back to article White House mulls just banning strong end-to-end crypto. Plus: More bad stuff in infosec land

As June turns over to July, here are some additional bits of security news besides our regular infosec coverage. Trump officials mull: Why not just ban strong encryption? Haven't we done this before? The White House is said to be weighing a plan to force US tech giants, software and hardware makers, and other companies, to …

  1. Anonymous Coward
    Anonymous Coward

    Yet Another US Government Brain Fart.

    Most likely the other "western" governments will follow the US and jump off the same cliff.

    1. cbars Silver badge

      I just think they realised it's a game of "would you rather?". Having been defeated many times on the logic of this argument, they've realised it works to say "would you rather I hit you with this wrench, or with the back of my hand?".

      "Would you rather we ban e2e encyption and scare off your customers, or just stick a third end point in your datacenter so we can listen to what we want anyway". Very few people will *really* have a problem with this, despite the increased risk due to hacks etc.

      Yes, absolutely other govs (UK) will follow suit.

      1. Anonymous Coward
        Anonymous Coward

        The question is how to enforce it, of course

        Sure, most people will stick with Facebooks WhatsApp. But we should assume that those aren't the people the government is interested in.

        The ones who really want to hide something can just download an app developed in a country that doesn't impose blanket surveillance. Sure, using an app like that can be made illegal, but note that these are people that likely don't care much about this.

        In the end, the only one being spied on are the law-abiding citizens. One wonders if that was the plan all along.

        1. Tim99 Silver badge
          Big Brother

          Re: The question is how to enforce it, of course

          It’s nothing to do with criminals or terrorism. All established governments know that their biggest threat is from their own citizens, so whenever they say "we can protect you/your children from terrorists/criminals" they actually mean "we want to protect ourselves from you".

        2. Grooke

          Re: The question is how to enforce it, of course

          "an app developed in a country"

          I read "an app from a developed country".

    2. stiine Silver badge
      Mushroom

      As long as they go first...

      The FBI, CIA, NSA, AEC, and military need to be first, next should be SWIFT, followed by NorthrupGrumman, Ratheon, IBM, Google, Microsoft and every bank.

      Once they're all using breakable encryption, then we can start using it.

    3. Anonymous Coward
      Anonymous Coward

      "Yet Another US Government Brain Fart."

      While it's easy to criticize the US for this, don't forget that Australia and the UK are already a few years ahead of the US in contemplating encryption bans or severe restrictions. I'm less familiar with other Western countries current policy plans but if we include Russia (key escrow already implemented) and China (encryption restrictions and use of bypass mechanisms for Chinese citizens) then given how US companies have pushed the use of encryption to protect foreign nationals, they should be given some credit.

      I suspect we are seeing local/state US enforcement policies (likely drug related) potentially bleeding into national/foreign policies - once the large multinationals lobby against it, it will be dropped in exchange for the NSA sharing a little more data with them. While message contents are useful, metadata and targeted surveillance using existing methods can likely address the same problems to the extent that the US cares about solving these issues

      1. MrDamage Silver badge

        > " don't forget that Australia and the UK are already a few years ahead of the US in contemplating encryption bans or severe restrictions."

        That's because our politicians were smart enough to realise "crackable by the good guys only" encryption was a pipe dream, and thus started looking at other measures, whereas the US insisted on following the pipe dream.

        Doesn't excuse any of our politicians for being utter douche-flutes though.

    4. Andrew Commons

      Back to the future

      In the days of COCOM, and in fact early Wassenaar, encryption was recognised as dual-use and export controlled. Banning strong e2e is just 'back to the future' and, having been there already, we know how that works out. The algorithms leak, new algorithms are created, and those who are outside of the immediate reach of the authorities roll their own. And, of course, you can always resort to a one time pad. Difficult to decrypt communications is not easy to ban unless you ban encrypted communication completely...but then you have things like steganography.

    5. Rol

      "And here is the final figure"

      "That much?"

      "Yep. The actuaries and the rest of the teams worked on this for weeks and that is the figure"

      ----

      "Hi. Mr President, we're willing to acquiesce to your demands, but this is the amount of funding required to implement your end to end encryption downgrade"

      "Err. Arrr. Mmm. Err. What am I looking at?"

      "We need 25 trillion dollars"

      "And why?"

      "It's the estimated cost of reimbursing our customers for their losses over the next twelve months"

      "Err, and that would be the sum of it for everything"

      "Not quite Mr President, I'm Bob from Bob's Independent Fishing and Hunting Emporium, in Alabama"

    6. Kiwi
      Alert

      Most likely the other "western" governments will follow the US and jump off the same cliff.

      That's not what I'm afraid of.

      I'm afraid out lot will follow in the pre-decessors footsteps and rush through badly written very poorly understood legislation in efforts to be the first 'Western Government' to use this kind of legislation.

      (Sadly to be closely followed by "First first-world nation to become 4th-world overnight when hackers steal all our stuff! :( )

      (El Reg - we don't seem to have a "I am very worried about where this is headed!" icon. Is that because you're fearful it'd burn out from over-use in threads such as this?)

      1. STOP_FORTH Silver badge
        Flame

        Add to list

        Icon burn-out. Another thing to worry about!

    7. Charlie Clark Silver badge

      Or, for short term political gain, another unenforceable law will be passed. IIRC North Carolina did for a time make it an offence to mention climate change in official documents. While ideology might have played a part, the real estate industry also has a vested industry in not scaring off potentials mugs customers from sea-front properties in an area that is expected to see higher than average rises in sea level. Having no official docmentation mention the potential risks gave them plausible deniablilty.

      But on a more practical level this could be used to incriminate just about anyone and lock them up while you look for something more substantial. US law enforcement agencies are already frequently overstepping the legal boundaries and though occasionally slapped down by the courts, are always on the lookout for more other reasons to detain people.

      1. Kiwi
        Coat

        the real estate industry also has a vested industry in not scaring off potentials mugs customers from sea-front properties in an area that is expected to see higher than average rises in sea level.

        You mean mugs like Al Gore?

        (Although if he is buying up beach-front property and runs mansions with exceptionally large "carbon footprints" - does he not believe what he sells??....)

        Have an upvote for the 2nd paragram though :)

        (El Reg - can I get a scratched-to-buggery record icon? :) )

  2. Anonymous Coward
    Anonymous Coward

    Sigh

    I can see the point of view of those whose job it is to keep us safe; baddies being able to communicate securely with impunity is not a good thing. The problem is that our technology is effectively useless at telling the difference between baddies and goodies. The only way the Internet can move forward on security and policing is through strong social leadership, build a concensus, so that everyone (citizens, service providers and law enforcement agencies) is minded to move in the same direction (whatever that should be). In my view banging the "let's ban strong encryption" drum doesn't qualify.

    1. scrubber

      Re: Sigh

      baddies being able to communicate securely with impunity is not a good thing

      Sorry, but until proven otherwise the "baddies" are actually innocent citizens and the only way the government can ensure to listen in to these "baddies" is by listening in to everyone.

      1. Tomato Krill

        Re: Sigh

        That wasn't the point being made and (I feel) you know it.

        The point was that baddies are able to use strong e2e and they do and that is bad for stopping them.

        The rain causes deaths by flooding yet it also waters our crops. You dont need to inspect the rain drops to know this is a fact. The poster didn't discuss a need to decrypt e2e, other than the point made that that you can't know which is which.

      2. jmch Silver badge

        Re: Sigh

        "our technology is effectively useless at telling the difference between baddies and goodies"

        "until proven otherwise the "baddies" are actually innocent citizens and the only way the government can ensure to listen in to these "baddies" is by listening in to everyone"

        Guys (or girls), you're actually saying the same thing in different words!

      3. Schultz
        Stop

        Re: Sigh

        One person's baddy is another person's hero. Think about the French revolution, the US independence, the French resistance, the US civil rights movement, ... you get the picture.

        Fact is, if you give the people in power too much power, you might lock in a situation that is quite unpleasant for a majority (or minority). Will you allow others to do what they think is the right thing ? Do you expect to have the right to do the right thing when the majority (or those in power) disagree with you?

        Those are very fundamental questions that might not seem to matter much -- until they matter very much. I think it's worthwhile to protect basic freedom and privacy even if this translates into a small risk of baddies doing bad things. there is never absolute security and trying to get it will destroy our liberal democracies.

    2. Warm Braw

      Re: Sigh

      The problem is that our technology is effectively useless at telling the difference between baddies and goodies

      If it could tell the difference, it, too, would be outlawed. Staying in power depends, at least partly, on being able to present yourself as a defence against a threat. If the threat doesn't exist, or you are the threat, an independent and reliable arbitrator of threat might rather undermine your position.

