There is no constitutional right to sell warrant-proof encryption.
Who said anything about sell?
Continuing the US government's menacing of strong end-to-end encryption, Deputy Attorney General Rod Rosenstein told an audience at the US Naval Academy that encryption isn't protected by the American Constitution. In short, software writers and other nerds: the math behind modern cryptography is trumped by the Fourth …
Actually, there is. Since the right to own a gun is a 'strictly interpreted' constitutional right here in the US, all contributory rights are similarly protected, including the right to sell a gun, because prohibiting that right would infringe on the right to own a gun, as you can't own a gun if you can't buy one and you can't buy one if nobody can sell one. There's been actual court cases on this, the last one on gun ranges in Chicago, for instance.
Anyway, I'd guess that, if the right to encryption is considered protected by the first amendment, the right to sell such encryption would be protected as well, as the first amendment right is also 'strictly interpreted'.
"And still the 2nd amendment is about generic "arms" - not firearms- a sword or a bow should be enough…"
One has to go back to why the right was put in to start with and that was to prevent government abuses. If it ever became necessary to protect oneself agains the military, bringing a knife to a tank battle is a good approximation. I don't advocate the automatic weapons and grenades be sold to the public, but reliable and accurate firearms are fine by me. Full auto is usually a waste of ammo and used mainly to keep heads down while soldiers advance across defended territory. The cat's among the pixies so there is no use crying for a perfect world that doesn't have firearms.
This post has been deleted by its author
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
I think the 9th Amendment does provide a right to sell bread as I believe the intent of the Constitution was designed to place limits on the power of government, not the people.
I also fully support D.A.G. Rod's right to speak his misinformational opinions as he is easily refuted by the TSA lock backdoor debacle which completely avoids topics that are far over Rod's head, like mathematics. In fact the more Rod speaks, the easier he is disprove. Seriously, "scanning of content, like your emails, for advertising purposes"? Rod's one funny fellow!
I can see his point of view. Even the US Mail is not impervious to snooping. However, if encryption is backdoored, then not just those "authorized" can open it. There in is the conundrum. For some reason, he believes it's possible and I have to wonder who told him it is. Since he's a lawyer by trade, I doubt he has any clue technically of which he speaks.
if encryption is backdoored, then not just those "authorized" can open it
It is even worse, because the number of governements with access to "authorized" backdoors would be large: If U.S. succesfully demands backdooring, most other governements will follow suit. Information about the backdoors will inevitably leak. At that point we might just as well not bother with any encryption products, they would not really protect anything. People with secrets would use homebrew or "underground" code, and hide its usage with steganography.
If encryption has a backdoor known only to the US government, they can read the information of anyone in the world who uses the software. If it is known to other governments, they can read the information of US users. Who is going to use such software?
Actually it's simple - they just pick the answer from the Magic Technology Tree that can provide them with anything they want, even if it's logically impossible.
And if the nerds say it can't be done, just keep kicking them until they agree to do it. Ignore all this rubbish about 'the real world'.
I have said it before, will say it again: One-Time Pad. Not easy to get the key through to the receiver, but certainly not impossible. If I send one-time pad encrypted messages over encrypted or unencrypted comms channels, nobody can crack it. If I send such a high entropy stream hidden in the noise bit of some inane video of cats/dogs/goats/drunks nobody will know it's there.
So yes, I may not have a constitutional right to do this, but there is no way to forbid, or even police this. Given that one-time pads have been known for a long time, you cannot argue that end-to-end encryption methods (which can be cracked, but require loads of CPU grunt) have changed matters fundamentally (well, of course they can argue that, but they would be WRONG).
I have said it before, will say it again: One-Time Pad. Not easy to get the key through to the receiver, but certainly not impossible.
BTW, "Warrant-proof encryption" can include these.
So, by my figuring, "Warrant-proof encryption" has been around since 1882 (or 1917 at the latest - 100 years ago). Another asshat govt offal knows not of what he speaks.
I used to think that.
But no longer.
These people simply don't care if this makes every US computer a massive treasure trove if such a system is mandated.
Their "right to know" trumps everybody else right to privacy.
At least inside their own heads.
It's not a sane policy. It's a personality disorder
I agree. He isn't saying anything unreasonable. Simply that being able to search suspects (whether physically or digitally) WITH A WARRANT BASED ON PROBABLE CAUSE is part of the rule of law, and isn't some newly made-up attack on privacy. On the other hand I fully support everyone's right to privacy, and the importance of strong encryption.
Here's the thing - It used to be the case that in the physical world, using warrants to force physical access (backed up with coercive force where required) was a well-worked out system with checks and balances that (mostly) worked well to balance privacy and law enforcement concerns. Encryption technology has borked that balance by rendering ineffective the coercive force to back up a legal warrant (in other words, law enforcement cannot brute-force unencrypt suspect's data if the suspect is not cooperative to the warrant). So it's not possible to balance these interests anymore. Either encryption works, in which case law enforcement loses a powerful tool, to the detriment of well-functioning society, or else encryption does not work (which is the net result of any backdoor), also to the detriment of well-functioning society.
No easy solution here
> It used to be the case that in the physical world, using warrants to force physical access (backed up with coercive force where required) was a well-worked out system with checks and balances that (mostly) worked well to balance privacy and law enforcement concerns. Encryption technology has borked that balance...
I would agree with most of this, but actually I believe the wide-spread use of encryption isn't what has borked the system. That was the wide-spread use of domestic spying, tapping every phone line in the world, eves-dropping on every conversation, and data mining every single electronic communication.
Wide-spread use of encryption has been a direct reaction of the tech companies to that (following the Snowdon leaks), and has not broken the balance, but helped to restore it. Remember how the spooks still managed to break into the single iphone, in their physical possession, in the San Bernando case? That is how things used to work, and is clearly acceptable.
Nobody every opened every single envelope to read and catalogue every bit of physical mail sent. Why should they have the right or ability to do that now?
Nobody every opened every single envelope to read and catalogue every bit of physical mail sent. Why should they have the right or ability to do that now?
Well-said, Sir! You've managed to summarize the entire argument in two simple sentences.
All lawmakers and government spooks should read and understand them.
They do not have the right to do more than they could do back when mail was sent on paper and a warrant was required for its interception. Since nobody has repealed laws requiring a warrant, interception without one should be penalized appropriately.
So from a two-sentence summary of the case against back-dooring encryption we have now progressed to a two-word summary. (Our friend FW may actually be the only case in history of this sort of thing and the resulting society is a text-book example of what the Founding Fathers didn't want for the US.)
