Juniper and Cisco spyware
Wait, wasn´t the spying being done by Huawei? Might it be that the US wanted to force Huawei to spy on us and they did not comply?
Buying US products is a security risk these days, quite sad.
If the cops and Feds can't read people's encrypted messages, you will install backdoors for us, regardless of the security hit, US Attorney General William Barr has told the technology world. While speaking today in New York, Barr demanded eavesdropping mechanisms be added to consumer-level software and devices, mechanisms …
The article missed one elephant in the room - which investigators? Police, FBI, NSA, natch. Homeowners associations? Why not, good ol' American boys. GCHQ? OK, they're our buddies. Other countries cops? Um, well, they're law enforcement too, and we can't really deny them the right to monitor their own back yard. Maybe we need a separate instance for each country. Or political party, in the case of disputed territories. Fuck it, let's just ban encryption. Oh wait, that would be against the second amendment.
Complicated, isn't it? And unless you're Captain Picard, saying "Make it so" doesn't work.
Well obviously you already have Five Eyes countries, who can already get any other intelligence information gathered, and the Nine and Fourteen Eyes groups as well, if slightly reduced. Oh, and of course you have to monitor the middle east, so communications there would need to be monitored by an ally. Saudi Arabia maybe?
Did Seven of Nine aka Jeri Ryan violate the prime directive?
Shields lowered when sealed divorce papers made public causing her ex Jack Ryan to drop out of race against Obama for U.S.Senate. Obama beats replacement Alan Keyes: https://www.quora.com/How-did-Obama-beat-Alan-Keyes-so-badly-in-the-Illinois-Senate-race-in-2004
Obama goes on to promote smart meters on every home forcing almost all to surrender their ship (Castle} to 56,000 to 180,00 Data pings per hour: Smart Meter Data: Privacy and Cybersecurity https://fas.org/sgp/crs/misc/R42338.pdf, https://www.aclu.org/blog/national-security/privacy-and-surveillance/call-logs-try-kilowatts-reports-reveal-demands
I am reminded of a tale from way back in the 1960s, where a cafe frequented by many folks that the police and authorities greatly distrusted were wont to gather and talk. Whenever anyone got up to leave this cafe, the owner would step over, hand them a coin and a the cafe's phone number on a piece of paper and ask them to phone the cafe from a phonebox a long way away, any phonebox as long as it was not the same one all the time.
The patron would call the cafe, and be told that the riot was to be at such-and-such park on a set date.
The day of the riot came, and the police were all there, arrayed in their ranks with full firearms, TSG and air support. Hundreds and hundreds of them were there, waiting for the trouble. Also present was a very elderly man with an even more antiquated scottie dog.
The moral is this: if criminal know that a medium is mnitored as that phone was, they'll send false messages. The police appear to have forgotten this.
It works for Picard because he has some of the Federation's best and brightest, most clever and innovative thinkers on his side, with a Galaxy-class starship packed to the pressure hull with all the treknobabble Geordi and Data can pull out of their afts.
Barr, on the other hand, has about as much command presence as a pile of dog shit and is ranting and raving at business entities who want nothing to do with this utter madness he's spouting because they can see how direly incompatible it would be with every other reputible place on the planet, not to mention completely dropping their shields and trouser for a titanic lawsuit up the aft when this nutjob administration is out of office (and hopefully indicted,) and less-insane people take over.
He's also demanding things which are literally impossible under the laws of mathematics as we know them.
"He's also demanding things which are literally impossible under the laws of mathematics as we know them."
Yes, we all know that but most of us are not up to deep and detailed analysis of crypto systems. It is hard sums for very great values of hard. We need peer reviewed research that conclusively proves that back doors and effective security are mutually exclusive. (Or indeed the reverse and we can all go home.)
I wasn't aiming at Trump in particular, I was pointing at the people who are the day-day lawmakers and shakers, the 'civil' 'servants' of the world.
It isn't limited to the US of course, but they are the dodgy apple in the barrel for sure.
In that case, I'll fix the question for you.
And why beholdest thou the NSA that is in thy brother's eye, but considerest not the GCHQ that is in thine own eye?
All countries want to do this, and many have. I don't like that the U.S. and U.K. do it. That is an extreme understatement. And that is why I also have a problem with other countries doing the same thing. China has that kind of surveillance system at a massive level--it's almost the model for what repressive states and surveillance organizations want to be. China has forbidden most foreign communication systems, and has promoted national systems that lack encryption. They are as evil, if not more so, than the western democracies. Not that I think the western surveillance units are any good, but they haven't succeeded completely yet. Let's realize the real enemy, which lives nearly everywhere, and quit making this issue a point of pointless national comparison.
"Data fetishism. It's not a sane policy. It's a personality disorder"*
*Usually promoted (as Upton Sinclair noted) by people for whom ""It is difficult to get them to understand something, when their salary depends upon them not understanding it."
Sure, and we're seeing a lot of Chinese and Russian propaganda around... do you think with the big experience they have accumulated in the past they would refrain from it?
China and Russia did and do a lot just because they had the power do to it, and could get away with it.
The idea that only US is evil - and I'm not a US citizen - is quite risible when we see authoritarian governments in China and Russia increasing their control over their own people, and trying to expand it abroad. And it's working so well even US risks to become a fully authoritarian state.
You can't trust Juniper and Cisco - sure - and you would be a total fool to trust Huwaei or anything built in China either.
The main difference of course being that neither Russia or China have set out their stall on the righteous moral high ground that the US has.
In fact, the only reason I can see that those other regimes are starting to appear more palatable to many is because the US has lowered the bar of what it means to be 'the good guy' (if they ever were). Still, it's the perception that counts in this case.
Do you recall the kerfuffle of the 'Great Firewall of China' and all that was meant to represent? Fast forward to today and we are seeing our politicians clamoring for more of the same. China didn't have a democracy to lose. One could argue that we don't either, ultimately, but again - it's about perception.
"US has lowered the bar of what it means to be 'the good guy' (if they ever were)."
The US has never had the moral high ground (not that russia or china have ever had it either). Its a country founded on forcibly stealing land from the native americans, wholesale slaughter of the latter when they - unsurprisingly - got a bit pissed off about this, and once the land was in land grabbing colonists hands a lot of it ended up being farmed by slaves. And yet every time someone suggests anything like this backdoor (which I don't agree with it btw) they start waving around their sodding constitution and quoting passages from it as if it was some holy text, not some expiditious political document written up by men who if alive today had views that would make Trump seem like a tofu eating liberal wuss and whats more were essentially 18th century terrorists. Or is that freedom fighters? Take your pick depending whose side you're on.
"Its a country founded on forcibly stealing land from the native americans, wholesale slaughter ..."
Most of that nasty business with natives and slaves was already handled for them before they began. The peak of the Atlantic slave trade was the mid 18th century before the terrorists / freedom fighters got their day and the West African empires got so rich selling their people (and certainly not only to what is now the US, btw) that it was their doom, having gotten the attention of Western European powers eager to steal it from them by invasion. However the views of those freedom fighter terrorists would make Trump look, they were certainly a step in the right direction and far better views than what came before them.
Just look at Kazakhstan, they are forcing all citizens to install the government's own self-signed master certificate, so they can MITM all traffic in the country. The faked Facebook certificate was used as evidence on the Firefox bug tracking database, I believe.
stopped only by the democratic processes
That's optimistic, when has any piece of badly thought out legislation been stopped by the 'democratic process' - delayed maybe, then some patsy in the next government proposes a similar set, or the same set of loons get into office again, and off we go to the once and future dystopia all over again.
So, what do you propose? To get rid of the democratic process - which may not always work in the best way, but still avoids people to be sent to re-education camp just because you don't abide to the Great Leader ideas?