      Always remember whose safety comes first.

    3. Anonymous Coward
      Anonymous Coward

      Re: Banning counting to 4.

      By all means. Ban the use case. But to ban the actual existence of, numbers, is troublesome.

      1. Kiwi
        Black Helicopters

        Re: Banning counting to 4.

        By all means. Ban the use case. But to ban the actual existence of, numbers, is troublesome.

        An outright ban may not work - aside from the financial upheaval a lot of companies would suffer, and the US as a whole (think Amazon and Ebay no longer being able to do online transactions while ALiExpress is free to continue), the first political party to offer to change the law would be gauranteed a win at the next election, even if it's some dude in mom's basement who never did anything more political than choosing pepsi over coke[1] before forming a party.

        No, what will be more effective is to associate it with whoever is the current nasty (TNOTD); the current enemy. It could even be done on a state-by-state basis - I'm sure in California if you say "Only fags and paedos use encryption" its use would probably quadruple over night, but in other states that would see the next person to even turn on a computer getting lynched. Perhaps "Big Oil supports encryption" would work in Cali? Or "Big Beef"? "Farmers use encryption so you don't know which of their cute baby lambs is about to be sent to the meatworks to be tortured to death"? Dunno - but you get the idea.

        You could use the Creation/"evilution" divide in other areas.. "Evil cretinous Creationists use encryption to discuss with each other how they can corrupt your kids" on one side and "Evil demonic evilutionists use encryption to keep their secrets from good God-fearing christians about how they're planning to plant anti-Creation corruption in school textbooks!" on the other.

        Associate it with the enemy of the state[2], and associate it's use with supporting that enemy, and you won't really need to ban it - people can be very easily manipulated into supporting certain things. 50 years ago it was right to beat up gays, today it's right to beat up those who merely use the wrong words around gays. Us humans are very quick to viciously support what we believe is right, and many of us will simply follow the majority belief without even noticing how, over a few years or a few hours, subtle changes to TV programming and other things has 180'd our beliefs on a certain subject. We beat electricity at taking the path of least resistance (or is it 'the path of least intelligence'?)

        Make society think encryption is bad, and whoever speaks out in support of it has a secret agenda to hide the enemie's actions, and we'll trample each other in our rush to stop them speaking on anything ever again :(

        [1] The order is no inference of preference - I actually dislike both brands equally.

        [2] 'state' as in Florida, Cali etc etc, not 'state' as in nation

      2. MrDamage Silver badge

        Re: Banning counting to 4.

        Five is right out!

        1. Kiwi

          Re: Banning counting to 4.

          Five is right out!

          Much better to be 'right out' then 'left out'

    4. Dan 55 Silver badge

      Re: Sigh

      The problem is that our technology is effectively useless at telling the difference between baddies and goodies.

      We are also at the point where goodies could quite easily become baddies. It's already happened in Turkey and Hungary, and it won't take many more years of popularism for it happen in the UK and the US. A pretty good indicator is when they start saying "let's ban this type of encryption" and that itself is a pretty good reason to keep it.

      The only way the Internet can move forward on security and policing is through strong social leadership, build a concensus, so that everyone (citizens, service providers and law enforcement agencies) is minded to move in the same direction (whatever that should be).

      As for consensus, I don't see that happening any time soon, popularism works by dividing people.

      1. Claptrap314 Silver badge

        Re: Sigh

        Are you including anyone to the right of Antifa as populists? Because when I see the list of authors and organizations being hit with deplatforming and the worse on this day, I count WAY more on the vaguely right than on the left.

    5. Christoph

      Re: Sigh

      "The problem is that our technology is effectively useless at telling the difference between baddies and goodies.

      When the people who take hundreds of small children away from their parents and jam them in crowded unsanitary cages in concentration camps are classed as 'goodies', it gets pretty difficult to tell the difference in the real world as well.

      1. stiine Silver badge
        Childcatcher

        Re: Sigh

        Those who do not learn history are doomed to repeat it.

        You should take this to heart.

        1. Mark 85

          Re: Sigh

          Those who do not learn history are doomed to repeat it.

          You should take this to heart.

          Not just the people. The government should. Those running seem to think they're special.

          Now if "they" encryption, will all government officials elected and otherwise follow suit? They damn well should, actually they should be the first.

          1. Kiwi

            Re: Sigh

            Now if "they" encryption, will all government officials elected and otherwise follow suit? They damn well should, actually they should be the first.

            My feelings on the politicians who are supporting NZ's current 'euthanasia' bill - the politicians who support it should lead by example.

            My reason for being against this bill is simply due to the number of "utterly useless" people who "should be put out of our their misery" who have much to offer. The law may initially be set for only those in the last stages of a terminal illness, but give it a week and there'll be people clamouring all over ways to get the law altered to let in a different class of people.

            [Ok, so do I get a prize or a boot for drifting so far off topic? :( ]

            1. Loyal Commenter Silver badge

              Re: Sigh

              You get a prize for the most egregious use of the slippery slope fallacy of the day.

              Whatever your opinions on euthanasia (which are undoubtedly, far, far off-topic), the (overwhelming) evidence from the coutries where it has been legalised shows that what you are railing against doesn't happen.

              Besides, if a government wants to get rid of people, it finds other ways of doing so that are less public. For example, Nazi death camps were kept secret for quite a while before people really knew what was going on, and most people thought reports coming from them were massive exaggerations right up until the point the first camps were liberated. And that was from a government that actively and publicly made a point of declaring those people in question "untermenschen", and was exterminating whole populations in their millions.

              Modern governments just find more subtle ways of doing it, such as declaring disabled people "fit to work" and withdrwing their benefits and lettng them starve to death.

              1. Kiwi

                Re: Sigh

                You get a prize for the most egregious use of the slippery slope fallacy of the day.

                Whatever your opinions on euthanasia (which are undoubtedly, far, far off-topic), the (overwhelming) evidence from the coutries where it has been legalised shows that what you are railing against doesn't happen.

                Yeah. No government would ever give the public what they're asking for!

                I think a part of my thinking comes from reading an article in a Doctor's waiting room some time back, one of the earlier appearances of it in NZ. A woman was talking about how her 11yo son had epilepsy and would sometimes have several seizures in a week. She wanted the right to have him euthanasia.

                I asked my mom about this as I didn't know what the word meant, and my dad also had seizures from time to time. I was only around 9 or 10 and while I knew the practice I didn't know the term. I remember being disgusted that a mother could be so selfish she wanted to end the life of her son, and that she would treat her kid like a food animal.

                I also do see this from time to time with those I care for. Loving kids (adults often in their 30s, some in their 20s) who, not realising I'm following them out of the properly for whatever reason, talk about how much their parent is a burden and they really should just "hurry the fuck up and die" and "mum should stop being a selfish old bitch and quit hanging on to life".

                This is why you find a lot of people who care for the elderly are against and dread such laws, because yes the scope does widen. And it's not like anyone in this world has ever been talked into faking pain for another's gain before. I know elderly people who signed all the paperwork to stop getting the care we provide, and in many cases I've gone in for a friendly visit a few days later and found that no-one is taking care of them, and it turns out the children pressured them to give up the care but the children themselves are not going to be there. In one case it'd been 2 or 3 days since the patient had eaten, or been changed (thankfully we have some 'elder abuse' laws coming in that may help with some of this stuff).

                I also understand chronic pain, being born as one of those whose genes conspire, from an early age, to cause various deformities or faults in the body that lead to severe pain. I've seen many brands of strong painkillers come and go in my time. Very fortunate to live in a place like NZ where preschoolers can be given decent pain medication (yes, no hope of my condition improving - but my parents taught me there is so much more to life).

      2. Claptrap314 Silver badge

        Re: Sigh

        You know that the JDL has called out AOC for this vicious trivialization of the holocaust? You commit a crime, you can expect to lose access to your kids.

        1. Kiwi
          WTF?

          Re: Sigh

          You commit a crime, you can expect to lose access to your kids.

          So the kids should be put into those situations for the perceived crimes of their parents?

          Before and form of 'due process' or judgement is involved to even determine if there was a crime? Before the parents have been found guilty?

          Please tell me you don't think that because someone may somehow "trivialise the holocaust" by comparing it to this current activity that the current stuff is somehow justified?

        2. Christoph

          Re: Sigh

          You make a perfectly legal application for asylum, you can expect your innocent children to be traumatised and brutalised?