But he didn't monitor ALL communication. Only that to/from a specific person. Something easily permitted with a warrant.
IIRC, he monitored quite a lot of communication between various people. At the time, there wasn't really the concept of having a warrant to do this.
If you want a more recent historical example of mass-interception of physical communications, I would encourage you to visit the STASI museum in East Berlin, housed in the actual headquarters of the STASI (also used for the rather good cold-war drama Deutschland 83).
I would draw your attention to the room on the first floor (second floor if you are American) where they have a section about how the STASI did exactly what is being described, along with examples of the steamers they used to routinely open the mail of ordinary people.
The STASI were a perfect example of this sort of surveillance taken to the absurd extreme. Some people seem to think that rather than being a warning from history, they should be held up as an paragon.
...just to add a little more, to illustrate that history is littered with examples...
From the wikipedia page on the Royal Mail:
In 1653 Parliament set aside all previous grants for postal services, and contracts were let for the inland and foreign mails to John Manley. Manley was given a monopoly on the postal service, which was effectively enforced by Protector Oliver Cromwell's government, and thanks to the improvements necessitated by the war Manley ran a much improved Post Office service. In July 1655 the Post Office was put under the direct government control of John Thurloe, a Secretary of State, and best known to history as Cromwell's spymaster general. Previous English governments had tried to prevent conspirators communicating, Thurloe preferred to deliver their post having surreptitiously read it.
Perhaps why they fled to "The New World" in the first place?
Perhaps if more people asked what they would have thought of these "protections" (of the state, not the citizen) they might not be so popular.
It's still possible to eavesdrop on a suspect - you compromise the device they use and you can read everything they do before it is sent. It's well known that intelligence services have a wide range of tools and exploits for compromising endpoints. But you can only do that in a targeted way (just as you only ever had the resources to wiretap a few people in the old days). What you can't do is read *everyone's* messages that way. Backdooring encryption remains a terrible idea for many, many reasons.
>Either encryption works, in which case law enforcement loses a powerful tool, to the detriment of well-functioning society, or else encryption does not work (which is the net result of any backdoor), also to the detriment of well-functioning society.
I take your point - but if an encrypted message is the only evidence against the criminal, there isn't much of a case against him. Nearly always, it's just one element in a kaleidoscope of pointers. Which means that investigators nearly always have alternatives, if encryption holds firm. On the other hand, if encryption fails, a great many other things fail along with it - and there are no ready alternatives available.
The fact is, this desire to crack encryption isn't about acquiring evidence against a target - it's about identifying possible targets. It's the equivalent of breaking into all the homes in a district, because you think one of them is harbouring criminal activity.
<profanity filter off>
</profanity filter off>
Every jurisdiction I know of makes failure to hand over passwords or encryption codes under a search warrant issued in that jurisdiction a crime.
So (maybe) do jail time if you hand over or definitely do jail time if you don't.
If you've got enough evidence to get a warrant you can definitely put someone in jail regardless of their crypto, and if you've got the computers still on you can probably find the keys in memory.
They want warrantless spy-on-demand snooping, regardless of the danger to everyone's privacy and money.
Yes and here is the real difference, in a supposedly civilised society you cannot beat the shit out of someone (physically, mentally or chemically) to get the key. You can chuck them in jail but the likelihood is that is a minor inconvenience to them if it as a genuine major crime. I don't know what the tariffs are for failing to provide information to the relevant authorities with a court order, but it is probably a lot less that 20 years in the clink.
I am sure there is always some agency somewhere but in the end it would simply turn into another scandal. In less fussy countries those unfortunate enough to not hand over an encryption key will simply disappear after a lot of effort has been expended.
We live in The Golden Age of Surveillance, yet the hallucination/lie of "going dark" is met by some with anything other than derisive laughter. I have no idea if Rosenstein realizes he is really arguing for the apotheosis of Stazi monitoring, but investigations will not become impossible anymore than good op-sec by La Cosa Nostra prevented the eventual destruction of the American mafia by the FBI and friends.
"Either encryption works, in which case law enforcement loses a powerful tool, to the detriment of well-functioning society, or else encryption does not work (which is the net result of any backdoor), also to the detriment of well-functioning society.
No easy solution here"
Tie goes to the runner. In a case where there might appear to be equally valid arguments when it comes to a person's rights, the person, rather than the government should be assumed to have the Right.
While politicians are still banging on about the need to access encrypted products then that is a good thing as it means they've haven't broken it or feel they are unlikely to break it anytime soon.
As soon as they go quiet on the subject and 'admit defeat' is when you should consider whether that encryption is still effective or not.
Simple, let the US do it and then when they world and their dog get access to everything the US publishes in digital format, then perhaps we'll finally start to get some sense from the fecking idiot politicians. The second their entire lives are splashed all over the media because it was a piece of cake to open up their private online datastores, then I'm sure things will change double quick!
US Mail may not be impervious to snooping but it's also a lot more difficult to automatically scan to see if the contents are encrypted which is often the trigger for raising suspicion. If a letter is encrypted, say with a one time pad or other fairly secure method, there isn't much the government can do about it should it be discovered. Likewise, one could encrypt the contents of a safe and the government would be in the same position.
The real complaint is that encrypting the entire contents of one's safe is laborious so people won't do it and most won't even bother with the safe. On the other hand encrypting the entire contents of a hard drive or mobile phone is now very easy but decrypting it is still nearly impossible. I also think he does have at least a small clue but he's being cagey and presenting it as if he's only asking for keys to the safe when in fact he's asking for much more. It's a clear case of a little knowledge being a very dangerous thing so while he knows how to light the match he doesn't recognize that we're all standing in the same pool of petrol.
This post has been deleted by its author
of criminal wrongdoing was totally impervious to detection"
Doesn't the 5th make lots of evidence in people's heads totally impervious to detection? Or does he want legal torture as well?
Reality is weak or backdoored encryption isn't going to help him. It enables mass surveillance of everyone for the sake of making criminal's and terrorist's lives a bit more complicated because they have to work around it.
You are right. He is wrong. There have always been many situations where some kind of evidence is totally impervious to detection.
That one too. To put it bluntly, the police (and the DA) win ONLY if the criminal has made a mistake. Impervious methods for the concealment and destruction of evidence have been known for 20k+ years.
Sometimes, what is not a mistake today becomes a mistake as new technology is discovered, but that is an exception which proves the rule which is that "To err is human".
The good DA should concentrate on cracking cases traditionally by looking where did the suspect make a mistake (humans always do), instead of wasting all of his energy on the impossible.