A lot of bad legislation has been struck down.
But the problem today are exactly people like you - people who don't believe in democracy and believe some Great Leader would do better - and give him the rope to hang them.
Well the infamous Pi=3 was almost went through - intervention by a mathematician from Purdue prevented it happening (https://en.wikipedia.org/wiki/Indiana_Pi_Bill - wiki can be your friend, sometimes). Other than that I can not recollect anything supported by the ruling eejits, but I am willing to learn.
The lawyers will hate this: for every new law - two existing ones must be repealed.
I'd even go so far as to make it so the new law cannot conflict/supercede any existing law (or part thereof) without repealing the entire old law. The first part will never happen so no need to worry about this second bit which essentially exists to prevent amendments being made to an existing law. Dunno what the US calls them but iirc they're known as "statutory instruments" in the UK.
The USA is not a Democracy.
It is a Constitutional Republic that uses Democratic Forms of operation.
In actuality, it is 50 Constitutional Republics plus territories all operating under the same set of collective Chartering documents, those being The Declaration of Independence [statement of principles]
And the US Constitution, as amended. [The framework from which all statutory law and regulation takes its authority.]
"But the problem today are exactly people like you - people who don't believe in democracy and believe some Great Leader would do better - and give him the rope to hang them."
The complaints are because we *DO* believe in Democracy and are seeing anything *BUT* Democracy being sold as such.
The constant 'I know better than the Great Unwashed because I am Special' rheteoric.
The old trick of 'Divide and Conquer' setting one set of people against another by blaming all the systemic ills on them.
Most of our leaders are not for the 'People' *BUT* simply for themselves via deluding the 'People'.
They work to 'feather their own nest' and their *True* Supporters/Funding sources also gain as well for their must appreciated 'assistance' !!!
Rather than 'Propose getting rid of Democracy', I actually propose we have more of it ...... only this time it is the real stuff that is for the 'People' and *not* for Corporate gain for the favoured few.
Of couse, that is being unrealistic as it will never happen until the vice-like grip on the Political process is wrest out of the control of Global Corporate institutions & their friends.
As an exercise, look back over the past 30-40 years and roughly calculate how much the 'People' gained and how much Large Corporations/Banks/etc gained.
I can guess who comes out on top and by a very large margin !!!
Hint: I sure as hell was not me or anyone I know.
"But the problem today are exactly people like you - people who don't believe in democracy and believe some Great Leader would do better - and give him the rope to hang them"
Actually, I would say the problem today is the people who DO believe in democracy and believe some Great Leader's lies enough to vote for them without doing any kind of research.
Through their own lies and those of their pet media, politicians and the powerful are able to subvert the democratic process and manipulate the public into voting how they want, with no consequences. This undermines the whole concept of democracy. It's a similar concept, although not as extreme, as sham democracies where everyone votes for one party for fear of arrest or violence.
PS I'm not making this about any single issue, it's purely an observation that politicians and the media lie with impunity, and the most we get is a quiet retraction after the damage is done. It happens across the board, all over the world, and is highly damaging to the democratic process.
Does anyone buy any US networking kit these days?
I haven't touched Cisco for nearly a decade. Far more expensive than the competition and not really any better.
I've tried a wide variety of different kit from different manufacturers over the years (I'm also Cisco certified) and I have to say, for most people, TP-Link switches and Draytek routers are probably the most cost effective and reliable way to go.
It's not amazing kit, but it's not exactly shit either. It's fine.
Yeah they're limited. But the saved money can go on a lightweight 1U dual NIC server (a PowerEdge R220 for example) that you can roll your own IDS/Firewall from which can be better than a high end proprietary appliance if configured correctly.
You're talking a quad core Xeon with 16GB RAM and rudimentary RAID across two SSDs Vs some ARM based product with 4GB RAM and licensing up the arsehole.
I generally look after clients with 200 or more users (so not massive, but large enough where licensing becomes expensive).
The saving on edge security licensing I put toward client side security. Let's face it, the biggest threat to a user is themselves. So a quality AV product teamed up with a quality anti malware product works wonders. Couple that with a decent internal DNS filter and you're good to go.
Also...no local admin rights. Ever.
white box junk, some of the OSes are never updated, they run a buggy version of Linux, a SNMP mib walk can make them lock up, when the vendor quits patching you have to jump to a newer kit in the same week. At least with Cisco you get support and know when the kit gets abandon.
TOR switches have missing features that we have been using for a long time and make provisioning a pain. Lots of moving targets so pick your poison.
Wyden was doing just fine until he brought up partisan politics and saying Trump cannot be trusted. Riiiight because we could trust Obama, and we could trust Bush, and we could trust Clinton...
The bottom line is government cannot be trusted, regardless of who is in power.
"... brought up partisan politics and saying Trump cannot be trusted"
Uh, saying "Trump can't be trusted" isn't partisan politics, it's just the most obvious damn thing in the world.
You shouldn't have to go off on a tangent to apologize every time you state a fact. This kind of BS is why we're in this mess in the first place.
"Uh, saying "Trump can't be trusted" isn't partisan politics..."
Yes it is, because Trump says so, and that's all that matters. Remember, he's the one who said he could murder a man in the middle of Fifth Avenue in broad daylight and be praised for it...and he got elected. Frankly, I don't know if there will ever be a smooth transition of power after 2020.
Ahhh Trump will get his second term. The DNC will blow it and rig it like in 2016 and you get a Biden with Booker/Harris as VP that will just go on platitudes and slogans.
Trump will tear that apart. The media will root for Trump cos love him or loathe him, he has made their life so easy. If Biden gets in then 30% of the them are up for the chop within weeks.
The Reps and Dems are not allowed to offer a Govt. that works for the people. It only works for the top 10% and the Corporations. And the senior Dems like Pelosi and Schumer would rather lose to the Republicans than annoy their Corporate donors and lose those juicy big donations.
Remember when you are super wealthy, Politics is a fun hobby. Nothing more.
"the government is there to take care of us.
Can't disagree with her. Unfortunately, "take care of" can have a lot of different meanings, depending on the context.
"Sir, there's a problem. A large group of people is protesting our actions."
"What are you waiting for? Take care of them."
Usually it's a case of "we might trust the current government but how can we be sure of future governments?" We appear to have skipped the first step this time around, which is worrying.
There are really good reasons why governments with any sense will refuse to even consider certain actions.
Usually it's a case of "we might trust the current government but how can we be sure of future governments?" We appear to have skipped the first step this time around, which is worrying.
On the other hand, perhaps we would all be better served if people mistrusted the current government as a matter of course, even if they voted for them.
I feel governments are too often given the benefit of the doubt by those who voted for them, leading to the current situation on both sides of the pond, where the same oppressive legislation is continually being resurrected even when the colour of the government changes.
"I feel governments are too often given the benefit of the doubt by those who voted for them, leading to the current situation on both sides of the pond, where the same oppressive legislation is continually being resurrected even when the colour of the government changes."
We HAVE to, or things don't get done. It simply reaches the point of we have to trust SOMEONE at some point.
Sod yourself, too. You're still gonna die of thirst. Plus there's a chance they'll survive the blast and decide to retaliate against the entire village in ways that would make dehydration look pleasant.
Besides, they probably have the means to move on to terrorize the next village. The locals may not.
You sir, are a fool.
The general point is that you cannot trust this and all future governments with this kind of power. Not Obama, not Trump, and not the one that comes next or the one after that either. This senator has finally begun to understand that, it's a shame it's taken so long.
Once you hand a Government the ability to wiretap everyone at will, they or a successor will do so.
The only real difference is that Trump would definitely abuse it for personal gain, others would abuse it for different reasons. The victims are different but the outcome is similar.