          How can you bear to look at yourself in a mirror? Or don't you cast a reflection?

        3. MJB7
          Headmaster

          Re: "trivialization of the holocaust"

          You do know that concentration camps are not exclusively associated with the Holocaust? In fact they were invented by the British in South Africa to keep the Boers under control. The comparison with those camps seems entirely apt.

          1. hplasm
            Headmaster

            Re: "trivialization of the holocaust"

            Actually the Spanish were first, but the British were quick learners...

            Your point still stands.

    6. Andrew Commons

      Goodies and Baddies

      Telling the difference between 'goodies' and 'baddies' when dealing with encrypted traffic is nothing new. The same problem has existed with physical messaging forever, that's why the plain brown paper envelope was invented. More recently we have "burner" phones. Traffic analysis can potentially fingerprint software but sticking with widely used applications provides the anonymous envelope.

      Traditional methods, such as human intelligence sources, still work but scaling them to deal with the Internet is the unsolved problem.

      1. Kiwi

        Re: Goodies and Baddies

        scaling them to deal with the Internet is the unsolved problem.

        Actually I think the solution has been dealt with and has been obvious for a very long time.

        Deal only with real information, treat the rest as noise. 'Terrywrists' have all sorts of ways of hiding their true intentions - look at what we had here in Christchurch just a few months back. The entire "5 Eyes" system could not pick him up (assuming of course he really was as claimed) despite any chatter there may have been (including his travel history, 'social media postings' etc etc).

        A single person can do a lot of damage without raising alarms (he says, as watchers start to turn their eyes towards him wondering how much he knows and what he is capable of). I have a background in chemistry and electronics, making a bomb with a timer isn't beyond me - in fact in the last few days I've read an article on the Wellington Trades Hall bombing and where it's claimed the bomb used a lot of skill to make to me it's trivial - a battery, an old oven timer (used to arm the bomb after a certain amount of time had passed) and a mercury switch to trigger it when someone picked up the briefcase it was in. An unidentified explosive (probably household kitchen chemicals I expect) and common soft-drink bottles filled with petrol for an incendiary effect. Most people here could build this in an afternoon without much thought. I don't know/don't recall what the detonator was, but my experience with electrical accidents (and seeing ceramic capacitors go up in showers of sparks, signal diodes glowing hot enough to scorch the underlying circuit board, Philips K9 tv's with flame-burnt boards where a dry joint on a power transformer drew an arc that caused enough heat for the board to ignite (and knowing of at least 2 house fires to have been caused by the same fault) - I know lots of ways electronics turn flammable.

        I could also find people with similar interests and never actually discuss plans or meetings online (sorry Charles, I grew up gay when it was illegal (and I could've been committed to a psych institute just for having the feelings) and I grew up gay in a very small conservative town - yet I did alright for "fun" - I know full well how to get around the 'first contact problem'). The local library likely still has many books on chemistry where I could learn to make explosives but if not, you know the "Material Safety Data Sheets" that come with certain chemical products? Well, if you ever want to get some ideas for 'interesting accidents in your kitchen', just start looking up some of those. A big part of the "safety" is warning you what NOT to mix with certain chemicals, or how NOT to store them - and why (at least when I last read any).

        TL;DR Trying to track what everyone is saying is bad, tracking only those who pose a real interest is what gets you important knowledge. Most people's browsing history - even those interested in 'fun pyrotechnics you can make in your kitchen' is just going to be noise that detracts from searching for the real threats, so the simple solution is not to even collect that data. The internet is just a smoke-screen that should always have been ignored, traditional intel methods are the only things that work.

        1. RunawayLoop

          Re: Goodies and Baddies

          Wow that's quite a lot of information. Assuming you are in NZ (via your reference to the Wellington something or other) I'd be careful if I was you given one of your (presumably) fellow countrymen being jailed for simply sharing a link to a video (albeit a link to arguably objectionable material).

          1. Kiwi
            Pint

            Re: Goodies and Baddies

            Yup - Kiwi born and bred.

            Not far from Wellington, in fact I was twice past the Trades Hall just this last week - never even knew where it was till a newspaper article on it a few days back (stuff.co.nz if you wanna look more into it - I think they had pictures of a copy of the bomb on there as well - I block their BS JS so only going by captions)

            We're only at the level of what is (or at least used to be) taught in the school science and home-economics classes (eg "don't mix bleach and other cleaners"), accentuated by a little experience (SHIT! Mixing up those PSU cables[1] made that little cap give off one hell of a shower of sparks!) and a little too much thinking :)

            [1] I had 2 computers, one with 2x IIRC 4 pin PSU cables (back in the pre-ATX days when you had 2 cables that were identical in plug shape) and one 5pin+3pin cable. One computer had it's PSU disconnected for some reason, and so I reasoned that the other one probably matched it - all the black or all the red wires in the middle. One of the two machines had a NEC board in it. Suffice to say I was wrong, and my first ever PSU connection on a PC resulted in my getting an education about just how energetically a tiny little blue ceramic capacitor (roughly the size of those bright plastic pin heads) could explode. Imagine if I'd just given the board a quick clean with IPA and it was still wet in that area... (ok maybe not enough to cause a fire, but the flare would've been at least equivalent of 4 or 5 Bryant & May match heads going off at once)

    7. Charlie Clark Silver badge

      Re: Sigh

      The only way the Internet can move forward on security and policing is through strong social leadership, build a concensus, so that everyone (citizens, service providers and law enforcement agencies) is minded to move in the same direction

      I can't see that happening. Ever. Most of the citizenry couldn't give a shit and even when it does, it rarely understands the details and is easily side-tracked. This is why lobbies are so powerful and so well-paid. If the citizenry is getting bolshy just get a PAC to run some commercials suggesting that "X" is putting the lives of children in danger and watch them recoil in horror.

  3. Blockchain commentard

    New standard for encryption - the USA method. The Useless, Stupid Algorithm method.

    1. Kiwi
      Coat

      New standard for encryption - the USA method. The Useless, Stupid Algorithm method.

      And why not? It seems to have worked well for their prez!...

    2. Anonymous Coward
      Anonymous Coward

      I see your USA and raise you one FREEDOM*

      Yeah, good luck with that crap :P

      *Federal Reversibility-Enhanced Evil-proof Data Obfuscation Method

  4. Anonymous Coward
    Anonymous Coward

    OK...so public encryption gets banned...

    ....and privacy-minded guys (good and bad) just get on with their own business using modest, unknown, home-brewed ciphers. Here's a sample of what the so-called white hats at the NSA will read when they "decrypt" a message sent across their now insecure public channel.

    *

    There's also the assumption that all this is going on via point-to-point channels (email, mobile phones, etc) where the white hats can identify the sender and the recipient. Of course, communication by USENET, or using the good offices of The Register (as here), all make that assumption moot too!

    *

    (P.S. the key is "brain678")

    1QeU0$jB1lO21BAY0ZO41ivW1SC20Xjr1RGr1oYQ

    0yxN0Gn40njZ0PU20YX80pKm14o80OVc0smK0ra4

    0E7w112A1SPW1DCK1Hqe0AIQ0Rhi0=t40rj506uV

    0QwH0Jh80Mfy1Ntg1AUH1dKA1nL30cck18AO1aF=

    1OdO0MBi0skv0pbC1Hm90oUj02mU0Xqc0gvg1Mgp

    1ePd0Tfr003h1Q9m0IEG1W1O1aw$0ung0Nv51q2B

    1CBE1jyE0ULm1Mex0gHv1dq20O4K1PGS0u$d1atg

    1IRs0vqn0Dfj073T0TK30yd80ya11lS4141u10TT

    0qCi0ZEq0VJg0Kr600mT0Jh30KSb0pq80IdO1fTd

    0MOH013I07$A1Ma$0TUC

    1. Anonymous Coward
      Anonymous Coward

      Re: OK...so public encryption gets banned...

      The issue is trust. We presently have a reasonable stable system which has people actively digging for weaknesses which then get published (OK, that's an assumption, so let's add "most of the time" - an assumption in itself but borne out by recent publications of issues), and people coming up with new approaches such as elliptic curve which then get a good shakedown in that community.

      In other words, the openness and collaborative/competitive nature engenders good protection that you get get secondary opinions on, and there's a good standard of quality of which you can base a risk assessment that says "yeah, we're OK with this, if we have really scary/expensive/secret things to transmit we may need to go deeper, but we can live with this"

      If you want to lower that standard, you change the risk equation, and that results in a lot more problems as well as a FAR higher cost as you have somehow cover the resulting exposure. Given that even with today's theoretical standards we see seriously shoddy real life implementations (witness all the exposures), LOWERING standards an any aspect of the chain of trust is world's worst idea ever.