Uncrackable encryption has existed for ages, it's known as the one-time pad. Unless you have access to the key then you stand no chance of reading the original plain text. Its big weakness is key generation and distribution, which has to be done via secure channels in advance, unlike public key encryption, which has easier key distribution but is less secure (depending on the amount of compute power available). Of course, one advantage of the one-time-pad is that in theory it is possible to easily create a spoof key to produce a harmless plain text.
The point is, the key has to be at least as long as your message and able to be hidden from nigh anything, plus its nature makes it difficult to keep in your head. They'll just go after the hidden key. And if there's more than one, they'll take ALL of them to make sure they have the right one (and so as to discredit any placebos).
That is a bit of a meaningless statement though. A one time pad (correctly generated) is perfectly secure because it can leak no information about the message. Each bit is equally likely to be flipped as it is to remain constant. It is 0 probability of being deciphered if the key is never discovered and is truly random.
RSA is considered to be very secure because we don't know of any way to factor the product of very large prime numbers. Not because it cannot be done, but because even if we dedicate the world's GDP to trying all possibilities from now till the heat death of the universe we still couldn't crack it. It is "practically secure" rather then "mathematically secure".
What you are saying is that
0 < 1 * 10 ^-someginourmousnumber
Sure. It is. But both are good enough (at least with classic computers)
Once upon a time DES was good enough, now it can be cracked quite quickly, almost real-time. If computing power continues to increase at the same rate, today's stuff will one day suffer the same fate. We're already recommended to use larger key sizes because 1024 bits can be brute forced. the information being protected may not be relevant by the time it's easy to crack - a bit like the old Playfair cipher used a hundred years ago - it could be cracked in a few hours, but if the message was "attack in 15 minutes" then it would be somewhat out of date by the time it was cracked.
Your in luck, they can have both.
There seems to be a problem with what they are asking and that is to break encryption. However they can't just come out and say what they really want because then everyone will be against it.
We want you to break encryption because it stops crimes, terrorists etc...
or what they really want which is,
We want the ability to read any messages and data sent between the general population on the internet.
They already have access to financial data so there is no need to remove encryption.
The elephant in the room is that WhatsApp is perfectly readable. All you need is one of the devices which either sent or received the message. That is presumably what happened in the London Bridge/Parliament attacker. If you recall plod was all 'we can't read the WhatsApp message'. Then they arrest and question his missus, make her give up her phone pin and et voila! panic over it was just an "I love you, farewell' message.
As the case over US plod trying to make Apple put a backdoor into iPhones shows, if they have the phone they can get into it, if they need to know enough.
There was some article years back about the CIA extolling the virtues of better encryption for corporate data. I would hope that the CIA would pipe up again, but I doubt they'd do it under this administration.
Oh, yeah: anybody remember the Clipper chip? I still have one of those t-shirts...
Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection, especially when officers obtain a court-authorized warrant. But that is the world that technology companies are creating.
No, that is how the universe is. Gravity pulls things down. Entropy increases. The ratio of the circumference of a circle to its diameter is not a rational number. If you stop breathing for long enough, you'll die. Certain encryption systems require an unfeasible amount of work to break.
You could express a wish that the world would be different. You could scream and tell the world that it is being unfair to you. You could pass a law demanding that the sea parts and lets you pass unimpeded. The universe does not care and is not going to be any different after you do any of these things.
> Gravity pulls things down.
Nope. In the immortal words of my second favourite accordian player
"My pancreas attracts every other
Pancreas in the universe
With a force proportional
To the product of their masses
And inversely proportional
To the distance between them"
-wise words to live by
I think part of the problem is that current encryption technology is rapidly making the situation black-and-white: all-or-nothing, with consequences. The way things are, either the data is safe or not: there's no middle ground. At the same time, subversive elements are becoming bolder and more brazen, placing governments and even civilization itself under serious threat. Basically, if the fate of the world depends on breaking an unbreakable message (a little extreme but more plausible in this day and age), then civilization itself may not last long, and that's REALLY scary.
... subversive elements are becoming bolder and more brazen, placing governments and even civilization itself under serious threat.
Aren't you just a little too harsh on Mr. Putin, Ms. May, and Mr. Trump? I know many people don't like them (either in part or in toto), but I still think calling them subversive isn't fair: they are just doing exactly that they promised they would when you voted for them (or against them, or just watched the train wreck unfold in fascinated horror, due to not being eligible for a vote).
... they are just doing exactly that they promised they would when you voted...
No. They promised they would make the world, or their country at least, a better place. Ell three are doing the exact opposite.
Mrs May is overseeing things that are making us all less free, less secure, more likely to be unemployed (or zero hours contracted) and so on.
The Chito in Cheif is working hard to make everyone except his friends poorer etc.
Puting is doing his best to destroy free speech in his country and outside it. I don't think Russias economy is that well either.
Don't be foolish.
"Subversive" is defined as "disagreeing with the government" these days. There are countless reasons why privacy and anonymity are essential to a society where the elected can be held to account and removed from office if required. Denying the governed the right to anonymity and privacy is another step along the road to the police states that most countries are becoming.
Anyway, the encryption genie is well and truly out of the bottle and the code that implements encryption is freely available. Mandating backdoored encryption will only mean that those who really do need to protect data (whether for good or bad reasons) will simply use encryption that does not have a back door.
Encryption is encryption. It either does what it's supposed to do or it doesn't. You imply that "current encryption technology" is the problem which indicates that your understanding of encryption is fundamentally flawed. Any new "encryption technology" which allows third parties to decrypt what is encrypted is, by definition, not encryption.
Your "subversive elements are becoming bolder and more brazen, placing governments and even civilization itself under serious threat" tells me that you watch far too much propaganda disguised as news.
Even now, there are evidences there are totally impervious to detection - i.e. any information hold by categories that have a "professional secret" privilege.
Also, if I was a US AG, I would be more worried about the absolute right to keep weapons, including war-designed ones. After all even the 2nd Amendment was written when weapon technology was far more primitive than today. You wouldn't be able to shoot 600 people at 500 yards alone in a few minutes with a 1789 gun.
It doesn't look the Las Vegas killer kept long encrypted transmissions before starting its massacre, nor bought his 42 guns and rapid fire accessories hiding everything in heavy encrypted communication. Everything was under the law enforcement agencies nose.
But in the Land Of Freedom your are more suspect if you use encryption than if you buy tens of guns...
After all even the 2nd Amendment was written when weapon technology
Nothing wrong with the second amendment EXACTLY as it is phrased.
It says "Right To Bare Arms". I am all for that (including in countries which have presently prohibited anything upto and including the kitchen knife).
