day.
I get it - better 'legitimate' security bodies use approved known methods to access devices than continue the arms race of encryption and backdoors. And yes, I'd prefer it if they worked within a rigidly defined legal framework with proper scrutiny and, subject to a time delay,public review.
BUT. Until these bodies are subject to true scrutiny and working in a legal framework, I don't trust NSA, GCHQ or any similar agencies not to misuse the data collected.
I agree they need scrutiny by an independent organisation, but I trust the people working in these agencies more than I trust the politicians in charge..
People working in GCHQ are after terrorists and real bad guys.. .
Politicians are after votes no matter how dumb their ideas are....
You mean you Trust politicians MORE than people working at GCHQ?
They are both un-trustworthy, but surely politicians are worst, since it is their fault that people at GCHQ do what they do.... And if Theresa May & Dave had their way, nothing would be secret....
I never said I trusted them very much....
If I were in charge of overseeing NSA & C. I would be very, very worried, because they are basically admitting their intel abilities are now wholly unable to find anythning but using a dragnet approach. It's pretty clear that their spies, under cover agents, agents, investigators, analysts, etc. are people without any clue and just hope to find an "enemy" by pure chance gathering any data they can and hoping for the best.
Moreover, if they start to rely and sleep happily being able to access US made devices, they will find themsevelve wholly unprepared when an opponent with the proper skill and technology will implement its own protection, and the US will have lost any skill to counter those threats - well, it's no new that the US always entered any conflict unprepared and with outdated, wrong, and often ill-designed devices and weapons. Complacency is always your worst enemy.
I would be very, very worried NSA & C. are stubbornly chasing the easiest way, it means its commanders are unable to front the new threats and are desperately seeking for some fingers to hide behind. Probably the only reasonable action would be to fire them all, and find someone who's really got a clue about the new environment...
I think the point is that NO ONE has the complete master key because no one firm controls the whole thing. It's like a key split into five pieces, ALL of which are required to work the lock. It seems it would basically take FIVE Snowdens all working in concert (which increases risk exposure) to find the correct five pieces and put them all together.
except of course those 5 pieces will need to be put in one place at some point, to use it. What keeps the spooks from remembering the 4 other pieces exactly? It's not like a bunch of characters can be copied ...
Not to mention, it'll have to be all there in the devices. Not like we ever heard of someone extracting keys from hardware. DVD and blue rays are still impossible to copy, right?
That implies that what they say is what they want. More likely they publicly and piously proclaim they've spilt the key, then pool their portions and copy them around in private so everyone can enjoy the fun whenever they want. Honesty hasn't been much in evidence thus far after all.
I don't think they mean a single master key for all devices, more likely they mean each device will have its own unique key which will then be broken up and stored in separate escrows. Either way its still a terrible idea. It will produce a honey pot effect with both foreign and domestic intelligence agencies doing everything they can to gain access to the individual escrows
If there's a master key available, it will be compromised. Perhaps a better idea is for the industry to not have any encryption, any firewalls, any protection. Period. Then these agencies will have an easier time spying on everyone including the "bad guys" (for some value of "bad"). But then some agency (or perhaps the existing ones since they would know everything, everywhere that's going on) would have to take out the spammer's, miscreants, etc. no matter where in the world they are. Simples... After all, isn't these agencies goals "to keep us safe"?
Now where's the cynical, cranky, old git icon?
"But then some agency (or perhaps the existing ones since they would know everything, everywhere that's going on) would have to take out the spammer's, miscreants, etc. no matter where in the world they are. Simples... After all, isn't these agencies goals "to keep us safe"?"
A chorus of Spooks: "But, but... Then we'd have to do our job and do real WOOOOORRRRK! {WAAAAHH!} Work is too hard!"
"the spook agencies are just not doing the job"
They are. All the plots that they thwart involve some "undercover" agent encouraging/urging/helping the perp to commit the crime that was thwarted.
"Politicians are after votes no matter how dumb their ideas are...."