      But hey, that would be the logical conclusion. The political, backstabbing, point scoring and fake expertise conclusion clearly differs. And those idiots get to write laws.

      To me, that's yet another argument to make sure that the US influence over the rest of the world is curtailed. There's no reason for the rest of the world to be torn down with it, there's far too much leverage and dependency as there is.

      1. Anonymous Coward
        Anonymous Coward

        Re: OK...so public encryption gets banned...

        "To me, that's yet another argument to make sure that the US influence over the rest of the world is curtailed. There's no reason for the rest of the world to be torn down with it, there's far too much leverage and dependency as there is."

        The last attempt by the US Government in slightly saner political times was Clipper.

        Arguably Clipper was the cause of the greatest leap forward on encryption/privacy in the last 50 years as it caused many of the existing flaws to be exposed, 3DES mandated and DES quickly dropped and a non-US standard (AES) algorithm to rapidly emerge with comprehensive testing and little government interference relative to DES/3DES. My summary - as always, there are more subtleties in the details around usage and export restrictions.

        A similar effort (and I realize it is likely to take 5-10 years assuming there is something close to usable already) could potentially provide the next 20 years of confidence in encryption integrity.

        Never underestimate the ability for government policy to result in unintended consequences.

        1. Claptrap314 Silver badge

          Re: OK...so public encryption gets banned...

          I don't know that Clipper really had the good impacts you credit it. We still don't know that 3DES is really worth the effort, for instance. As for the US government "interference" with DES, the world finally figured out a decade or so ago WHY 16 rounds was useless compared to twelve.

          BTW, things have changed, but the fact that the NSA discovered that attack against DES in time to influence the standard verse how long it took the rest of the world should go a long ways toward humbling these homebrew experts.

          1. Anonymous Coward
            Anonymous Coward

            Re: OK...so public encryption gets banned...

            My take on Clipper covering the use of DES, discovery of weaknesses, attempt to move to Skipjack and subsequent release of 3DES/AES:

            - DES was introduced in the 1970's

            - differential cryptanalysis meant that DES was likely broken in the late 1980's with formal proof published in 1992.

            - In 1993, DES was the standard for export grade encryption with 3DES used by the US

            - Skipjack/Clipper was proposed as a replacement to DES and was stronger in theory due to a slightly longer key length (80 bits) but allowed for a key escrow method for law enforcement to easily obtain the key

            - Between 1993 and 1998 significant effort was put into proving DES was broken and developing a replacement.

            - the first 3DES RFC was released in 1995.

            - In 1998, Skipjack was formally published and broken within 24 hours.

            - in 1998, 3DES was formally published as part on a US effort to provide a secure alternative to DES

            - in 1998, AES was formally published as part on an international effort to provide an Internationally approved encryption standard

            - in 2000, export restrictions on 3DES were significantly relaxed for western countries. Given the widespread availability of 3DES hardware, this was likely a move to avoid AES becoming the international encryption standard before weaknesses were known although AES hardware was more expensive than the 3DES equivalent so this is speculation on my part.

            That was an awful lot of activity within the space of 5 years - look how far we have progressed in the 20 years leading up to the 19990's and the 20 years since then (increased key lengths, but these were largely known at the time, moved from SHA1 to SHA2 but again this was largely known in the late 90's with the official release following further analysis and ECC).

            I'm not trying to downplay the work in this field because the their has been a lot done in establishing encryption strength and searching for weaknesses that has re-affirmed our trust in the standards used, but compared to a period of almost blind panic when the US governments plans for secure encryption were dictated by industry and the international community rather than US internal policies and strategies for weakening encryption with Clipper.

    2. Claptrap314 Silver badge

      Re: OK...so public encryption gets banned...

      We keep having this discussion. Math is hard. Crypto math is really hard. Those of us who have the chops to be able to learn how to create a decent cypher know that what the people who actually are making them do--they work in teams, and they have other teams check their work.

      PLEASE don't rely on anything home-grown as being secure as a cypher.

      1. Anonymous Coward
        Anonymous Coward

        Re: OK...so public encryption gets banned...

        @claptrap314

        ....but then again no one knows what one of the Beale papers actually says. Book cipher, a hundred and fifty years old.....and also "home-grown"....and not "math" and not "crypto" (as understood today).

        *

        What was that you were saying about "home-grown", "math", "crypto"?

        1. Claptrap314 Silver badge

          Re: OK...so public encryption gets banned...

          What are you responding to? Those ...'s are confusing me.

          But we know how to attack book ciphers. Furthermore, we have all the the books scanned.

      2. Loyal Commenter Silver badge

        Re: OK...so public encryption gets banned...

        PLEASE don't rely on anything home-grown as being secure as a cypher.

        No need, there are plenty of algorithms out there that are (currently) secure. If the US govt or any other starts demanding back-doors in commercial products, then you can switch to a reference implementation of one of those algos and not give any keys to the government - where's their back-door then?

        1. Claptrap314 Silver badge

          Re: OK...so public encryption gets banned...

          No argument here. I was responding to a particular post.

          1. Loyal Commenter Silver badge

            Re: OK...so public encryption gets banned...

            ..and you were absolutely right. I was commenting on general on the triviality of circumventing back-doored encryption without the need to hand-roll your algorithm.

            It's worth restating your point, though. It can't be said often enough - don't roll your own encryption. You might be able to come up with something you can't find a way to break, just like all the authors of all those broken algorithms in the past. That doesn't mean someone cleverer than you won't come along and break it, and it's hubris in the extreme to assume that smarter-than-you person doesn't exist.

            There's a good discussion here, of exactly why:

            https://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own

            Or... just read Bruce Schneier's blog...

  5. Bush_rat

    Or...

    Instead of undermining the safety and security of every citizen on Earth for the sake of law enforcement laziness, how about they save a few pennies and build a collosal set of supercomputing clusters and put some work in. If the governemt wants encryption to be used that only they can break, then make use of the only tool they have that the world's criminals don't: taxpayer dollars and unlimited land to build Mecha-PC 1.

    1. Claptrap314 Silver badge

      Re: Or...

      Actually, that doesn't cut it. It's not that hard to create a keyspace that it too large to brute force for X $. And X really is finite, btw.

      What you do is get a warrant and attack one endpoint or the other. But that involves real police work, and these jokers are allergic.

      1. Kiwi

        Re: Or...

        What you do is get a warrant and attack one endpoint or the other. But that involves real police work, and these jokers are allergic.

        Yup.

        How many crime 'rings' have been undone because one person came to the attention of the police, and that same one person , despite having the best tools and training etc, kept easily locatable contact lists and other stuff in convenient locations on their computer or around their home?[1]

        I can't recall a single actual case where listening to every conversation and breaking crypto would've prevented a crime, but I can think of many where 'stupid is as stupid does' ended a "vast criminal empire".

        [1] This is why I'd never be a criminal mastermind, I draw way too much attention publicly and probably exist one every watch list ever conceived. Probably makes me a good waste of resources as well, as while they again pore over[2] all of my El Reg posts in case there really is something of interest after all, someone else is being ignored who perhaps warrants a bit of extra attention.

        [2] I see I'm far from the only one to have pondered if it's 'pore' or 'pour', and duckduck'ed to confirm.

  6. Teiwaz

    The problem is that our technology is effectively useless at telling the difference between baddies and goodies.

    Our civilisation has the same problem, and in many cases, whether you are classed as baddie or goodie depends on whose point of view.

    Governments don't like to think of themselves as repressive, but some are, (and most are to some extent). While I don't doubt they'll all happily mandate official uses of encryption in the cases of financial transactions and National Security, banning non-mandated use plays into the rhetoric of repressive regimes.

    1. Muscleguy

      Exactly, I’m a Left Wing Yes campaigner here in Scotland and a paid up member of Scottish CND. To many here in Scotland that makes me a good guy but to HMG I’m definitely a baddie. Like that dress some see my hat as white and me with a smile while others see a black hat and a snarl.

      There will always be someone to whom your views are inimical and who you do not want to give access to your private files. I’m sure most of the boys and girls at GCHQ think they’re good guys and gals but I see them with at best grey hats. Stay out of my phone people.

      1. Anonymous Coward
        Anonymous Coward

        The technical people at GCHQ may think they are the good guys, but from what I've been told, the management are ruthless promotion seekers who will say anything that gets budget and political visibility.

        I imagine this goes for every secret and not so secret intelligence service from the FSB to the CIA.