It says nothing about the right to own fecking arsenals. That is the problem. Owning an arsenal sufficient to arm a small private militia is not a right enshrined anywhere in the US constitution. Show me how the f*** can you bare 35 automatic weapons at the same time. Show me how you can even lift them so you can bare them.
"It says nothing about the right to own fecking arsenals. That is the problem. Owning an arsenal sufficient to arm a small private militia is not a right enshrined anywhere in the US constitution. "
And yet in it's history, since the constitution was adopted , the US government has relied on privately owned arsenals to equip privately raised regiments and militias, and to equip for example,the 518 vessels to which Congress issued letter of marque and reprisal during the war of 1812. Vessels that were equipped with privately owned weapons equivalent to those issued to the US Navy...
Before demanding that someone hands over a password or decryption key for an "encrypted" message, it should be incumbent on law-enforcement to prove that the message is indeed encrypted,
A block of random data looks identical to an encrypted message. Yet it cannot be decoded (or cracked) since it contains no information. ( Undergraduate philosophy course question: How do you know when you have successfully decoded a message?)
So if you were to generate (say) 1MB of random data and send it to someone, could you then be required on pain of punishment to provide the means to decrypt it - even though the authorities have not demonstrated that there is anything to decrypt.
Similarly, entering certain autocratic countries with a TB or two of random numbers on a lappy could lead to the grammatical howler - and possibly recursive statement - of "I'm going to need you to decode that" from someone in a peaked hat. Explaining that there is nothing to decode and therefore no pass-key is unlikely to get you past the government checkpoint.
As the saying goes, you're screwed. That's why you can't really have "plausibly deniable" encryption a la TrueCrypt/VeraCrypt. Produce something capable of hiding something and the plods simply assume you're hiding something and lying about it (because if they take your word for it and there's a massacre, it's their heads). Not even staganography is immune to serious content analysis to reveal there's hidden content there combined with pervasive media mangling to reduce its possible flow to a trickle.
This post has been deleted by its author
"The problem with that is that a block of encrypted information does not look the same as a block of random data"
Only if the encryption is utterly incompetent.
Sure there might be systems where the encrypted file/partition has the odd header / magic number for file type identification, but those are not really a good idea and it does not change the statistics of encrypted block(s).
Take an electronic phone book.
Create a file of completely random data of an equal size to the electronic phone book.
XOR the two together.
Compare the entropies of the random data and the phone book that has been encrypted with random data.
Continue this discussion now that you know what you're talking about.
... a block of encrypted information does not look the same as a block of random data...
As noted by other posters, if you 'encrypt' your data with something that does not give it the same entropy as random data, you have not encrypted it. You have probably used a substitution cipher, or XORd it with a repeated fixed-length string. Those things are not generally considered to be encryption.
Folks who are much cleverer than you, for example Bruce Schneier, have spent large potions of their lives learning about the mathematics and theory behind encryption to design things that do result in sufficient entropy for the result to be statistically random.
I'm not entirely sure of this, but I *think* the 2nd amendment was intended to provide the *states* with the ability to resist an authoritarian central government (that "well-regulated militia" clause the courts so studiously ignore). Of course, none of that is relevant any more in the 21st century, as technology and the organization of society have changed the game entirely, making that protection moot.
As far as warrant-proof encryption goes, I rather think the signatories to the US Constitution would be purely tickled by the ability of individuals to limit the reach of an intrusive, authoritarian central government, as such a central government was one of their biggest worries. Oh, wait, we have those all over the place now.
Anon for the obvious reasons
Where is the word "state" in the Second Amendment? Militias were and can remain private organizations. After all, the STATES can become corrupt, too. It's meant to ensure government (ANY government within the borders) doesn't try the confiscation approach. Now, there's still the "nuke a town and dare anyone else to try" approach, but that's a different story and still has counterexamples in places like Vietnam and Iraq.
The user is not obliged to keep their recovery key. They are free to destroy it / never write it down. If they take that approach, then key recovery is not possible. If he is offering a TLA recovery key for each message that we can opt to not record, I think that is a compromise that we can live with.
If they remove encryption from built in software like imessage, i’ll just build my own and distribute it to my family for communication. Would find a way to encrypt all important data or if not possible I’ll go to extraordinary lengths to use obfuscation through different IPs, locations and VPNs and who knows what. But that would suck for me, because it would eat up my precious time. Also, if there is no encryption it becomes a tower defense game: delay the compiling of data on my activities till it’s not actual anymore so it’s useless, so that’s what will happen - lots of people taking non-value-producing steps in protecting themselves on the nets.
It doesn't have to be.
Encryption is protected by encryption. And that's the best protection there is.
For the rest, if all law enforcement agencies have is an encrypted message, then I demand they show what proof they have that that message is so important. If they have done their job, then they have suspect location and time, witnesses and DNA evidence (flawed as that may be) and a host of other clues that point to guilt. In that case, the message is supplementary evidence and they should be able to do without it to obtain a conviction.
In other words, what if the message is the only proof ?
In that case, I'd argue that the suspect hasn't done anything yet, in which case why is he suspect ?
Oh, and before you go on about preventing terrorism, the 9/11 guys were known by the CIA and that prevented fuck all.
Examples include the central management of security keys and operating system updates; - no third party involved, the key to verify and decrypt the OS update is held by both the OS supplier and the OS itself.
the scanning of content, like your emails, for advertising purposes; - wrong, email is held at rest as plain text.
the simulcast of messages to multiple destinations at once; - usually wrong, if it's encrypted the message is sent multiple times and multicast doesn't work over the Internet anyway.
and key recovery when a user forgets the password to decrypt a laptop. - again wrong, no third party involved, the key to verify and decrypt the recovery key is held by both the OS supplier and the OS itself.
1) OS updates: what is important here is the signature, not the payload "secrecy". That's why they are signed by the manufacturer private key, and not encrypted with the receiving party public key (or they will need to encrypt each update separately). The AG doesn't understand the difference. Updates may be delivered over a TLS encrypted channel - but that's the transport only.
2) Email is never considered secure unless end-to-end encryption is used. That, of course, hinders also any attempt to process them for advertising. Of course, Gmail and the like has no reason to promote end-to-end encryption. SMTP delivery using TLS is not secure, because no real certificate validation happens, and encryption is removed on delivery.
3) Key recovery is usually optional, and systems like the AD recovery key are exactly backdoors available to system administrator, and to anyone who p0wned a system. They are good if you are the owner of the information - a company may not like to be kept out from data it owns, even if an employee had encrypted them-, and it is correct to be able to access them without accessing them using the employee account (because of accountability) - but of course they are bad when used to access data you don't own - because they can leak, you can be p0wned, and it would give a too big power of easy snooping with too little control.