The entire purpose of the US Constitution is to limit executive power, and this is why Barr's statement is attempting to feed the entire US Constitution and all its Amendments into a shredder.
"The entire purpose of the US Constitution is to limit executive power"
And the entire point of this exercise is that laws in the end are just ink on a page. ANYONE with sufficient power of some sort can simply ignore the laws, or as quoted by some people, "I reject your reality and substitute my own."
The Soviet Union had at least two written constitutions, the original and a new one sometime in the Eighties (I think). They were both excellent, and granted citizens many rights and safeguards. Problem is, nobody in power took the blindest bit of notice of them.
Why is the USA going down this path?
Trump cannot be trusted. Riiiight because we could trust Obama, and we could trust Bush, and we could trust Clinton
There are levels of 'trust' - You could trust Obama not to make the US look like an ass (he was presentable, and had a professional air, unlike Trump), Clinton, it depends, the husband you probably couldn't trust to be alone with a pretty secretary, Bush got over his problems with the bottle, but the whole 'God wanted me to be president' was a little worrying.
Barr can GO EFF himself as I can EASILY introduce a fully open source app that works on ANY HTML-5 web browser or ANY other programming language text and audio/video messaging app that uses Shor's Algorithm resistant encryption (i.e. anti-quantum computing encryption code) and there is NOTHING he can do about it as my code works everywhere and ANYWHERE! Needing NO digital signatures or OS-signing to work!
Fully encrypted, real-time text message, real-time voice and video using end-to-end peer-to-peer, peer-to-group, group-to-group and client/server operations are already supported! I can make it multi-country world-wide OPEN SOURCE ANY TIME !!!
AND... because I write my OWN cross-compilers I can make it work on ANY CPU and OS platform! I can even run a JIT (Just-In-Time compiler) within ANY web browser so my code s fully secure EVERYWHERE !!!!
OMG -- this guy is UTTERLY BRAINLESS and CLUELESS when it comes to technology !!! I can bypass his directive ANY DAY on ANY operating system !!!
AND since I am probably one of teh BEST user interface programmers out there, my stuff is sooooo easy to use and modify to your hearts delight!
The user just uses and modifies what is open source and there is NOTHING Barr can do about it!
Well, assuming all you've said is correct, you still wouldn't actually have anything secure. Either end could still be compromised. Your web host could be compromised. There are legit attacks that could easily neuter your whole big scheme and there's not a blessed thing you could do about it.
OH WELL !!! It will at least work up to a point!
AND a custom-built network chip that STILL adheres to current standards, many of which are protected by PATENT? Sounds far-fetched to me because the holders of those patents are mostly-known. In fact, because standards patents are often held by competing firms, ensuring an in-house implementation can be trusted is practically impossible. Besides, how can you be sure one of your in-house people isn't moled?
TCP/IP/UDP stacks have long had no patents and since ARPA (Advanced Research Projects Agency aka predecessor to DARPA) was a government organization in the 1960's when "The Internet" was invented, there weren't any patents on the routing algorithms so public domain it was and is! Only miscellaneous technology was protected by U.S. DOD secrecy orders but NOT patents!
The Ethernet frame-based network communications technology was held by Xerox PARC (Palo Alto Research Centre) in the 1970's so those patents have LONG run out. ONLY large frame and certain routing algorithms specific to Cisco, Juniper, Broadcom, NTP and RIM are currently in effect for SOME internet technology! Qualcomm, Nokia, Ericsson, NEC, Alcatel-Lucent (formerly Bell Labs and AT&T),Thales, Thomsen, etc have MANY WIRELESS spread-spectrum and OFDM (Orthogonal Frequency Division Multi-Plexing) (4G/5G) packet communications patents which you need for WIRELESS comms only! They DO NOT have general internet packet and network routing related patents!
Our company has already BOUGHT into multiple patent pools, so they already have access to much wireless and enterprise-level router IP!
The in-house people LIKELY aren't moles because of the polygraphs, extensive background checks, and mostly DEEEEEEEEP military backgrounds of the key engineering people!
These people KNOW how to keep secrets! And unlike me, they get paid literally a fortune to keep their mouths shut since they build and have access to technology so advanced and high-tech NOT EVEN the NSA, CIA, DARPA, NASA, ESA, CERN, LMCO, Boeing, Northrup, Raytheon, Microsoft, IBM, Oracle and Intel or even foreign giants such as Huaweii, BAE or Philips have the computing systems and aerospace technology we have!
How many companies DO YOU KNOW have a 128-bits wide combined CPU/GPU/DSP running at 60 GHz on GaAs and a 128-bits wide Vector Array Processor running at 2 THz on GaAs ???
Let me put it this way.... the "Summit" supercomputer at Oak Ridge National Laboratory that is a 200 PetaFLOPS monster machine was recently "designated" as the world's fastest supercomputer.
Is it truly the world's fastest supercomputer as noted on the Top500 list?
NO! NO! and DOUBLE NO !!!!
IT HAS NOWHERE NEAR the ACTUAL world's fastest supercomputer performance, which is THE PARENT COMPANY'S SUPER located in Vancouver, British Columbia, Canada which runs at 119 ExaFLOPS SUSTAINED performance! It is 595 times FASTER than Summit AND it is a full 128-bits wide for Integers, Floating Point, Fixed Point and RGBA pixels and NOT a mere 64-bits wide like Summit is! It runs a Whole Brain Emulation neural net system which uses molecular and electrical physics simulation for emulating neural tissue, and I can tell you it works VERY VERY WELL !!!!!!!! It has human-level (and above!) learning and end-user interaction capabilities!
When you have 119 ExaFLOPS, you can do quite a lot of things in the commercial world with that!
THAT is why it is "mostly" kept a big secret from the outside world. I'm disclosing it HERE cuz I know the "Corporate Owners" very well (I asked first!) and I do much unpaid computer-related "as-a-personal-favour-consulting-work" in exchange for me getting much access to high end video, computing and CNC-machining gear at off-hours/night-time for MY OWN VERY SPECIAL PERSONAL PROJECTS!
Anyways, back to IP licenced from elsewhere! We examine ALL IP and change it to fit our needs and then tape-out/burn the customized chips IN-HOUSE using our GaAs, GaN, Silicon-on-Sapphire and Silicon-on-Diamond microcircuit substrate processes. We are probably the ONLY company in the world that has ALL four processes under ONE ROOF and ALL done in-house !!!
Then NAME IT. A company like yours would be the Northrop Grumman of today: a frequent client of the government and therefore protected by local sovereignty because of their involvement in Black Projects.
PS. Any company with the computing ability to top the Utah Data Center (and perhaps including the secret quantum computer underneath it) would have the power to be sovereign unto themselves.
Well, assuming all you've said is correct, you still wouldn't actually have anything secure. Either end could still be compromised.
I think the point mr. shouty was making was that the biggest flaw in this plan is: "how do you get the terrorists to choose one of your compromised software products rather than an actually secure one produced in some actually free country?"
the way i see it this could be as secure as it gets. Encrypt a message , send via email , dropbox , ftp , 'web host' , whatever you want , it doesnr matter if those transmission media are compromised they dont have the key and cant decrypt it.
The recipient then uses the key top open message at his end. On a pc that is clean becasue , i dunno it auto rebuilds on the hour? is read only ? whatever.
The only way the 'ends' are compromised is if the Men in Black are standing behind the sender or reciever pointing a gun at their head , in which case all bets are off.
Honestly, I'd consider you a rank amateur if you had important messages to pass and did NOT already consider the medium to be insecure. Indeed by making this great pretence of impossible to break encryption you're basically pointing a BIG blinking neon arrow at yourself.