        That.s the real reason they need to be kept under check.

        See also politicians.

        1. Kiwi
          Coat

          That.s the real reason they need to be kept under check.

          See also politicians.

          Actually, I'd really rather not keep politicians under check..

          Reminds me, I need to dig a new longdrop....

      2. Kiwi

        I’m sure most of the boys and girls at GCHQ think they’re good guys and gals but I see them with at best grey hats.

        Actually TBH I think almost all of them are white hats.

        Unfortunately, they work in a dark environment with dark stuff and shady characters, and that darkness stains their hats to the point they wouldn't even recognise themselves if they looked in the mirror - in fact many probably think there's a portrait in their bathrooms of their darkest enemy, not ever even contemplating it's a mirror :)

    2. Anonymous Coward
      Anonymous Coward

      Governments don't like to think of themselves as repressive

      ALL governments are repressive, whenever you have means and apply them to force somebody to do something, or prevent them doing something, you're being repressive.

      p.s. I'm not arguing it's bad or good, just petty about the word "some" (some are).

      1. bazza Silver badge

        Re: Governments don't like to think of themselves as repressive

        That's not technically correct.

        Most democratic countries have a clear separation between legislature / executive (which is the elected government) and the judiciary (which is definitely not the elected government). The legislature sets the laws, reflecting the majority view of the people according to the mandate they stood for election on, but has no power or very limited powers to enforce them. The executive may very well pay for the police, but it's the judiciary that are the only ones that can actually hand out sentences (i.e. the repression). And not all laws passed by the legislature survive the withering gaze of the judiciary. The role of a free press is that should politicians show undue intent to deviate away from their electoral mandate or from general democratic principles, everyone will get to read about it in the papers so that they can sharpen their pitchforks in good time for the protest on the next sunny weekend.

        Some countries with a democracy surfeit, e.g. the USA, politically appoints various parts of its judiciary (e.g. the Supreme Court).

        And finally, governments in settled democracies would have an awfully difficult time actually stoking up large scale repression. They'd need the police to go out and do something they'd know will be very unpopular, knowing that it might be hard to get served an untainted pint in a pub forevermore. Something of a dissuader I should think, wondering what's lurking below the froth of one's Guinness.

        So it's actually quite difficult for a democratic government to be truly repressive. The idea is that you don't vote in politicians that have objectionable levels of repression in mind in the first place. That does happen now and again though - Germany 1933 for instance...

        Mind how you vote.

        1. Ptol

          Re: Governments don't like to think of themselves as repressive

          "And finally, governments in settled democracies would have an awfully difficult time actually stoking up large scale repression. They'd need the police to go out and do something they'd know will be very unpopular"

          The Miners strike in the 1980's showed that the UK police are surprisingly happy to be the government enforcers. Good pay rises above inflation, plenty of overtime, no accountability and a selective blind eye and media quite happy to tow the government story and respin stories in deceptive ways all led to a police quite happy to use violence against peaceful protests.

          1. elgarak1

            Re: Governments don't like to think of themselves as repressive

            "Surprisingly"? There's nothing surprising about it. Give some random guys a badge, and let them go unchecked. It's not that we (humanity) haven't had done THAT experiment often enough. As mentioned, Hitler 1933 is the prime source for that.

          2. Loyal Commenter Silver badge

            Re: Governments don't like to think of themselves as repressive

            The Miners strike in the 1980's showed that the UK police are surprisingly happy to be the government enforcers.

            From various things I've heard, the government at the time were also surprisingly happy to give people who weren't police officers uniforms and batons and let them have a free reign. Lets not start witht he reputation of West Yorkshire plod though; there seem to have been several indiscretions there in that particular decade...

        2. Kiwi

          Re: Governments don't like to think of themselves as repressive

          So it's actually quite difficult for a democratic government to be truly repressive.

          Actually it's trivial for a government to be repressive. I grew up under the anti-gay laws in the 70's and 80's, but for a much better example of 'repression' - just look at the sheer amount of anti 'freedom of speech' stuff that's coming in now. Not just in law, but also in social media - Have a very popular YT video and say you felt uncomfortable seeing a whole lot of guys prancing around nearly naked in public? Sorry, no more YT for you. Want to speak out against the terror that's being promoted with 'Climate Change' (and I mean 'terror' as in "we have to urgently do something very drastic right now without stopping to think about it, regardless of the cost or harm"[1]), or even promote different ways to combat climate issues? Sorry, not allowed.

          I want to be able to speak my mind, pro-gay pro-life young-earth Creationist pro-carbon anti-pollution pro-clean energy. That means if you're anti-Christian, pro-babymurder, pro-climate change, viciously anti-gay then I have to let you have a platform as well. But today - well look at what we have going on. It is socially unacceptable to speak out against or for certain things, and we have a large portion of the public screaming for law changes to make expressing the opposing side's view illegal.

          The government merely has to give society what society is screaming for, and very soon they'll be cheered for executing people who're standing up for the views our fathers and grandfathers went to war to support only a couple of generations ago :(

          [1] Wise up - "Carbon Zero" = "Life Zero" - get rid of plastics and other pollutants sure, but we depend on carbon nearly as much as we depend on clean water - take either one out of the environment and all life on earth dies

          1. STOP_FORTH Silver badge
            Boffin

            Up to a point, Lord Copper

            Apparently I am about 18.5% carbon. I'd like to keep it, please.

        3. Loyal Commenter Silver badge

          Re: Governments don't like to think of themselves as repressive

          That does happen now and again though - Germany 1933 for instance...

          ...and worth pointing out that one of the first things they did was to get rid of the independent judiciary.

          A little off topic, but remind me again which national newspaper in recent years branded judges as "enemies of the people"? Was it the same national newspaper that ran with another famous headline in the 1930s, "hurrah for the blackshirts"? Just goes to show you that there will always be a certain kind of person around...

        4. kiwimuso

          Re: Governments don't like to think of themselves as repressive

          @bazza

          "The legislature sets the laws, reflecting the majority view of the people according to the mandate they stood for election on...."

          Ah, there's your big mistake. They SAY they're representing their electorate, but, but, but, do they always!

  7. jpo234

    Would this be compatible with the constitution?

    1. scrubber

      Compatible with what now?

      That ship sailed a long time ago.

      USA PATRIOT Act, NDAA 11+, torture, border searches up to 100 miles from any border, civil asset forfeiture, war crimes, not prosecuting or investigating war crimes, executive branch able to declare and launch war, no congressional oversight, overuse of the espionage act, criminalisation and demonisation of reporters, free speech zones, etc.

    2. Claptrap314 Silver badge

      Depends. Do you mean that contract drawn up hundreds of years ago by a bunch of white slave owners or do you mean what the majority of the Enlightened Nine grace the rest of us with?

      If the former, then h*** no. They were a bunch of ready revolutionaries, and the Jefferson cypher is STILL a really good device, if handled properly.

      If the latter, then yeah. Between upholding the ITAR (in which the government can pretty much ban civilian access munitions if it can cross the border) and ACA (in which the government can force you to purchase a product that you do not want), we're done.

  8. Fred Flintstone Gold badge

    Ah, the ever persistent cycle of bad ideas..

    Is it 7 years already? That seems to be the average time that bad ideas are taken off the shelf, dusted off, given a bit of polish and presented as absolutely new and revolutionary without ANY, and I mean ANY consideration to the logic behind the idea or why it didn't happen 7 years ago either.

    In this case, lowering encryption quality. This is one of the easiest to translate into real world equivalents: are you really proposing that we should use cheap, badly working locks for our houses to help fight crime? Even the fact that it is at least different to the NO locks idea (backdoors) is not enough to make it acceptable, no, wait, let me call a spade a spade: it's utterly boneheaded stupid.

    Honestly, the mere fact that some idiot deems it safe to table such an idea again is a red flag.

    In certain governments, due to turnover, there is apparently one appointed every minute.

    1. Doctor Syntax Silver badge

      Re: Ah, the ever persistent cycle of bad ideas..

      I don't think it's even a persistent cycle, just ongoing persistence. They know they only have to succeed once but we have to succeed every time.

  9. Big_Boomer

    So, it seems that American politicians store their heads in their asses (arses for UK politicians) as well. I guess that's why they all seem to spout sh!t whenever they open their mouths. Government by dumbf**ks seems to be the wave of the future so I guess we should just get used to it. Given recent election results I am beginning to believe that Peak Humanity has passed and it's all downhill from here.

    1. Anonymous Coward
      Anonymous Coward

      Every civilisation has had people who thought we were on the way down.