Clearly he hasn't heard (or doesn't care) about why forward secrecy is important, and none of his examples are scenarios where it could actually be used.
It can, by definition, not be combined with key recovery. I suppose the closest you could get would be if you established two sessions, one with the actual intended party and one with some master government server...
I agree with him that backdoored crypto is essential in the modern word - for government use.
Any nation with politicians that dare to use the word "democracy" when referring to their activities should mandate backdoored crypto with keys that become public after a set period, say 2 years for regular operations and 20 years for whatever is deemed National Security so we can finally have the kind of transparency that establishes accountability.
For alleged democratic governments, there should not even be another option. For citizens, not so much.
> What about ongoing black projects which have to be denied they even exist, whose revelation could bombshell major government relations if not start a war?
You like your bullshit hypothetical situations, don't you?
The whole point of a suggestion like this is to prevent a scenario like you describe. So, don't get your "democracy" doing things which could bombshell relations and start a war when they become public. Because, you know, a democracy should be working for the people, not against them? And since it often needs pointing out, "people" isn't limited to "Americans".
Or maybe, as per your other comments, you're a masochist?
> I've learned from firsthand experience that edge cases don't stay edge cases and that truth is stranger than fiction (see Edward Snowden).
OK, so what happens when someone has a super-encrypted message which can save the world if it's delivered to the right person, but he's arrested by an enemy state who have the back-door keys to the encryption protocol?
See, typing nonsense scenarios doesn't help an argument. What helps is to look at the history of how things have actually happened and, very roughly, it has gone like this:
1. Government can snoop on specific people, with a court order.
2. Communications go digital. US government (imitated by many others) discovers it can freely ignore law and intercept all communications of everyone, everywhere.
3. Snowdon leaks reveal extent of illegal government spying. Government does nothing about it.
4. Tech companies and consumers move to apps and platforms which encrypt communications by default. Back to step 2 (via bugs, covert software, and hardware attacks against specific targets)
Most likely, any attempt at banning encryption will be entirely unworkable. Either in the physical sense (and it will be ignored), or the legal sense (and courts will rule against it).
Additionally, people who are going to commit attacks still will, either using unencrypted platforms (as per the Paris attacks, which were discussed and coordinated over SMS) or, if they are going to take serious planning (eg 9/11 attacks), over proper secured channels. Or even in person.
I wonder if it is mathematically possible to devise an encryption system that has a generic key that will only work after X time period, like a safe that unlocks automatically at a given time??
Or else use FOI-like mechanism to publish encrypted government documents, and they would automatically enter the public domain after a number of years once the encryption can be broken in reasonable time.
The closest you can get is by deliberately making the crypto system breakable given X amount of work, and this is actually occasionally done. The various crypto currencies and other blockchain systems basically work by this principle.
However, even employing algorithms that you know won't be possible to implement in hardware so you know the attacker has to use something very much resembling actual computers to crack it, it's still very difficult to get it right.
This has become easier now that the CPU development has slowed down when it comes to raw number crunching speed, but it's still very hard to predict actual performance and the number of cores an attacker can commandeer in the real world.
Your calculation for the time required can easily end up being off by an order of magnitude,or more.
Years ago I set up PGP for corporate use, and one of the features was the Additional Decryption Key - each file or message would be encrypted as normal for sender & recipient, but also for the ADK too. In the event that somebody left, was taken ill or somehow managed to lose every copy of their key it meant their messages and files could be recovered. PGP always warned recipients that an ADK was in use, but it was seen as a strength once you understood what was going on. The data was still encrypted, and the ADKs were under tight control and no single person could use one thanks to key splitting.
I currently use Bacula for backups with encryption. That also has a "master key" that allows me to recover any file for any client even if the client key has been lost. Again this is configured in the client so its use is not a secret.
In both cases data remains encrypted and there is no need for a backdoor in the encryption scheme.
There are good reasons for others apart from the original sender and recipient to gain access to encrypted material when the original parties may be unwilling or unable to assist, and that includes law enforcement, auditors and other inspectors/investigators and I suspect this is going to end up with communication service providers - which may well include corporate email admins - being mandated to implement ADKs that can recover messages.
Many people with more clue than myself have pointed out the problems with central key repositories, but if an application can be created that manages per-user keys without users having to care about it, then it is also possible to manage ADKs, what we need to sort out is the legal framework for using them to recover the plain-text data. This does not mean that law enforcement or any government need to be in possession of the keys themselves either.
Screaming that life as we know it will end is not going to work as clearly there is a technical solution already available. We need to shape the argument so a workable implementation is achieved that prevents the worst abuses and provides visible checks and balances.
I can see where you're coming from and what you are trying to achieve and that is laudable, but I'm afraid it's based on a belief that law enforcement and other agencies only act in a benign fashion.
Sadly, there are reasons they avoid transparency, accountability and overall scrutiny.
Even if that system were mandatory, there are still many options for people to employ a system without it enabled. At this point you are back to square-one. It's still a question of trust.
As has already been mentioned, this situation was provoked by the wider public becoming more aware of the unfettered data collection by various agencies. This issue didn't just appear out of thin air just to piss off the law.
Exactly right, and I was thinking more in the public / corporate world where organisations are being requested to hand over huge amounts of data and/or their keys, or change the systems to create keys that can be handed over rather than for example private individuals who will always be able do do their own thing and ignore rules and laws they don't like until they get fired or arrested.
Any system based on ADKs still needs to be based on trust that those doing the investigation and those holding the keys are doing the right thing, and there needs to be a way to dispute any unreasonable access requests.
By creating a method where it is possible to gain access to only the targeted data and that access needs the co-operation of independent people/organisations then just maybe enough of those demanding unfettered access to everything in the name of security to calm down a bit. Of course, you can't stop the zealots on any side of the debate, and I include those who insist that not even a partial solution is possible in that.
Sadly I have very little confidence in the current political climate - across many jurisdictions - for such powers and the demand for ever greater ones to be rolled back to allow something like this to be an option.
Sorry, but the argument should start from the right to freedom of speech.
Let's put in the statement that your message is your speech, your expression.
With that the government should not be controlling your right to your speech and expression.
Thus the government should not have the power to stop you from locking or encrypting your speech.
I'd love to see someone get a copy of The Donald's tax returns and place them in an encrypted file openly on the internet. They could then use the same encryption keys for all their own private information knowing that the publication of the keys would give the President yet another Bad Hair day.
In any case his comment that "There has never been a right to absolute privacy" is wrong. The Bill of Rights is considered part of the constitution and -
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people.