There are plenty of ways to pass a message in some unencrypted plain world-readable rubbish like in Facebook posts about your search for the best beer or the most sublime cheese. Don't imagine for one moment that "secret" messages were never sent in a place with high surveillance like the former East Germany. And keeping with the WW2 theme, the reliance on the encoding of the Enigma turned out to be a weakness in the end.
Any encryption that hasn't been proven to be flawed is NOT secure, it simply hasn't proven to be flawed... yet. Assume that, plan for that, and act accordingly.
So all encryption is insecure so plan for that . hmm ok .
So the only logical solution is not to send any messages?
or to stat blathering about beer on facebook?
Pesonally I'd rather take my chances with the AES256 encryption.
I've always assumed that those ridiculous prices one sees for books like used copies of Unix in a Nutshell on Amazon are a low-bandwidth encoding scheme.
Why else would anyone pay four thousand times the cost of a new copy?
So, disable wifi, bluetooth, speakers, microphone, camera, download the encrypted whatever, unplug the LAN and decrypt. then turn off the computer, destroy the HDD/SDD and rebuild. For some baddies that may be worthwhile and may be happening now. It doesn't have to be an expensive computer either, could be a small old cell phone or tablet that you'd then just burn in a bonfire. My apologies to the environment for putting that out there.
"... destroy the HDD/SDD and rebuild."
IIRC, wasn't there a big stink a few years back where SATA HHD's had malware rooted deep in firmware?
I've got a stash of IDE HDD's for my IBM PS/1 should I start looking to fire that up?
It does make me wonder how far back we would have to go to say, we were confident the hardware hadn't been tampered with.
Nah! That won't work either! I can hide malware in the Network Card BIOS, GPU card BIOS, motherboard BIOS, the Hard Drive Bios controllers and EVEN in baseband OS bioses on wireless comms that runn UNDERNEATH the operating system! I can output alpha channel overlays that humans CANNOT SEE as frame-based video-data flashes on a display system which can be read by external recording systems. OR I can embed NOISE that represent data but the human ear filters out into headphones or audio streams or embed as analog as cross-talk which can be read by external systems.
I can also electrically flicker various motherboard chips to emit RFI/EMI "noise" as an encrypted data stream which the computer case won't trap BUT can be read outside a building! I have a TON of techniques to use to bypass ANY type of building and case shielding to get any BIOS hack-related captured data to an external reader!
you know real hackers stfu about it .......
just sayin ..."
I'm NOT a hacker ... I am THEIR worst enemy! I can do this because I am VERY WELL VERSED in both HumInt and SigInt processes and the people that partake in those two subject areas. Unlike YOU, I have walked on those marble, textured metal and and concrete floors which allow me access to some of the most advanced technology and systems ever created and/or obtained!
Since I am a private corporate entity, I can do certain things that many here cannot! And illustrating just how actually INSECURE your computer hardware and operating system software really is, is just ONE of those tasks I am more than ready to involve myself in.
Ergo, since we KNOW how bad the situation is, WE WENT ALL BLACK BUDGET and designed, coded, manufactured and 3D-printed/CNC'ed ALL of our own gear and technology that NO-ONE ELSE ON EARTH HAS --- PERIOD !!!
If that were true, you'd be considered a national security asset some time back and taken over by a state agency. No computer on earth is a match for an army and its (all-mechanical) weapons as far as human-level technology is concerned.
Oh, and someone would've been able to beat a TEMPEST room by know if anything you said was true. As that would be a national-security-level event, news would be all over it (including agencies outside the affected nation's sovereignty).
Well then! I will just use software to flicker your onboard graphics chip, CPU, or various OTHER controllers to emit low-data rate RF/EM noise at specific rates and intensities that represent a valid encrypted data stream of the onboard data that the BIOS hacks captured! An external reader sna d DSP software we convert the NOISE back into normal data which one can use for nefarious purposes!
Bada bada BING!
If you want to attack some encrypted data then trying to break the algorithm is a waste of time, you go after the keys. This is where you trade convenience for potentially compromised security -- close to absolute security can be attained with a one time pad and standalone encryption equipment but its a hassle to use (unless you're really worried about government eavesdropping). So you go for the more convenient options of key management and encryption built into applications or available as a library service.
Barr's wet dream will only work if you're only allowed to use encryption in a small number of widely used, compromised, applications. I'd guess that he'll want to make using anything else a felony but that probably won't work in the US (damn Constitution/Bill of Rights!). Most people will go with the program because they're not that interested in security -- they've got little to nothing to hide so adequate security will do. Those that they really should keep tabs on won't be using breakable applications.....unless they're really stupid. Its pretty obvious but trying to tell Barr or any of his ilk anything is a waste of energy.....anyway, he's probably got heaps of experts lined up ready to cash in who will tell him anything he wants to hear.
"....Or worse. These kind of laws may put in screen scrapers/keyboard loggers in the actual hardware. No amount of HTML is gonna fix that, unless you are asking the user to encrypt *their* speech before typing. :P.... "
Actually YOU CAN DO THAT TOO !!! If you have a good enough memory or are math oriented. You can write pad-based code phrases into your word processor/text editor which look like nonsense phrases BUT are in fact pre-determined encryption codes translated by your mind as you type!
Use common song lyrics that are switched around in certain ways to represent common English phases. MANY people know enormous amounts of song lyrics so it's NOT that hard to create a MIND-ONLY cipher that even a supercomputing system would have a hard time deciphering due to the sheer number of combinations available to represent pre-determined phrases as agreed by two-or-more friends, family and business associates!
If you are a terrorist and wish to further your cause, then you need to recruit followers. Recruiting followers by definition means talking to people whom you do not know, in an open and entirely clear-text sort of way. You have to have publicity, and it is this need for publicity that enables law enforcement to make a list of potential suspects.
Once you have identified a recruiter and started to analyse the terrorist network, you once again do not need to break their codes. It is nice if you can, but most of the time knowing who is talking to whom is much more use; this again does not need encryption compromise.
Finally, when you have a terrorist network identified, then you will have a network of cells who mostly don't know each other. The thing here is that you don't need to know what this lot are saying to further compromise them; repeatedly getting local law enforcement to pick up key figures and then let them go without charge very quickly is one good way of convincing the rest of the paranoids that their network is compromised and that these key figures are police stooges.
Mostly, you do not need to be able to break terrorist comms to disrupt their networks.
That's the entire raison d'etre of social media applications - they generate a web of who knows who. Trying to explain this to someone like Barr is like talking to a brick wall, they've got this fixed mental model of how things work and the only way they can operate is by forcing the world to conform to that model.
There was a recent article in Russia Today about how drug dealers were trying to circumvent this problem of hiding their networks and how it doesn't work that well. The methodology they used was sophisticated but it failed like all security schemes fail -- because of the human element.
So... Barr is okay with big businesses using strong encryption, but not anybody else? Has he noticed that organized crime *is* big business? Does he think that criminals or terrorists that are sophisticated enough to use encryption at all will stop at using weak encryption with back doors, rather than using the best they can obtain?
In short, is Barr that stupid, or what?
I think the "or what" category applies. He knows full well what he's doing and why. What the clown doesn't realize is that if works for the Trump administration then it will also work for administration Barr doesn't agree with.
Stupid? Probably just a loyal lapdog idiot.
The endgame here is to ensure there will never again be an administration that he doesn't agree with. That's the logical trajectory of US politics right now.
That's why the Supreme Court has disclaimed all interest in gerrymandering, and the last act of the outgoing Rep state governor in Wisconsin was to sign a law stripping his own office of powers. If you really believe, as increasing numbers of these scumbags do, that the other side is Evil, then you can't allow democracy.
(And yes, the Democrats are moving the same way. Arguably the only reason they're lagging is because they're the underdogs, so have more to gain from pluralism. If Americans can't get over this, the country is finished.)