      However, given that we have the ability to wipe out almost all chordate life on this planet, this time they may be right.

      1. Anonymous Coward
        Anonymous Coward

        No worries.

        The recent "we must protect ourselves from asteroids" malarkey, is no doubt going to change the risk of extinction...

        ... by giving the wrong person access to the tool to cause an asteroid to hit us.

        Risk of a planet ending collision, 0.00001%. Risk of some human messing up and causing one, 50/50.

  10. Will Godfrey Silver badge
    FAIL

    Usual Story

    No matter what they say, such a move would have no effect at all on any real baddies, but would put everyone one else at serious risk.

    As a comparison, in the UK guns are very tightly controlled and licensed, yet still the crims seem to get them, and in central London (the most watched city in the UK - and possibly the world) there has been an increase in gun crime, including multiple murders.

    P.S. I'm not advocating letting everyone have guns, just pointing out that prohibitions don't work.

    1. Dan 55 Silver badge

      Re: Usual Story

      I think London's case is perhaps more due to the police's budget being slashed and burned over the past decade.

    2. Blockchain commentard

      Re: Usual Story

      Someone should point that out to Trump - when they banned alcohol, everyone carried on drinking and it led to the rise of organised crime.

      1. Anonymous Coward
        Anonymous Coward

        Re: Usual Story

        Careful equating alcohol/drug prohibition with gun prohibition.

        Alcohol/drug use and abuse often mask untreated mental illness, so removing these "treatments" often results in a large grey/black market. In particular, it forces a significant portion of the population to choose to partake in criminal activities for what they consider normal past times.

        Guns used for suicide/domestic disputes (the most significant causes of gun deaths in the US - suicides alone outweigh homicides) significantly drop with gun bans as evidenced by suicide by gunshot rates globally.

        Gun deaths caused by homicides, particularly with stolen/illegally obtained/unregistered/illegal weapons aren't significantly impacted by gun prohibition, mainly because making something illegal only really affects those that abide by the law.

        The evidence from countries that have implemented gun bans is that the bans don't suddenly result in the majority of the population choosing to be criminals and if buy back schemes are implemented, the majority of the public choose to sell their weapons rather than break the law.

        1. iron

          Re: Usual Story

          I think he was equating alcohol prohibition with encryption prohibition, which was the subject of the debate not America's stupid gun laws.

        2. Charles 9

          Re: Usual Story

          Suicide's a tough one to pin down because those bent on doing it resort to what's available. The US is middle of the pack whereas two of the worst (Japan and especially South Korea) have very tight gun controls.

          1. Anonymous Coward
            Anonymous Coward

            Re: Usual Story

            Other suicide methods have both a higher bar to entry and a lower "success" rate.

            It takes a second and almost no effort at all to point a pistol at yourself and pull the trigger, leading to people killing themselves immediately when they hit a very low point, rather than having the time for reflection (do I really want to do this?) and opportunity for someone to interrupt and give them a reason to keep fighting.

          2. Kiwi

            Re: Usual Story

            Suicide's a tough one to pin down because those bent on doing it resort to what's available. The US is middle of the pack whereas two of the worst (Japan and especially South Korea) have very tight gun controls.

            I've heard it said that those who jump off a bridge to kill themselves yet survive realise on the way down how they can fix their problems and how they've made a very bad mistake.

            As the AC below mentioned, with guns it's much easier to kill yourself. I myself have been that low and have quite literally been standing on a cliff edge trying to determine if it was high enough or would I have a painful wait till the rising tide took me. If I'd had easy access to a gun I am quite certain that moment would've ended my life - a very bad argument 15 years ago with a very close friend that left me so upset I wanted to end it all.

            As was said, other methods have a higher 'bar for entry' and a lower success rate, and suicide probably very often is a heat-of-the-moment thing where, given the chance to think things over, the victim realises there's alternatives. I've known many who've tried and thankfully failed. In the cases I've known (including myself), 'sleeping on it' or delaying things has often lead to easy solutions (or realising the problem wasn't bad and perhaps could even be ignored) - given the chance to think things over we realise just how stupid/selfish we were. Guns don't give you that option :(

            1. Charles 9

              Re: Usual Story

              I disagree. The three preferred methods of suicide in the Far East (where guns aren't available) are vehicle encounters, self-defenestration, and poison/overdose. Of those, the first is usually pretty certain, especially if the vehicle in question is a train. For the second, a flat or head-first landing from at least 10 stories tends to assure results. The third is usually the choice of the infirm and elderly. Remember, they have much worse rates so they must know how to make it stick (South Korea is second worst in the world, INCLUDING the Third World).

              1. Kiwi

                Re: Usual Story

                The three preferred methods of suicide in the Far East (where guns aren't available) are vehicle encounters, self-defenestration, and poison/overdose. Of those, the first is usually pretty certain, especially if the vehicle in question is a train. For the second, a flat or head-first landing from at least 10 stories tends to assure results. The third is usually the choice of the infirm and elderly. Remember, they have much worse rates so they must know how to make it stick (South Korea is second worst in the world, INCLUDING the Third World).

                NZ is pretty much at the worst for youth suicide (according to our media/officials, but we're 53rd overall according to wikipedia), and I've spent my life in the at-risk populations (I mean being poor, white, male and gay - all our traditional suicide values).

                Vehicle encounters esp trains - From what I know it's rare in NZ but perhaps not unheard of, and perhaps a few 'accidents' weren't. However, in most countries trains run to a schedule and not exactly every minute although a busy line may only get a minute or two between trains. That does give a waiting time, and a waiting time is sometimes all it takes to change the mind.

                Self-defenestration - I'll consider jumping off a cliff to be pretty damned close to the same thing, after all it requires the same desire to overcome any fear of heights. It's also what I have personal experience with. Again, there is getting to the site (not so hard if you work in a 20 story building, bit harder if you live in an area with only 1-2 story buildings and no significant cliff for some distance) which gives time to think it over. In my case the cliff was a 10 minute drive and a 1 minute walk. The railway station and bridges over the tracks were closer, but I'd have had to wait for the trains so maybe the same amount of time. Our argument was later in the evening though, so perhaps I'd have had closer to an hour's wait. If I had've thought of jumping in front of a train then and the schedule was right, well maybe we wouldn't be talking now.

                Anyway.. I drove in a state mixed both between anger and upset. Something happened along the way to delay me which I won't go into here, but I still arrived at the cliff edge in a state where I was determined that I would die that night. I did take some time to decide if the cliff was high enough or not (probably wouldn't have been), or if I'd have enough damage done that I'd be taken by the next tide (I nearly drowned in a primary school pool accident - the idea absolutely terrifies me!), and this afforded me some thinking time.

                If I'd had a gun available, I would've gone to my room and used it. I have no doubt of that. He would've heard me tell him to fuck off out of my life, heard the door slam, then heard the bang. It also would've been done to hurt him (I can say that with some certainty given where I drove to).

                I've known a couple of people who've killed themselves and known others who have tried, some by hanging some by pills. Those who have failed have generally realised it was a bad idea - a moments upset would lead to the end of their life when issues can be overcome, or survived (I get chronic pain - but I'll pay that price that as being alive gives me time to enjoy with people I love - and yes the only way to end the pain completely is to end my life, I have considered that on many sleepless nights!).

                Guns are instant. The damage a bullet does if used right seldom leaves any room for ambiguity. Pills - minutes or hours to save a life. Hanging? Unless they break their neck, you've got a few minutes, and it takes a bit to get the rope, set it up and so on. Jumping? Instant death when they hit the ground perhaps, but there is the whole getting into position which takes time. Cutting/stabbing? Painful, takes some real desperation. Drowning? Lets not go there thanks!

                I can get upset, take some pills, maybe go to sleep in a few minutes or maybe longer, maybe die maybe not. I can walk/climb high enough to jump - but then I may not be upset any more. I can plan to jump in front of a train, but 2 minutes is enough to change a mind. I might think of someone out of the blue and realise there's other options. Cars are less likely to kill but more readily available, but I still have to get out to a road and psych myself up for it.

                A gun I can grab in anger and a second after touching it be dead, no time even to stop the semi automatic muscle movements I might've kicked off while my brain is raging and not thinking.

                Some stats I noted in the search results I glanced over before posting this (but didn't grab the link to - find it on DDG looking for "suicide stats") - in the USA suicide is now the leading cause of death (or one of them - but then that also depends on how tightly you break down cause of death stats) and over 50% of those use guns.