I don't think any politicians, judges, or other public figure are free agents anymore. The intensive, all pervasive surveillance that has been going on these past years has made them all subject to blackmail by the "security" services. The exception being Dutch MEP, Sophie in 't Veld, who either has no skeletons in her closet or she doesn't mind letting them out. Once upon a time, politicians in opposition would vigorously oppose legislation that eg allowed the government to spy on its own citizens - even though they themselves would try to bring in the same legislation when they next come to power. Now they don't even make a token effort of opposing.
These security services are probably the only people/organisation capable of stamping down on something as multi-headed and nefarious as things like child abuse imagery and spam. They could really be earning their dollars.
We work in the tech field (well, you do, I don't really work at all), and we know that it is indeed possible to 'backtrace' someone if you REALLY REALLY want to. And time again they show this to be the case. Someone pisses the wrong person off and et voila Rodders, fait accompli pour vous mon frere! </delboy>
You think 'how the cat in hell's chance did they catch that bloke'. And they don't say, of course. But when you reverse their strategic capability, it can be pretty impressive. Sometimes. Other times, not so much.
We all know the game. They aren't interested in improving quality of life for children caught in a hell hole, or even slightly improving our quality of life by removing the main pushers of spam (just two examples previously given), they just want dirt to dish, just in case. Don't stick your head above the parapet, coz once you are on their radar, you are pretty much toast. Behaviour modification at its finest.
And they want more. Never mind as my learned friends have pointed out, not only is it technically unfeasible, but it's just totally god damn unworkable. But they keep pushing. Pushing. Pushing. Never happy, even with the blatant data-rape they already have. Like an addict. When will they stop.
It's going to reach a point where people say 'alright - just shut up - have the keys to my house/computer - do what the hell you like - just leave me alone', which is what they want. Anyway, they don't care what we think and I agree with the earlier poster, this is probably just another smoke screen. They probably have everything/everywhere/everyone real time on their big screen anyway. It's not like there was ever a real debate on this. Or that they listened to anyone but themselves from the start. They just do what the hell they want anyway. They probably even have a snappy name for it 'The Martini Doctrine' or something else worthy of a Michael Caine film (got to be better than, what was it? Fanny!).
And somewhere in the world tomorrow a little girl or boy will have their lives ruined _again_ for the nth time, for some lost impotent soul to gain some kind of pleasure from, and they will be going through your wife's titty pics and your dick pics (as snowden put it). And the wheel turn around.
This isn't about making the world a better/safer place. It's about power/control and the maintenance of the status quo. And they know we know that, but they turn the thumb screw another half turn with ramped up hyped hysteria about 'think of the children' for the dumbed down masses. They don't give a fuck about the children. These people have the power to pull the plug on these fuckers, but they won't get off their arses to bust a move.
They already have more than enough to make a real world difference in this life. Hell yeah, backtrace that IP mofo, send in the black hawks to gulag 17 flat 32, flashgrenades and smashed windows shock and awe, all televised real time. I'd pay for it - that would be one channel I would subscribe to. I think this is the appropriate point to quote one John McClaine - we're cleaning up this town, kind of thing. But then I wake up, time for another dose of Largactil, unable to move with my arms strapped to my chest, and realise it was all just a beautiful dream. The world won't be saved today. The real heroes are too busy fapping over tit/dick pics.
What have we become?
Nice summation. Have an upvote. At some point, even us tired, cynical, old gits will just give up and toss our keys to whatever kingdom we have and say.. "it's yours. Have a ball." Then quietly pack our bag, turn off the lights and go fishing in a quiet stream.
"... a “master key” for all products running encryption should be created, split up, and distributed among several agencies."
Ahh, the 'one ring to bring them all and in the darkness bind them' strategy. I wonder who gets to play Sauron?
I wonder if these clowns have any idea how increasingly ridiculous they look every time one of them opens their mouth. The only way they can stoop lower is if they hire Labour's Andy Burnham as a spokesman.
>"The idea seems to be that only when all the agencies holding portions of a key decide to use it together will decryption become possible."
Yeah, right, sure that's what would happen.
Except that as we all now know, the NSA has spent the past who-knows-how-many years stealing every single key they can get their hands on.
Do they really expect us to forget that and believe that they won't have all the pieces of the key pretty much from the word go?