"I don’t even know where to begin," the professor added.
Well, I'm not a professor ...
But I'm quite sure I know exactly what his first thought was: Damn! Another premium certified asshole just doing his thing within the present US administration.
... is Barr that stupid, or what?
Barr may be stupid and/or ignorant, but that is irrelevant. The only requirement on his part is that he honestly believe the rest of the country is. (And in the case of how this particular policy would directly impact them he would likely be right.)
(Big Brother icon, though I feel Brave New World would be more appropriate).
The Guzman trial proved exactly that. He had his own encrypted comms system setup by an IT contractor who was flipped by the FBI and he inserted a backdoor for the FBI to eavesdrop. With billions and liberty at stake spending a few million a year on systems is nothing. Of course now that all was revealed during that trial, organised crime will be making sure their IT people are either one of their own or locked up in a small room and effectively held prisoner.
"Of course now that all was revealed during that trial, organised crime will be making sure their IT people are either one of their own or locked up in a small room and effectively held prisoner."
The former can still be tailed or moled (that's how they got bin Laden), the latter would likely go stir crazy and they'll have to kill him (or he'll kill himself), meaning they won't get a solution.
There are well trodden ways of organizing things to alleviate this problem. In simplistic terms, split the project down into bite sized pieces that don't in and of themselves reveal or betray the overall goal. There are issues around how to bring it all together but I'd rather not say too much about that as I'm sure I just saw a shadow cross the sun...
"There are well trodden ways of organizing things to alleviate this problem. In simplistic terms, split the project down into bite sized pieces that don't in and of themselves reveal or betray the overall goal."
But SOMEONE has to be able to put it all together. That's who the plods target or mole.
Well, if small businesses could afford secure encryption, then ordinary people might get their hands on it. Or the bad guys might start a small business. It's pretty hard for a terrorist cell to set up a Fortune 500 company on short notice without attracting attention.
Lawyers again believing that the laws of nature, mathematics and physics can be overridden simply by legislating it.
That takes a level of arrogance, that, thankfully I have not met or a new level of stupid that should not be allowed to pollute the gene pool.
I suspect, to my horror, it is probably a combination of both
This post has been deleted by its author
I believe there was such a proposal tabled in one particular state, though - to give credit - the proposal was shot down pretty quickly by the rest of the house - I don't believe it even made it to a vote. I doubt the US will be so lucky this time. Australia wasn't... see: Laws of Mathematics vs Laws of Australia, one-or-another of the faceless revolving prime-ministers for the year, circa 2018.
Making pi = 3 is actually more sane. Though still insane. It's a measurements and commercial weights kinda thing. It would just mean anyone selling "pi length rope" would sell it as 3 of that (foot/cm etc).
Still unfair, a scam and illogical and wrong. Making profit off the extra not given to the customer. But it's at least understood how and why, and "workable" (just as many other industries use their own terminology for "standard" sized portions/measurements/sales sizes... I mean, just look at McDonalds and "small/medium/large" ;) ).
But here... here is a request that is totally unworkable.
They weren't making pi equal to three to match Holy Scripture. They were simply passing a resultion that said they recognized that the great discovery of pi being equal to some slightly wrong value by a circle-squarer was a valuable mathematical discovery so that they wouldn't have to pay a royalty when they updated and corrected their school textbooks.
The law would not have prevented engineers and machinists in the state from continuing to use the real value of pi, it would only have gotten the state laughed at.
If the criminals know encryption is cracked then they will use other methods to communicate.
As it states written (paper) is exempt from this, so why not communicate using the post, or use the older book based coding system.
I.e both buy the same book, use the page,line,word reference key. Or produce a document that contains the words they need.
For example 36,1,2 36,12,1 36,12,4
Yes it is a bizarre phrase but to solve it you need this month’s Fortean times (issue 381)
Wonder who is going to work it out?
Unless you go full one-time pad (with the associated key exchange headaches), I think that these book-based ciphers won't work anymore against a state-sponsored actor. It's just to easy to suck in a digital version of the library of congress and try every possibility. Much, much easier than even cracking DES.
(how many books? a billion? With magazines, round it up to four? Searching through 2^32 options for stuff that sounds like not gibberish is something my laptop can probably do)
That's how the plods can beat a one-time pad. If they intercept such a message they can mess it up, breaking the synchronization. That's also how they can beat stego: by mangling any of the images and videos sent over the wires. Once the synchronization is broken (and synchronization is essential to a one-time pad), they lose their ability to communicate, and that can be good enough for them.
Then it's no longer a one-time pad. Plus it still doesn't help if a message gets garbled along the way as ALL the bits can get scrambled, INCLUDING the first ten or whatever. Put it this way. The effectiveness of a one-time pad is dependent on a reliable means of communication: open or not. A distorted message is useless in this scheme.
You can USE the distortion itself as a messaging schema!
The amount and position of image distortion, destruction or change IN ITSELF is a piece of information that can be related to a given pre-determined code and/or phrase. And if the distortion or change is applied randomly, you can create BOUNDARIES that infer that ANY changes or distrotions that fall within a specific range of change values and/or distortion value is an acceptable representation of a given code.
This allows for Steganography that is resistant to randomized bit flipping or bit-swapping or otehr randomized distortions because the 3rd party distortions and changes IN-THEMSELVES are a means of data exchange! Basically you are using a 3rd party's IT weapons against themselves!
This post has been deleted by its author
you've only to combine it with rot-13 to make the code nigh on unbreakable as you'd have to analyse the output from *every* book to end up with something you could then try and parse as 'normal text'. Other options are available (such as using a book you wrote yourself, or adding an abitrary number to the book refenece numbers etc.)
In A Perfect Spy, Magnus communicates with the Czechs via an old edition of Simplicissimus. There are many, many books in print which are not going to be in any library accessible by a given state. At one company I worked for we had a code book which was a particular edition of an obscure German -English dictionary. Doubtless crackable, but not with a level of effort which would justify a competitor finding out the book to bill, scrap rates and quality levels for the previous month.
Too much processing - and it assumes you know how their book code is operating (lots of variants in how you give the reference to the particular word - just using an arbitrary (number "wrap around" logic instead of actual page) agreed between the communicators chucks a huge spanner in the works).
Or there's (as alluded to earlier by FT reference) conspirators use a rotating series of freshly published magazines / newspapers instead of a "static" publication.
Book codes are still good (even more so if codes are "hiding in plain sight" via stego methods and so may easily not be spotted)
Frankly if I was a major crook, terrorist etc. i would not be using mainstream "apps" to communicate anything sensitive - back-dooring popular apps would only get the low hanging fruit, not the really dangerous communications.
This post has been deleted by its author
"What's to stop the US from moling all the other stuff and making them useless as well."
Contrary to common US opinion they don't rule the world. The only effect would be to make the products of US-owned corporations unsaleable elsewhere. As I keep saying, if US politicians achieve what they keep aiming for their tech industry will relocate itself wherever there's a tech-friendly government* leaving local franchises to sell broken products to the US market.
*Yes, there would be such things. In fact there'd be strong competition in this field just as there is in tax at present. The rewards would be huge.
But high barriers of entry AND no guarantee they aren't moled, either.
"Contrary to common US opinion they don't rule the world."
Or that's what they WANT you to believe when they're actually pulling a Rothschild and simply controlling things from BEHIND the scenes.
Simple and will cost the government a small fortune. If the government approved encryption is hacked, your bank account cleaned out (or other injury in the legal sense caused), the government is responsible for costs and penalties.
Wait... the government won't agree and won't pay. F*** it. Just say no to Barr's plans.
Stop thinking about it as government money. It is tax payers' money.