                I know more than I want to about suicide. My first real desire to try it was before my 9th birthday. I've lost friends to it, helped families of people I love clean up afterwards, and talked people out of it, some more than once.

                1. Charles 9

                  Re: Usual Story

                  I too am quite familiar with suicidal tendencies, and I've lived in the Far East. While suicide can be an impulse, those tend to be so brief that just the mere act of walking across the room can create second thoughts. The ones that don't tend to have reinforcement; time makes it worse, not better. And you don't need a gun to carry out that impulse, either; a sharp knife can do it, too; remember, two inches in the right spot is all it takes; cut the right place (not just the neck or wrists, either), you can bleed out in a few minutes. No, most suicides are slow boils: the popping of long-term pressures. That's why the suicide rates in Japan, South Korea, and even Scandinavia are so high; intense social pressure results in rejects, which often become breaking points.

                2. Intractable Potsherd
                  Thumb Up

                  Re: Usual Story

                  @Kiwi and Charles - your stories make me all the more glad to read your opinions. Best wishes to both of you for the future.

      2. Doctor Syntax Silver badge

        Re: Usual Story

        "Someone should point that out to Trump"

        No doubt he'd take note of the money to be made from it.

  11. Chris G

    The Great American Firewall

    (Others may be included)

    But the rest of the World will probably carry on with secure banking and trading while the US alliance will be targeted by every cyber criminal who wants to take a pop at making some money or screwing the US economy .

    I don't have time for a longer rant but everyone here knows how it goes anyway.

  12. YetAnotherJoeBlow

    That will work:

    Of course the baddies will immediately stop using strong crypto so world+dog can read their plans - they also

    wouldn't set up their own servers around the world for secured comms because doing so would be illegal.

    Of course, I'll delete all of my crypto repos (my life long work) and force my clients to do the same; then I'll close my business.

    It's never too late to shut the barn door even if its empty.

  13. Potemkine! Silver badge

    Witt perhaps saved his city a significant amount of money by meeting the demands rather than undergoing a prolonged restoration effort.

    BS - On the contrary, Witt marked his city as a first-class target, ready to pay for the next successful attack by a cryptolocker. That should happen in the next 3 months.

    1. Paul Crawford Silver badge

      Exactly. Also I though a major point of WSUS was to allow the rapid and near-automated deployment of a wipe/image cycle over a big estate of Windows machines? You know, just perfect for such a scenario...

      1. Kiwi
        Boffin

        Also I though a major point of WSUS was to allow the rapid and near-automated deployment of a wipe/image cycle over a big estate of Windows machines?

        Hell, you don't even need that much! When I had my shop I part-installed several instances of XP, Vista and 7. At the last installation reboot I powered off the machine, copied the disk into an image, and shoved the image onto the network behind a PXE-bootable cloning tool that could see the images. Clone the mostly-installed Windows to a new HDD, twiddle the partition sizes (pre-copy), good to go. (Could also use a Linux USB stick and gparted etc if the original plan didn't work).

        I do the same with VMs. Create a standard then clone that for actual use. (Probably harks back to my bad old days of copying audio tapes - make one copy of the original and put the original away, copy the copy, then only use the copy of the copy...)

        Of course, if they used a real OS, not that poofy pinko Windows, then they'd not have had the issue in the first place and could've rebuilt their systems from scratch in less time than it took to write the acceptance speech... (surely there'll be an award for bravely bowing to the criminal's demands, right?)

    2. Blazde Silver badge
      FAIL

      I can just about understand "pay the ransom to recover priceless data you stupidly didn't back up" but "pay the ransom, it's easier than restoring" is plain crazy. Apart from becoming a known mark, if you don't wipe and restore how do you even have any confidence the extorter is gone from your network?

      Fortunately the insurance companies should catch on soon enough..

    3. rg287 Silver badge

      Absolutely. One would hope that the insurance company have made abundantly clear that this is a one-time thing, that they will be providing no payout on subsequent incidents and that next year's premium will be calculated based on an audit of the city's new offline backup arrangement...

      1. Anonymous Coward
        Anonymous Coward

        After all, paying a ransom is a pre-existing insurance condition and won't be covered.

        It would sharpen the IT department (if it is a government organ) to have any ransom paid out of the future pension funds for said IT department, with a clawback feature for the legislature's salaries for not allocating sufficient funds for defense. Makes it pretty personal.

  14. Steve Kerr

    Welcome back

    New improved US encryption method just released, state of the art - ROT-13

    1. WonkoTheSane
      Headmaster

      Re: Welcome back

      I think you meant ROT-26

      1. Steve Kerr

        Re: Welcome back

        No, they will release that as the new improved version 3 years later.

        1. STOP_FORTH Silver badge
          Paris Hilton

          Re: Welcome back

          Ridiculous ROT-26 is not backwards compatible with ROT-13. This would be a huge amount of work. Use my new, improved ROT-13-Twice.

          I know Bruce Schneier says that everyone thinks they can design crypto that they can't break themselves, but I think this is rubbish so....it must be unbreakable?

  15. Doctor Syntax Silver badge

    "deploy only encryption, particular only end-to-end cryptography, that can be cracked by American law enforcement"

    This, of course, means they'll need to list encryption that they can break. By implication anything else woud be stuff they can't break. I'm sure a lot of people will be interested in that list.

    1. stiine Silver badge
      Unhappy

      You're mistakenly assuming that they're not going to flat-out lie.

  16. Velv
    Go

    Here's a proposal.

    I'll support Congress, Presidents, Governments etc passing any new law they like under one condition - the law only applies to them for the first 12 months of coming into force. We'll see how long such laws survive

    1. Kiwi
      Paris Hilton

      I'll support Congress, Presidents, Governments etc passing any new law they like under one condition - the law only applies to them for the first 12 months of coming into force. We'll see how long such laws survive

      They'll last a very long time. Free travel for life, tax exempt for family and friends for life, the ability to issue a pardon to whoever they want whenever they want for whatever they want - for life (think of the money and favours that power would earn them), instant automatic ownership of any property they want (unless someone else in the same scheme has already claimed ownership).

      No, you'll have to limit it to any laws that would be harmful to the man-in-the-street - and even then I can see a dozen ways they'd bring in the stuff I listed above. But there must be a way to close most of the loopholes (perhaps a clause that says "if you find a loophole in this law, the public gets to vote on if we get to put one in your head"?)

      1. Charles 9

        No, they'll just change the law to change the loophole. And sadly, nothing in the Constitution prevents this. Any Amendments that would actually get through would be to our detriment. Frankly, a long-term analysis would probably show humans aren't cut out for large-scale government, period.

        1. Kiwi
          Pint

          Frankly, a long-term analysis would probably show humans aren't cut out for large-scale government, period.

          When one looks at how well we do at managing our lives... Well...

          (You an I agreeing on something though.. Perhaps there is hope for humanity after all? Or is this simply one of those events that destroys universes?)

          1. Charles 9

            Humans, like other primates, work best in clans and tribes. It's large enough to manage resources and defend itself but not so large as to get you a "too many cooks" situation.

  17. cirby

    On the other hand...

    The "government officials" translates to "some mid-level bureaucrat talking to a tech writer over a four-martini lunch."

    If they don't have a LOT of politicians asking for it, plus most of Silicon Valley, it's not going to happen in our lifetimes.

  18. Bryan Hall

    Ban tornadoes and earthquakes as well

    Might as well ban tornadoes and earthquakes as well, since it makes as much sense. Enforcing a ban on encryption is idiotic and impossible. Criminals certainly won't comply, nor would nearly anyone else.

    1. Anonymous Coward
      Anonymous Coward

      Re: Ban tornadoes and earthquakes as well

      Now we know trumps plan, ban cancer and alzheimers!

    2. Kiwi
      Holmes

      Re: Ban tornadoes and earthquakes as well

      Might as well ban tornadoes and earthquakes as well, since it makes as much sense. Enforcing a ban on encryption is idiotic and impossible. Criminals certainly won't comply, nor would nearly anyone else.

      There are acts like speeding and possession of drugs which are 'strict liability offences', also things like having a copy of the manifesto of that nutter from Christchurch, various things like that - an outright ban doesn't stop everyone from having/doing them, but it does make it a criminal offence to be caught with them, and that helps limit the number of people doing them.

      Used to be you could drive with considerable amounts of alcohol in your system, and everyone was OK with that. Then the gubbermints made it illegal, but everyone was still OK with it. Then society was changed so now no-one is OK with it, and everyone is OK with someone 'dobbing in' an offender.