I guess that fat hairy arsehole can't count beyond two and never read the rest of the constitution.
"You can still break it by recovering the key, which is normally too complex to commit to memory, meaning there WILL be a trace."
As it's a one time pad, once you have used it to encrypt or decrypt the message, you would delete (the segment used) using whatever method will make it unrecoverable, along with the plaintext if necessary.
"Sounds like he wants to be able to force people to give up passwords & keys
Not attempt the impossible trick of making secure encryption with a government backdoor."
For the last 18-odd years the government here in Blighty has had the legal means to force the surrender of encryption keys on pain of imprisonment (RIPA 2000). I'm pleased to report this has prevented all terrorism and we live a life of unfettered bliss in these Sceptred Isles, secure under the watchful gaze of Big Brother.
The deputy AG says that there has never been an absolute right to privacy. This is a firm statement by someone in authority and it needs to be examined in the context of the Fifth Amendment.
The Fifth includes the requirement that “nor shall be compelled in any criminal case to be a witness against himself,”
The contents of an encrypted file could well include information that could lead to prosecution of the witness, either directly or through association with others (known or unknown) through the wide ranging conspiracy laws. The whole nature of secret information is that it is not known to the examiner. Only the holder of that information knows its true nature which is why invoking the Fifth is difficult to challenge. Grand Juries can grant immunity but only under local jurisdiction. What happens if declaring that information makes you a criminal outside the USA. Immunity is limited. Extradition complicates matters. Can a Grand Jury grant immunity for any and all crimes that it won’t know about until the information is exposed. It is a Catch-22.
So what is the difference between the contents of an encrypted file and knowledge in a witness’s head? Imagine if you will that rather than place information in an encrypted file, the witness chose to memorise it. The actors playing Hamlet have to memorise roughly 1500 lines (about 12,000 words) and deliver them in public. That is a lot of information.
I can envisage a slightly humorous scene in a courtroom where the deputy AG is enforcing the handing over of encryption keys. After much objection by the witness and lawyers, the Judge rules that the file must the decrypted on pain of nasty punishment and witness hands over the keys. The file is decrypted and reads “Everything you need to know is in the witness’s head.” I suppose the deputy AG would claim the fifth doesn’t apply any more.
Memory Theater and other mnemonics tend to rely on sequences to establish relations. It doesn't work so well when the recall is more random in nature.
As for extradition, that's up to the country currently housing the suspect. Generally, it has to be a crime in that country first before they'll even consider extradition. Differences in law provide an angle for political refugeeism.
what a mahoosive ignorant tool......
"Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection, especially when officers obtain a court-authorized warrant. But that is the world that technology companies are creating."
A messenger carrying a memorised message concerning criminal activity is not obliged to reveal it, is obliged to be told they can keep their trap shut, and is protected by the constitution against attempts to force them to reveal it.
Being compelled to use crypto that has a government backdoor doesn't gel very well with the actual text in question.. "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated" that's before we note that a government back door is a few bribes threats and hacks away from being a back door that sees more passing trade than a Bangkok brothel....
"There is no constitutional right to sell warrant-proof encryption. "
There's no constitutional right to sell a cheese sandwich or a car either WTF has that got to do with anything...
The technical trend is clear and in the direction of ephemeral session keys that even the user doesn't possess the key for... time to stop being fat and lazy and start doing proper police work again....
"There's no constitutional right to sell a cheese sandwich or a car either WTF has that got to do with anything..."
Quite so. The rights are no in selling, rather in owning and/or using.
The solution to this problem is in the second amendment. All some bright spark has to do is find a way of building encryption into a gun and there is no way that the US government would be able to challenge it. The NRA would never have it.
"One end may be outside your jurisdiction and you don't know enough about your end to establish probable cause."
Not knowing enough about your end to establish probable cause, (meaning you wouldn't get a warrant) is EXACTLY the reason why law enforcement should not have access to the decrypted message
science can't lose.
Even if (snopes alert) the law declares Pi to be "3".
Starting with a OTP, there are several ways to render plaintext unreadable - forever - without the key.
If I were really worried, I would look towards a system which required (say) 9 people to each provide a fragment of a key before the ciphertext can be read.
If each of those people lives in a different jurisdiction (India, China, Australia, EU, Mexico etc) then good luck with that.
Tolkien needs to be read as a metaphor.
But then they have to get together to actually get things done. Just make it hard for them and they'll be forced to change methods.
As for the one time pad, continual pressure could force them to keep ditching their pads in a panic, breaking communication chains. Remember, keeping them from communicating can be as effective as intercepting them.
This whole thing totally creeps me out.
I only skimmed the comments, but I didn't see anyone discussing what it will mean when people are permitted only to use "approved" encryption. They'll want a way to hunt down anyone using illegal encryption. Wouldn't this require more surveillance? How else will they be able to verify that everyone is complying with the law?
And, you know criminals will just end up finding ways to hide encrypted data; it's just too easy a thing to do. So, what this is really going to do is give them a new law to prosecute on, a law mandating "registration" of backdoor access, and very little else. They aren't going to actually get much in the way of back doors to real criminals. The mathematics aside, they're in fantasy land if they think their efforts will yield any meaningful results without hurting society. And if they do it wrong, the worst case scenario is Cybergeddon--just imagine the wholesale draining of banks and markets crashing left and right.
The only thing his laws would do is make more people classified as criminals. Just by having a program that does encryption that does not have a backdoor. You may not even know you have one, but that's no excuse under the law. Like banning all knives over 4", does your kitchen knife count? a hatchet, a chainsaw, wood saw, sheep shears.. To the law - Yes. (the analogy is based on a law of knives you could have in public at one time in some US states.)
This discussion, and Rosenstein's arguments, should be dead in the water. Here's the thing: It is, technically, possible for anyone, including criminal and terrorist groups, to employ unbreakable encryption. The math and algorithms are out there.
Outlawing unbreakable encryption does not change this fact one bit. Why should a criminal or terrorist care if he breaks one more law?
It stands to reason, therefore, that a demand to backdoored, breakable encryption by law will not achieve its stated goal, namely catching criminals and terrorists, in particular not the smart and therefore most dangerous ones.
Well, it's still classified as a "dual use technology", see the Wassenaar Arrangement:
Your local laws may or may not be based on this, Hong Kong's (https://www.stc.tid.gov.hk/english/checkprod/cat5A002.htm) follows the wording so closely that I'm surprised it isn't a copyright violation.