If Barr wants warrant breakable encryption he can hire people to code it with his own money. I will even let him accept (taxable) donations for his cause. He can then demonstrate its security by using it for all his bank accounts and business transactions. He can make the entire security community eat crow by demonstrating secure warrant breakable encryption is possible.
The truly rich don't put their real money in bank accounts. They hold it in real estate and other appreciable tangible assets that also are harder to tax as long as they're simply held and not traded (most taxes on assets hit upon sale, not while holding--it's part of the Tax Planning 101 strategy).
No, it just doesn't make sense to pull off. Value is relative, and smaller governments have a hard enough time assessing real estate taxes without getting disputes and court cases. Plus they can employ degrees of separation (such as trust funds) to put some distance between their assets and the tax man. As a last resort, they can always target the tax agencies themselves.
Just watch other countries not give a dam about what happens in the U.S. This stupid ignorant people are just about to ruin current dominance of U.S Technical companies and that means competition is going to appear rapidly and it's going to be encrypted*.
* Unless you happen to live in the following countries.
- Any country with a dictator.
"Just watch other countries not give a dam about what happens in the U.S."
Unfortunately this isn't true. Many supposedly democratic countries have tentatively suggested similar things, but they still back away because nobody wants to be the first one. But once some examples exist, they others will jump on the bandwagon. All governments would love to know everything about anyone, just in case they might need it. It's all about power, and there are a lot of utterly frustrated closet dictators out there...
Many supposedly democratic countries have tentatively suggested similar things, but they still back away because nobody wants to be the first one. But once some examples exist, they others will jump on the bandwagon.
It will take exactly ONE mass hack to disabuse them of that notion (and they had that already, WannaCry and Stuxnet were prime examples of what will happen when the backdoor becomes an open door). The problem with everyone using COTS is that they will inflict this problem on themselves too or face FAR greater costs to keep things safe. Given that they can't even manage with current, almost safe facilities because their core vendor isn't exactly known for having a clue they then might as well publish everything they do, accidentally promoting the sort of transparent governance they have been desperate to avoid so far.
Hmm, now THERE is a benefit: maybe we ought to ban strong encryption in government alone.
> It will take exactly ONE mass hack to disabuse them of that notion
Why? It will be "collateral damage". An "unfortunate incident", and that's all.
You have this strange notion that peoples' wishes and decisions have something to do with logic and causality. Thousands of years of human history have proven that it isn't true, and people rarely chose the sensible solution. They chose the solution which, at that moment, seems to warrant the biggest release of endorphin.
Mummy is grumpy that she can't read your secret diary anymore boys and girls. Surely you want mummy to know how many times a day you're pooping and whether you're a scruncher or a folder and whether you like mummy or not. You selflish little brats. How dare you hide things from her.
"... And all you American fools believe that China is the enemy when it is your own government. ..."
AND THAT is why we have our friends Smith & Wesson, Remington, Colt, Armalite, Glock, and H&K to GUARANTEE that any government official STUPID ENOUGH to try this stunt gets a nice whack to the head applied by said friends! We can ASSURE YOU THEY WILL NOT be trying that stunt again!
I can ALSO ASSURE YOU there are MORE THAN ENOUGH OF US to ensure such antics are PUT DOWN with extreme prejudice!
"... And if they decide to just bomb you...with a nuke if necessary? ..."
It would be a VERY BAD IDEA for "Them, They, The MIB's" to make a deadly run at us as WE TOO have VERY VERY VERY VERY POWERFUL FRIENDS !!!!!!! And I should note we also have the means and fully autonomous capability to ENSURE a swift, large-scale and UTTERLY DECISIVE response!
Let me give you a quick science lesson! You don't ACTUALLY NEED to use Plutonium or U235/U238 to make your own nuke! ANY heavy element that you can buy cheaply, easily and quickly is basically only METASTABLE !!!
And the binding energies when released AFTER extra input energy topples the metastability into instability allows me (us?) to ENSURE with EXTREME PREJUDICE that such events/threats upon OUR well-being would result in SWIFT, WIDE-AREA and SEVERE consequences!
Ya don't come to a gunfight with a pea-shooter when the OTHER party has plasma cannons and petawatt lasers/masers! I think that's a good enough warning NOT to try anything stupid !!!
You Trump voters accepted the lie that it was Huawei that was going to spy on you and that they had to follow Chinese government orders to install backdoors on their equipment when all along it is Donald Trump and his corrupt A.G. that wants your secrets, it is the US government issuing the orders that China never did.
Trump voters? Jump lumping them all together now? Wow - blame a group with no power over the decisions being taken.
The voted before the Huawei nonsense came out, should they all be condemned for not having clear enough crystal balls too?
Why is it these days people are collectively blamed without any evidence or consideration of how you group them? Just blame them all.. what a society.
Does he expect that all comms apps will have the backdoor password / keys baked in? So any open source is also going to have those same passwords/ keys fully visible because, like, it is OPEN source. That is going to really keep the crims out. The only other logical way is to force everyone to register every app with the gov so that the first time you use it it sets up the backdoor. Again I don't see the crims volunteering to register their apps with the gov, and with open source you can just look for the gov mandated code additions, remove them and recompile.
A law that effectively makes secure open source apps illegal would be a nicely pro-corporate play wouldn't it? Fits right in with the direction the company is going. LOL now there's a Freudian if I ever saw one, I mean the direction the country is going, of course.
> A law that effectively makes secure open source apps illegal
This is where (if I understand correctly) the rock meets the hard place in the form of the US Constitution (as amended). A codebase which generates "illegal" strong encryption with no backdoor is almost certainly protected free speech in the USA. You'd think an Attorney General would appreciate this truth. Therefore, AG Barr probably has designs on weakening that aspect of the US Constitution.
This is 'Murica! The NRA fan-base have THEIR OWN TANKS, APCs, Uparmoured Humvees, MRAPs, BAZOOKAS, RPGs, .50 CAL BMG's, 20 mm & 30mm cannons, 105 mm howitzers and even their own armed drones and planes! AND they are WELL-TRAINED and MOTIVATED ENOUGH to use them! Good luck with that!
An ARMED society is a POLITE society! The 2nd Amendment is KING here! As said in 1945... NEVER AGAIN !!!!
And in case ANYONE is wondering what 'Murica is all about with regards to the 2nd Amendment GUARANTEEING all the other rights, I say to take a look at THESE videos to see what you can buy as a private American citizen if you have the money and time!
THIS is 'Murica !!!
Your Second Amendment Rights Showcased!
Making the Second Amendment REALLY Shine!
I'm thinking of developing a secure, device-to-device chat/voice app. There is no central server to tap into so I'll need that nice Mr. Barr to provide an IP address that my software can listen on whenever a call is made. If the FBI's server 'answers' my connection request then I'll assume that they want to tap into the call and I'll have the app relay the conversation to that IP; if they don't accept the connection I'll assume they don't.
I'll also assume that a personal firewall won't be available on the device.
The plods can go the the upper-tier networks and hijack the route to your desired target, creating a hostile takeover of the IP and then continues it along without anyone else the wiser.
Another possibility: pwn the hardware that runs your devices to perform an Outside the Envelope attack.
Going to get down voted mercilessly by the righties but Freakonomics guys argue quite persuasively that what caused the huge crime drop in the early 1990s was it was the first full generation after Roe V Wade. Since Barr's buddies and ilk are trying with some success to kill off Roe V Wade in much of the country he is just getting out in front of the future crime wave his party is going to cause. Of course with the most ham fisted least successful in all but rhetoric way possible. Kind of like his boss.
By FAR the leading candidate for the cause of the drop in crime was unleaded gasoline, By going back and checking car registrations in various counties you can track the drop on a county by county level as leaded gas cars were retired. The peak happened first in rich counties and last in poor counties, as you would expect since they were using many more older cars.