      Used to be OK to take an interest in guns, ammo and pyrotechnics - now it's OK to report "suspicious. terrorist behaviour ". Crims and thinkers will still be interested in those things, but give your neighbour even a whiff that you have an interest in the physics behind rapidly expanding gasses and they'll be 'doing their civic duty', and making sure everyone knows how they're the hero who potentially stopped a dangerous terrywrist.

      The government has to do 2 things - 1) ban strong encryption and 2) make heros of those who "help them in the fight against" 'terrorism' or 'child porn' or 'drugs' or whatever is standing in for EastAsia today.

      Enforcing the ban - fully agree in it being idiotic, and it will present big problems and provide immense harm for the country that does it. But impossible? No, they'll trick us into doing that for them.

  19. Mandoscottie
    WTF?

    retardation alert

    what a fantastic idea Uncle Sam, you are so smarts.

    Hell give it to the NSA to look after they can keep a secre........oh feck.

  20. JoeySter

    Why not simply ban communication? Problem solved.

    1. Kiwi
      Trollface

      Why not simply ban communication?

      Coz then we'd never learn what a hero chump is!

      Who'd worship him if no one can talk about him?

  21. whitepines
    Devil

    Double edged sword

    You want this stopped right now?

    Hollywood relies on strong encryption for anti-piracy. Point out Disney+ etc. will need the backdoor added to 4k streaming services, and according to their own logic how this will cost them trillions to piracy. After all, nothing like saying there is a single master key to everything secret and protected in an entire country to motivate various means of getting that key (including, I suspect, rubber hose methods or worse).

    Just like getting this kind of crap passed, an attacker only has to succeed once. How does the US feel about North Korea or Iran getting detailed plans for the F22 or similar, or nuclear weapons? Because after a master key leak that would be the best case outcome -- worst case is collapse of the US as all tech and content creation businesses move out or go under.

  22. Boris the Cockroach Silver badge
    Big Brother

    All anti-encryption efforts

    to read the bad guys mail will fail, mostly because the bad guys dont use anything that can be identified as a message saying "We attack the stock market at 9.13am with 4 guys using AK-47s and grenades"

    They'd use something like this:

    The elephant flies south in winter, repeat, the elephant flies south in winter.

    1. Kiwi
      Coat

      Re: All anti-encryption efforts

      They'd use something like this:

      The elephant flies south in winter, repeat, the elephant flies south in winter.

      I wouldn't..

      The 80's TV series "Scarecrow and Mrs King" IIRC used a cooking show to pass messages. The recipe was a perfectly normal recipe, but it was the type of recipe (eg chicken or beef or soup) and amounts used that gave the details (I just vaguely remember the show so could be way off on details). IIRC the person running the show didn't even know she was being used to pass messages, she was just a TV cook making the dishes she was told to by the producers/writers.

      I'd use that or other methods - like if Boris Daniels on Facebook (sorry BD, you're now every one of you on every watchlist even though I just grabbed 'Boris' from above and 'Daniels' was the first surname that came to mind) posts a message then yes, go with the attack, but if Jack Daniels (and there's a whole company now on the watch lists) posts the exact same message, the attack plan is aborted, or a different target used and so on. And the messages would appear completely innocent to anyone else, and just be made to fit in with the flow of posts.

      I wouldn't say "We attack the 3rd bathroom on the 4th floor of the pentagon at dawn with diarrhoeic elephants (blame spellcheck) at 5am on the 6th"[1], I'd say "Hey, my 3yo daughter[location pt 1- could be "son", "girl", "boy", "kid", "brat" etc] is about to have her 4th birthday [location pt 2 - could be 'birthday party', 'anniversary' and other things beyond my thinkspace right now] on the 5th [time]. We'll need 6[date]-8 adults to help chapperone[weapon choice] the kids, if any one wants to volunteer".

      [1] Unless that was the actual plan to say that directly, but pretending it's an example message when it's the actual message - if you see members of the GOP who seem to be full of crap arriving at the Pentagon in a few days, then be GONE or you may see what they have PENTUP.... (where's that bloody jacket? I need to be gone before they get over my bad puns and beat the crap out of me!)

  23. Claptrap314 Silver badge

    Between Ransomware payoffs & Clipper, part 3

    I'm thinking it might be time to change my career path...

  24. John Savard

    Fortunately

    ...the Democrats control the House, and it's an election year. So they'll hardly give Trump what he wants if it's controversial.

    Of course, that assumes no major terrorist attacks between now and the election.

  25. cjmcguinness

    So, the guy whose election was helped by hacking ...

    ... wants to make it easier to hack people?

  26. TrumpSlurp the Troll
    Trollface

    Couple of minor problems

    (1) Gathering data is not enough. Analysing it and acting on the results is also required. Police numbers are being cut due to "austerity" so who is going to use this data?

    I've lost count of the number of terroirists who have turned out to be on watch lists and "under surveillance" who still manage to attack the public unhindered. That includes those who have been reported by their own families as a risk.

    (2) BGP leaks. Apparently this proposal will make analysis of redirected traffic trivial when a "misconfiguration" of a minor ISP can send all your network traffic through another country.

  27. steviebuk Silver badge

    Another payout...

    ...another infection. It will continue the more you keep paying out. Yes it's costly to restore but surely paying out means they know it's profitable to will try again. And will more than likely target you again.

    "Knowing you possibly can't afford to have a knowledgeable IT team, means you'll probably still have a hole somewhere. And because we know you pay out, we'll carrying on picking away at you until we find something."

  28. steve 124

    What? No reference to "think of the kids"?

    I can't believe there wasn't the obligatory "we have to do this to stop kids being abused" argument that always seems to come up in this conversation.

    Just another stupid idea from people who like saying the word "encryption" to make themselves sound smarter. I'm sure this will fade away just like

    every other time this "idea" comes up.

    Government: "Hold my beer and watch this!"

    smh.

    1. whitepines
      Trollface

      Re: What? No reference to "think of the kids"?

      Maybe use this weapon against them:

      "Think of the kids! A pervert with the master key can passively pick and choose his victims without leaving a trace, and can frame anyone for having abused the kiddies, therefore evading capture and continuing to commit despicable acts with impunity!"

      I know in the real world, at least for now, there'd be enough physical evidence to still catch the creep. But after law enforcement turns into "spy on everyone and remove dissidents, physical evidence is so last century"?

      Scary.

      Reason #5098374 backdoored encryption is a really bad idea...

      1. Kiwi

        Re: What? No reference to "think of the kids"?

        I know in the real world, at least for now, there'd be enough physical evidence to still catch the creep

        Don't be to sure on the physical evidence. If I can walk in to the databases through the back doors, what's to say I can't change the DNA or fingerprint records to suit myself?

        Like with the "deepfake video" stuff, once this door is opened I doubt it can ever be closed again, and all a defence lawyer has to do is question if the records can be trusted (of course, that also assumes a judge and/or jury with 2 functional brain cells)

  29. HellDeskJockey
    Big Brother

    Yep that will show them

    The scene, arrest of a notorious terrorist.

    "All right Baddae. You're under arrest for murder, terrorism, hijacking, armed robbery, and oh yeah using illegal encryption software."

    Yep that last one will have them shacking in their boots.

    1. Kiwi

      Re: Yep that will show them

      Yep that last one will have them shacking in their boots.

      IIRC Capone wasn't done for the guns, murders, drugs/alcohol or other crimes. He was done because he screwed up his income tax return or something like that.

      How many people are rotting in jail on very long sentences for relatively minor computer crimes?

      1. HellDeskJockey

        Re: Yep that will show them

        It is actually pretty hard to do in the US as the 8th amendment prohibits excessive punishments. Reasonable bail is also required. Capone in fact served his sentence and then retired mainly due to illness.

  30. StargateSg7

    I will simply tell the government to go FF themselves as I will just release a super easy-to-use encrypted comms apps ON EVERY SYSTEM, since I make my own full blown multi-language cross-compilers and assemblers anyways! I can put MULTIPLE Post-Quantum Cryptographic algorithms into ALL of my a communications and storage apps and will distribute THEM FOR FREE !!! I can even make them run on top of ANY social media app I want! I won't be listening AT ALL to ANY government that even TRIES to ban such encryption!

    I too I have some EXTREMELY POWERFUL FRIENDS that can backup what I say!!!

    If they want to MESS WITH 20 Trillion Tonnes..... That's THEIR perogative !!!! This is a game they CANNOT WIN !!

    .

    1. Charles 9

      Wanna bet? What's to say your adversary has MORE than 20 Trillion Tonnes...perhaps even in the QUADrillion...AND are willing to go M.A.D. if necessary?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like