I _might_ be inclined to believe the government when they said that they needed complete access to all communications to prevent or punish terrorism, if only the creeps making those claims hadn't already demonstrated that EVERY police power that they claim will prevent terrorism is immediately used for petty crimes like tax non-compliance or divorce or child custody disagreements. EVERY tool that the police obtain will be used in EVERY case in which it might be useful.
Cops demand the use of "Stingray" cell site simulators to catch terrorists - and then use them to find low-level drug dealers and cigarette smugglers.
No! Police, you have abused EVERY tool that you've ever been given. NO MORE!
As I understand the AAG's position, he wants to be able to serve a warrant on a third party (the hardware/software company) to get access to information. Right now, there is a mechanism to compel defendants to comply with a warrant (contempt of court). But it isn't 100% effective, and trying individual cases is time consuming. Why serve individuals when you can serve tech companies and get lots of cases resolved at once? It also eliminates that pesky problem of individuals challenging the warrant instead of putting a gag order on the warrant so the subject never knows until they are hauled into court.
We have never required safe manufacturers to create a master key for law enforcement. Why should electronic devices be different?
The law recognizes that legitimate law enforcement needs can outweigh personal privacy concerns.
Key word: legitimate. I absolutely agree that law enforcement should be able to gather evidence of crimes, especially in a system that places the burden of proof on them. The problem is that they've not limited their searches to areas where they have a reasonable expectation of finding such evidence. They have, in short, repeatedly and wantonly committed the very act that the Fourth is intended to protect us from.
Here in the US we have the reality of cops making the owner of a car stand out in the cold for hours waiting for their car to be searched simply because they're teens. And should the teen be aware of their rights and try to prevent it they'll bring over a drug dog and have it jump on the car on cue to give them probable cause. We live in a world where data on your laptop can be searched simply because you carried it through an airport with no reason to suspect you've committed any crime. We live in a world where every single email we send or phone call we make is probably being monitored by bots to flag suspicious ones.
He's right that we don't have an absolute right to privacy. Law enforcement has always been able to get warrants to search whatever they need to if they can give a good reason. But we do have a reasonable right to privacy, and warrant-proof encryption has become the only way we can enforce it in a world where law enforcement has developed a habit of skipping the warrant.
"They have, in short, repeatedly and wantonly committed the very act that the Fourth is intended to protect us from."
It's simple. If you're under perpetual existential threat (and can prove it, too, with things like 9/11) then it's very easy to claim anything is reasonable if your country won't exist tomorrow otherwise.
It's simple. If you're under perpetual existential threat (and can prove it, too, with things like 9/11) then it's very easy to claim anything is reasonable if your country won't exist tomorrow otherwise.
Wow. Your argument is a relatively minor1 event 16 years ago?
1 Relatively minor : IIRC there was something like 3 million people airborne around the world during the time of the alleged 'terror attacks"2, many more travelling in various other means. Hell, probably more people died in traffic accidents around the world at that time, and probably more women died in childbirth that year than from terrorist attacks world-wide (not counting US etc invasions as terrorism, though they probably are at least that).
2 Lots stinks about it OK?, esp WT collapses and esp WT7. I'm not convinced either way.
Law: Where did you bury the body?
Suspect: I know nothing about what you are asking.
Law: We know you did it, take us to the body.
Suspect: Get a warrant and have fun.
Law: We are not going to spend our pension money digging up your property. Tell us where the body is.
Suspect: I know nothing about what you are asking.
Backdoor encryption gives an unfair advantage. I think the law needs to dig their own holes.
I can read. I've read the Fourth Amendment to the US Constitution. You are entirely wrong Deputy Attorney General Rod Rosenstein. Expressing a wrong opinion does not equal changing the US Constitution, no matter how much you wish it would.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
If the government meets their obligations before search and seizure, then they get what they get. Not-a-thing in the Fourth Amendment stipulates anything-at-all about any citizen ever having to make any of their persons, houses, papers and effects searchable.
Therefore, if the physical safe with the evidence is never able to be opened, that is the state of affairs. If the virtual safe with the evidence is never able to be opened, that this the state of affairs. Any US citizen can keep anything personal in anything. There is no limitation.
Read the Amendment again please. No more confabulation please! What you're claiming to be there, Deputy Attorney General Rod Rosenstein, is not there, is it.
I hope the motivation behind your wrong statement wasn't totalitarianism.
Except practically no safe known to man has been able to beat a determined safe cracker. Thus why they're rated by time. Worst case, unless it's a vault, they find a way to dismount the safe and take the whole thing with them.
Electronic communications CAN, however, be permanently scrambled beyond recovery. Indeed, some adversaries SEEK this to break communications chains.
Can we now say that if a computer has been compromised by the loss of a govenrment-owned backdoor key that the system has been "Rosensteined"?
"How in christ's name did The Lucky Chang Vehicle Group get hold of our game-changing automobile tech?"
"Sorry, chief, we were Rosensteined. The Department of Homeland Encryption just announced they were rooted last March"
Not really. The key word in the Amendment is "reasonable". Thing is, what can you call reasonable when you're under perpetual existential threat?
When I see fluffy white elephants with pink polka dots flying around the room, I know it's time to put the funpills away for a while.
Might be time for you to cut back on your doses as well, don'tcha think?
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
All memebrs of the UN are signed up to it, and Encrypted communications is maintaining the privacy of corespondance hence it is protected. If they have a legitamate reason to view it, Get a Warrant thats what they are for.
The title and underlying message of this story is false, wrong and a lie.
Do you only have a 3rd grade reading level?
The statement is, "There is no constitutional right to SELL WARRANT PROOF encryption".
This is true about anything and everything. So to make it a huge deal is moronic.
This applies equally to locks, safes, fences, pockets, cubby holes, etc. If a warrant is issued, the owner is obligated to provide access.
The message of the entire speech is, "Responsible encryption".
More ultra-far left wing lies to invoke emotion, because they know when people are emotional, they don't think through things. They only grab on to what someone says, whether it's true or a lie.
Troll, but for anyone else reading:
As was established in Bernstein v. United States https://en.wikipedia.org/wiki/Bernstein_v._United_States there is in fact a First Amendment right to publish encryption code.
It'd also follow that there is a First Amendment right to publish, say, designs for a lock that police or intelligence agencies cannot reasonably pick/manipulate, but as far as I know this hasn't been tested in court because noone has been stupid enough to actually try to cripple the security of physical locks. For some reason this obvious common sense thing disappears when it comes to "locks" on data.
There is no way for a lock manufacturer, regardless of warrants or any other legal (or illegal) means directed at them, to hand over a key for a lock someone keyed themselves.
And lock manufacturers do in fact release new designs when it becomes known that someone, including governments, have figured out a way to open them in a way that breaks the underlying security assumptions.