If it was Roe v Wade that could potentially account for a decrease in crime, but would offer zero explanation for the increase in crime in the decades leading up until the peak in the early 90s. It also wouldn't account for the fact that the peak happened over a 10+ year period depending on where it was the US it was. Besides, birth control has a far larger affect than abortion in letting people decide if/when to have babies.
Truth is probably somewhere in between. Wouldn't put it past some in the GOP to want to bring back leaded gasoline either (anything to make it more like 1953). Still 29% is a fair number of extra murders for sure.
A 2007 study by Jessica Reyes at Amherst College stated: "This implies that, between 1992 and 2002, the phase-out of lead from gasoline was responsible for approximately a 56% decline in violent crime. Sensitivity testing confirms the strength of these results. Results for murder are not robust if New York and the District of Columbia are included, but suggest a substantial elasticity as well. No significant effects are found for property crime. The effect of legalized abortion reported by Donohue and Levitt (2001) is largely unaffected, so that abortion accounts for a 29% decline in violent crime (elasticity 0.23), and similar declines in murder and property crime. Overall, the phase-out of lead and the legalization of abortion appear to have been responsible for significant reductions in violent crime rates."
An updated paper was published in 2019 to review the predictions of the original 2001 paper: NBER Working Paper No. 25863
Overall the authors concluded that the predictions did hold up with strong effects.] "We estimate that crime fell roughly 20% between 1997 and 2014 due to legalized abortion. The cumulative impact of legalized abortion on crime is roughly 45%, accounting for a very substantial portion of the roughly 50-55% overall decline from the peak of crime in the early 1990s."
"All I see is a bunch of correlations without providing evidence of exactly WHY unleaded gasoline and abortion dropped crime rates."
The lead thing is known: lead has a known causal effect on brain chemistry. It wasn't just lead in fuel; countries that got rid of lead paint experienced a similar improvement.
As for abortions, I assume the causal link is that a lot of crime is drug-related, and a lot of people get into drugs because of a shit childhood. One possible cause of a shit childhood is a family that didn't want you/cannot look after you.
I wore the PGP-in-perl T-shirt out of and back into the USA on maybe a dozen flights from '91 to '93 without anybody even blinking at me funny. Later, I occasionally carried a copy of Bruce Schneier's "Applied Cryptography" book containing source examples in the text (which did not fall under the export restrictions) and the disk containing the very same source, which was bound into the cover (and very definitely did fall under those restrictions).
This kind of security theater may be worth the paper it is printed on, but not much more.
I stopped trying to get arrested on principle when I grew up and had a kid of my own to take care of. Priorities & all that. Today, she tells me I shouldn't have wimped out ... but she did take the shirt into "show and tell" occasionally, to explain to the class why it was considered "munitions".
Big Tech will sue, and get a stay from the courts because of the difficulty of implementing this (especially for end to end stuff like iMessage etc.) Then it will go through the courts, and THEY will determine whether it violates the fourth amendment, not Trump toady Barr.
It would take long enough that Barr will be long gone before it is decided, and we will hopefully have much less stupidity at the top of the DoJ.
No danger. All that stupid will leave a vacuum, which nature abhors. It'll suck in more stupid than was there originally, making things worse. The trick is evacuating the stupid and injecting common sense, preferably using a clue-by-four.
Joking aside, just look at the lower layers just waiting to fill the void. Are they any better on average?
It is more profitable for lawyers to pretend that a generally understood subject is not, and demand expert witnesses.
It is said that in one case Abraham Lincoln was involved in, he disproved the prosecution by producing an almanac to show that on the night in question there was no moon, and the claim that the accused was recognised by moonlight was false.
Another lawyer then commented that the judge should not have accepted the almanac, but demanded the presence of an astronomer as an expert witness who could be cross-questioned as to its accuracy.
More court time, more fees for both sides.
I guess pen and paper will be banned too? Along with pencils and erasers?
"Evidence" going dark has *always* been a problem for law enforcement. That's why for centuries motive was often uncertain -- it's not like the Big Bad Guy tended to keep copious notes on why he was breaking the law, or if he did they tended to be either encrypted (yes, this was a thing even before computers!) or burned along with any other evidence before / during capture. Or simply hidden and not found. That's why evidence tended to be gathered from sources outside the Big Bad Guy's control -- spies, defecting buddies, policemen actually bothering to request records from individuals and companies that might have dealt with the Bad Guy, heck a simple tail is perfectly legal and probably still works today.
Try making open source illegal and the Chinese will pick the bones of the US clean after wiping the Yanks out economically. Most people I know from the boffin creator-type class would happily relocate to another country before giving up their rights to keep their internal conversations and research private, and the others would simply stop working or go into a less stressful field and eschew modern technology entirely. And that's not even going into how Hollywood will have "trillions" in damage from DRM no longer being effective (backdoor key == decrypted content, and with strong encryption illegal your average citizen can pin the "piracy" crime on anyone they want!).
Do you really want a world with no secrets? My sneaking suspicion is that a world like that would blow itself to bits as everyone knew everything that other people were thinking, offending nearly everyone, and the political class basically launching nukes in response. Not to mention the technological stalling and regression as everyone except a few stupid people cease research (no profit in it when you can just wait for some other idiot to spend his time and money to do something, then copy it for super cheap, right?). WWII started over stupidity like this, the human race is not evolved enough to handle this level of transparency. Full stop.
> creator-type class [...] Hollywood [...]
He expressly said businesses can keep their encryption. Only Joe Sixpack in the streets has to strip and run around naked. If he hasn't already been unclothed by some big corporation losing his data that is.
I'm surprised he didn't use that argument; What do you have to hide, that some breach hasn't already (or will shortly) made public anyway?
Businesses (at least of the Hollywood type) aren't really creators though -- that function still falls to individuals. You really think that movie is going to stay secret when all the 'personal' stuff has to use the backdoored encryption? All I see is a feast for the lawyers -- studio suing individuals for leaking info over the personal devices, or government suing the individuals for using the strong business encryption for personal stuff. Might make a lot of those people just ... stop creating.
> You really think that movie is going to stay secret when all the 'personal' stuff has to use the backdoored encryption?
Technically you're right, but the distinction between "businesses" and "have-nots" is actually made through money and lobbying power: Money talks (to people making laws), so you can rest reassured that the interests of such a wealthy industry won't be overlooked. And while the people working for the entertainment industry are indeed mostly freelancers, they have their mighty unions to fight for them, and those will know to make sure their adherents don't get thrown out with the bathwater.
So, in short, I really don't worry about the entertainment industry, it's big enough to take care of itself. Other professions have less lobbying power and thus will have stronger problems: Medical professions for instance, but also lawyers (often in conflict with police investigations due to them defending a
perpetrator suspect, and having access to his/her secrets).
After Barr’s speech one of the most technically literate Senators in Congress, Ron Wyden (D-OR), launched a blistering attack on the scheme – not just on technology grounds but also because of the people pushing it.
What a stupid strategy... Political pique is no grounds for anything. Only principle counts.
Presumably Messrs. Barr, Trump, Brennan, Obama and the rest of the grisly crew persecuting Assange feel they have the right to read any letter too...
The FBI had been on to the two shooters for years and was keeping tight tabs on them. The undercover agent testified that he had no idea they were planning a shooting spree at the time, despite the pair having three rifles, three handguns, and 1,500 rounds of ammunition in the car.
To be fair to him, at that very moment 100s of 1000s of ordinary law-abiding, normal Americans were equally well fitted up.
