back to article FTC gives FBI the finger over govt backdoor encryption demands

The US Federal Trade Commission (FTC) has fired a second shot at the FBI over its demand for backdoors in encryption systems. Following a blog post last month by the regulator's CTO in which he outlined why he was glad to have strong firmware encryption after his laptop was stolen, today FTC Commissioner Terrell McSweeny has …

  1. Mark 85 Silver badge

    A voice in the wilderness....

    Sadly, the points won't be taken seriously by anyone writing regulations or laws. But, she deserves a pint for speaking out.

  2. Anonymous Coward

    Been there. They've done that.

    Some (internet) time ago, we had two different encryption regimes allowed. The local one (US) and the everyone else one (international) one. The extreme "oops!" we keep seeing (beating our head with a sledgehammer about) lately is we had a provision to switch between the two. Rather than attack the hard encryption, attackers tell a computer to stop using that "unhackable" procedure and use the difficult then, easy now encryption. Or to put it in simpler terms, a feature in the past is a (drive a truck through it) bug now. What makes anyone in government, even the vaunted NSA has blind spots as above, think that a 'front door' won't bite us in the ass and become a back door.

    Humans don't handle complexity well and have never done the 'plan for the future' aspects even minimally decent. That's why we have developed so many bog simple financial planning instruments that have at least a modicum chance of working. Other examples can be found throughout history, provisioning a granary, vaccines.... Every expert with a proven track record agrees this almost certainly can not be done. And every expert that the NSA consults with (to my knowledge) says the same thing as well.

    So. There we are posised on the dialectic of which of these things to do: front door or no. I can't discern a workable synthesis here; I could be wrong. As well as the people whose reputations, and very livelihoods, depend on this topic (e. g. Bruce Schneier).

  3. Mephistro Silver badge

    The bad guys will just select a non back doored encryption system

    The rest of mankind will get totally pwned in no time.

    And the time between the creation of the front/back door and criminals using it for their own purposes will be a few weeks at most, unless TLA's know a fail proof method to identify rotten apples in their staff, which strong evidence suggests is not the case.

    The only explanations for security agencies promoting this crap is that a) they're stupid, b) they're criminals themselves, or c) they're both fools and criminals.

    1. elDog

      Re: The bad guys will just select a non back doored encryption system

      And the "bad guys" have motivation ($$$) to break whatever system the "good guys" (beltway bandits and gov't hacks) put in place. Actually, the "good guys" probably want their security broken so they can sell more of it to the chumps (the taxpayers.)

      Besides, why does anyone need encryption? If the gov'ts have nothing to hide....

  4. Mage Silver badge

    IF the US adds backdoors

    Then US products are dead.

    1. Anonymous Coward
      Anonymous Coward

      Re: IF the US adds backdoors

      Which also applies to any sniff of a suggestion it's being done on the quiet. I'm sure a lot of people will be paying very close attention and taking rumours more seriously than a few years ago if their trade secrets depend on it.

      1. a_yank_lurker Silver badge

        Re: IF the US adds backdoors

        Unfortunately, I am almost certain some very common proprietary products contain backdoors.

    2. MachDiamond Silver badge

      Re: IF the US adds backdoors

      Apple is fighting this one not for their customers, but the the product group that contributes the most to their bottom line. If IOS is compromised by a backdoor (security flaw), the company's stock will drop like a brick as customers switch to another OS.

      It might be a good time for Apple to encourage developers in a tiny off-shore country to create strong encryption apps to market in the AppStore. Apple could then capitulate and encourage users to purchase (at a stupid low price) a third party application that does the same thing.

  5. Anonymous Coward
    Anonymous Coward

    All I can say... good luck with that.

  6. Adam 1

    > exceptional access systems are *themselves* security flaws

    FTFY (yes I know it is a quote)

    There is no such thing as mathematics that only works when the good guys are doing it. There is also the little thing about whether the good guys are truly as benevolent as they wish to believe.

  7. Mark 85 Silver badge

    How many postern gates does a computer need?

    We have one that government wants in the system, There's the idiot in the chair hitting "yes.. download and install that XXXXX (fill in name) video I was just emailed. There's a few here and there in the network routers and firewalls. Then there's the unknown number of built-in openings in the OS and apps.

    The more I think about this, will one more hurt? Yes. Ecryption is the big one. It's key to the magic kingdom of data, emails, etc. Encryption done right would make the rest of the posterns useless.

  8. This post has been deleted by its author

  9. Tubz

    Wonder if the FBI/NSA will be showing the FCC some home movies, to help change their minds.

  10. Chronic The Weedhog

    Ultimately, this will backfire.

    Hackers, terrorists (not lumping the two together, just listing), and other cyber-criminals will simply use illegal encryption methods again, no different than they did in the era of bans on cryptography exports (1990s).

    Those who don't want to bother, but are still concerned about surveillance will in many cases stop using digital communications altogether, embracing the adage made famous by the film "Enemy of the state", in which it was said by John Voit, "pretty soon, the only privacy you'll have left is what's in your head... and maybe that's enough".

    I personally know people who have left the net entirely since the Snowden Disclosures. Some of them have sworn to never return until they have quantum cryptography to keep *all* elements out of their systems, forever. Personally, I make a living from my tech knowledge, so I'm here to stay. But this should be something that should concern the feds more than cryptography, is the possibility that if they keep pushing, they'll just scare away the people that they're trying to catch, that those people will go underground and never be found.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020