BiLock has stated this in public, for example:
"After extensive internal testing, and some additional upgrades, we are getting ready to submit an even more improved version for US and Canada certification. This BiLock system will far exceed the requirements set forth in UL 437. The new design will also thwart even the most sophisticated picking and decoding tools that are in use by the US intelligence agencies."
So I suppose he should call for "responsible lock designs" that are pickable so police and others can gain covert access when they have a warrant to do so?
Weakening everyone's security - and making life easier for criminals- in the process, of course. Just like it would for encryption.
(PS. For the record, I am a certified right-wing nutjob.)
Moot topic. If the government banned perfect encryption, someone would put the code, method, and logic on the web for free. It would be tested by many, rated, reviewed, and distributed before the first search warrant was issued to stop it. If something is possible, it will be done and put on the Internet.
Besides, people have always had the ability to develop their own, private language (and some have done so) or code, understandable to no one else. If you want to send undecipherable information, you can do so. It just takes a little creativity.
"Besides, people have always had the ability to develop their own, private language (and some have done so) or code, understandable to no one else. If you want to send undecipherable information, you can do so. It just takes a little creativity."
I want to upvote and downvote your comment. Up, people can certainly invent their own language or encryption. Down, unless they are extremely clever it won't be worth much.
The gold standard is encryption where the code can be published, examined and hacked since a secret is dead once somebody spills it if you are rely on obfuscation for security. Perfection is impossible but if The Man® isn't willing to dedicate a serious amount of hardware and time to decoding your correspondence, it can be perfect enough. Code that good isn't something that anybody can do after a semester in a cryptology class.
"...that's all we've ever had in this country is a list of temporary privileges.", "...because rights aren't rights if someone can take them away." -George Carlin, It's bad for ya
The Constitution DOES say that it's citizens have; "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
There is nothing in the Constitution that says the Government can act like a totalitarian dictatorship with the absolute right to know everything it's citizens do and say. Yeah, oversight! Like the oversight of the NSA, DNI, and the FBI in abusing the FISA courts, or maybe the sharp oversight of the bank bailouts where billions if not trillions of dollars was wasted, yet Congress doesn't know how or for what and the banks amazingly didn't keep records or won't say (bonuses and parties). But there is never any consequences for this lack of oversight and the waste of tax money that goes with them. I am curious as to where all that repaid money went, it wasn't paid back into the national debt. Was it really paid back?
So the Government does NOT have the right to look at everything transmitted or written by it's citizens. Back-doors into encryption will be handled with the same careless and reckless attitude and behavior as the Government has done with FISA courts wiretapping, warrants, searches, protection of rights, with a "screw you" attitude!
“Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection.”
NSA, CIA, FBI, local and state police, the "justice" system (with the courts protecting criminals who happen to also be rich), stuff at various levels of government (federal, state and local), stuff protecting various corporations, stuff done by the various armed services.
How many "system(s) where evidence of criminal wrongdoing (is) totally impervious to detection" have I missed?
And where such crimes are detected, within those systems above there are many many ways to either have the crime go unpunished, or have the true perp go unpunished while some innocent (or not) bystander takes the wrap and does the time.
"Not really. The key word in the Amendment is "reasonable". Thing is, what can you call reasonable when you're under perpetual existential threat?"
But you aren't are you.. DAESH and Al Qaeda lack the power to significantly damage the USA, re-order it's society or damage it's constitution, they can make a few messes and kill a small fraction of the population. Unpleasant, but not an existential threat. Your government on the other hand can do all three and in these circumstances is the player that needs to be carefully watched.
"How do you know they lack the power? Perhaps they're just just biding their time or waiting for a force multiplier, a domino effect, or a decapitation strike."
They been under SiGINT, SATINT, PR and Special Forces Infiltration for years now, They can't hold the territory they took :
Their ability to mount an operation against the USA significant enough to imperil it's existence is nil. The state actors supporting ISIS will do everything possible to keep Nuclear Weapons out of their hands. They wouldn't be able to keep their involvement quiet and DOTUS would spend about 0.1 picoseconds considering the ethical issues before glaing their real estate with instant sunshine
"Their ability to mount an operation against the USA significant enough to imperil it's existence is nil."
Yeah, right, and no one thought it prudent to consider that airliners can be hijacked and turned into suicide vehicles. I trust those SIGINT whatevers about as far as I can throw them. Plus, even after 9/11, some suicide attacks still occurred because the instigators were the actual, licensed, etc. pilots.
If the plods say they don't have a chance, they're looking in the wrong place.
"Yeah, right, and no one thought it prudent to consider that airliners can be hijacked and turned into suicide vehicles."
And those attacks in no way constituted an existential threat to the USA. Damage to a small area of commercial and government property and a relatively small number of deaths in comparison to an actual existential threat. For example the Luftwaffe campaign against Great Britain; The Bomber Command/USAAF campaign against Germany; the USAAF campaign against Japan culminating in two atomic releases. It soesn't even compare in scale to the collateral damage caused by the secondary air campaign against North Vietnam by USAF/USN
The only actor currently possessing the power to imperil the existence of the USA as it is currently constituted and operating is the US government.
I bet you an atomic bomb detonated 20 miles over South Dakota would change your tune. Or perhaps a superfluous farmed by ferrets and passed by a willing participant passing though JFK, O'hare, Reagan, and a number of other major transit hubs
As for 9/11, that was likely a dry run. If they REALLY wanted to hit hard, they'd have hit during the State of the Union address...using the plane carrying the hidden Cabinet member. With some sleeper cells, you could also take out the governors, creating enough of a power vacuum for a mass assault to work.
Attempted to buy a development board here in Scotland.
Yes contains a secure core, we all want.
America said no, I was not able to purchase it due to export restrictions.
So, I attempted a European company, they said they would only sell to companies.
What is a man on the street to do,
when they protect money
but not people?
The advent of smartphones has made law enforcement lazy. Before they would have had to directly monitor subjects to learn what they were saying or searched physical locations (probably multiple physical locations) to unearth evidence.
Once we created smartphones, it became easy for law enforcement. Get the phone and you get it all. No need to scale telephone poles to install alligator clips on lines, no need to rifle through the grunge at some loser's apartment. It was clean, it was easy and life was good -- for law enforcement.
Now that encryption threatens to **RETURN US** to a time when law enforcement had to work for information, people such as Rosenstein are complaining like teenagers asked to clean the kitchen.
Smartphones are the information drug that law enforcement got hooked on, and they don't know how to go on living without it. Their brethren from half a century ago would be very disappointed in them.