The government doesn't really want the "key" per say, what the government really wants is to pass a law against cryptography so that if the feds can't decrypt it, the individual(s) are guilty of using crypto without a license and to be sentenced to jail up to 10 years each count, with time off if the individual(s) give the feds the key.
You can see where this is going... That law would be catastrophic; swinging the pendulum so far to the right, it may never recover.
Do not forget, If the NSA wants to read your files, they will read your files.
Indeed, which is fun.
I have signed up for free (with throwaway email and password) to many sites over the years just to read a few particular articles of interest.
Chances of me remembering those credentials - zero.
I don't know passwords to any sites I use a decent password for (as they use machine generated distinctly non memorable passwords. so without the password manager I would have no hope of giving those out) - sites I don't care about, as nothing of use on them personal data wise, get simple passwords I have a hope of remembering e.g. iPlayer,
I don't know passwords to any sites I use a decent password for (as they use machine generated distinctly non memorable passwords. so without the password manager I would have no hope of giving those out) - sites I don't care about, as nothing of use on them personal data wise, get simple passwords I have a hope of remembering e.g. iPlayer, .... tiggity
That's a very memorable Get Out and Stay Out of Jail for Free Card to Play and is Always Available for WorldsWideWeb Bedded Play with Special Operations Executives.
In the name of all that is good and holy, please, please, PLEASE--DO NOT MAKE THIS A PARTISAN ISSUE!!!
The DoJ has been resolutely clueless on this issue since no later than the infamous Clipper chip, which was published in 1994. (First term of president Clinton.) For twenty five consecutive years, they have ignored the NSA, the DoD, the banking industry, and EVERY person with any knowledge of the subject. For those with exceptionally short memories, that would be fourteen years of Democratic administrations and eleven of Republican.
If you make this a partisan issue, then there becomes a real chance that when you party loses (and it eventually will), you will be force-fed this koolaid. JUST SAY NO. This is NOT a matter of politics, this is a matter of mathematics. I say this as a mathematician, and an activist Republican.
And senator Wyden, if you REALLY want to dig into administrations abusing power of this sort, I can assure you that your party is no more clean on this one then mine. This is a first order national security issue. Do NOT play politics with it.
I am glad to see that I'm not the only one who is calling these jokers flat-earthers. We must embarrass them out of this.
> And senator Wyden, if you REALLY want to dig into administrations abusing power of this sort, I can assure you that your party is no more clean on this one then mine. This is a first order national security issue. Do NOT play politics with it.
The calls for backdoors seem to be driven by career employees of the FBI. Remember that FBI directors are put into office for ten year terms, ostensibly to prevent them from being pawns of whatever party is in power in the Executive branch. I'm thinking that Barr is aware of this `gotta have backdoors' culture within the FBI and is taking advantage of it to further the entrenchment of The Orange One.
A military bigger than the next several combined.
China just announced today an arms race because they realised that the dangers of the current US direction are exacerbated by their huge military. I am afraid Trump has just started Cold War II without even realising what he was doing.
I am afraid Trump has just started Cold War II without even realising what he was doing.
Doesn't that apply to pretty much everything Trump does? He has little knowledge of anything that he touches... and destroys. Yet he always believes he's the smartest person in the room. Because he has an opinion.
The Brown Fox is in the hen-house, I repeat, The Brown Fox is in the hen-house.
Rupert has a green coat and would like some tea. Rupert has a green coat and would like some tea.
Go ahead and put your stupid back-doors into everything. It will make not one iota of difference to the crooks and nutters. They will just use an alternative method to communicate securely. The government will hate it though as their "indiscretions" will become public knowledge much sooner, when the hackers use your back-door to get into your systems and publish your data on the Web.
Barr echoed the familiar refrain that criminals were using encryption to “go dark,” and frustrate officers and agents' efforts to catch them. If this were true, we’d be seeing an explosion or at least some rise in crime here in America. However, that’s simply not the case – quite the opposite in fact:
What the likes of a Barr is not drawing attention to, is the fundamental change of probable future attack victim, which is certain to be as a war waged specifically against that and those who would think to rule absolutely with sub-prime programs and projects rather than sharing the benefits and advantages which such a utility/facility provides.
The "enemy" is getting smarter and spewing out info and intel on that which seeks to restrict its discoveries and uncoverings/vulnerabilities and bugs, and that puts a target on the likes of a Barr.
And quite whether that be more the terrorists are coming or the terrorists are being identified is something to ponder on before jumping off the fence.
“Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations."
It's a small addition to all the already exposed BS, but let me point that out: large business enterprises DO NOT routinely customized encryption. To the contrary, they're keen to use very standard, proven, NIST-approved encryption, the kind that will easily be audited and found compliant to eg PCI-DSS.
Well it all starts out with the best of intentions, to stop terrorists. But mission creep sets in and you end up with a situation like the "Regulation of Investigatory Powers Act" in the UK, also known as the Snoopers Charter. Designed to combat terrorism and ends up being used by local councils to snoop on which school parents are sending their children to and who's leaving their bin out on the wrong day.
This is definitely the wrong end of a slippery slope.
The bin one showed the extraordinary stupidity of council officials, who, living in large detached houses in villages, didn't realise that the majority of people put bins out close together so it is easy for the ungodly to put their heavy rubbish in someone else's bin. It's actually quite similar in its way to this Barr dimwit.
But the schools thing is a real issue. Not far from here we've had reports of people from outside the area buying flats in the local slightly sink-ish estate, and thus driving up prices so as to make them unaffordable to locals. And why? To get into the catchment area of what they thought would be a highly regarded, well funded academy.
The fact that it's failed and is being taken over is just a kind of poetic justice, but in the meantime first time buyers have been screwed by the well off. Councils need to attend to things like that.
“We are not talking about protecting the nation’s nuclear launch codes,”
No, my data is a lot more important and secure than 00000.
"a terror attack or some such may conveniently swing the population toward outlawing strong cryptography"
The CIA have something in the works do they?
Ron Wyden seems like a good man, whenever I hear of him he has something intelligent to say. I don't suppose he feels like becoming British PM?
Is Barr just carelessly describing something that already happens in most of the industry, with the exception of foreign suppliers beyond his reach?
Kind-of like when our (spit) Boris blurts out something unhelpful to what's supposed to be his cause - as in how he helped that woman (whose name I'm not going to try to spell) imprisoned for spying in Iran?
“Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, email, and voice and data applications.”
I haven't got enough face for all the palms I want to plant on it
(going offtopic here)
Oh, this epiphany just in: if only outlaws have guns, then the end result is that unless there are many outlaws out there then the number of guns on the streets will dramatically reduce, and so will gun crime as now guns and bullets are a luxury.
I wonder what the gun nut counter-argument is to this logic (besides yelling "2nd amendment!", which is a right, not an obligation, and can be withdrawn if the people agree).
Not the same could be said about outlawing encryption though. The outlaws with encryption might get even more empowered compared to the ones with guns.
"besides yelling "2nd amendment!", which is a right, not an obligation, and can be withdrawn if the people agree"
Because "the people" have been so good at agreeing on ANYTHING for the past 30 years. Besides, I would think that, in reality, a malicious Government would be after much juicier rights. That First Amendment has got to be a big thorn in the side - look at how many times the Government has been smacked by it over the centuries. Same goes for the Fourth Amendment - definitely a stumbling block for any Government that realizes how much better it is at everything than the populace it governs.
So yeah, taking away the pea-shooters might make hay with some groups, but wouldn't really do much to advance the government's absolute authority over the lives of its subjects.
Talk about unclear on the concept ...
Last time I was in England for several months, a good friend, upstanding British citizen, tax payer, PhD research chemist for a big international company, offered me the use of a 9mm Browning automatic for the duration of my stay. I declined ... and was vaguely uneasy staying at his house for that time, despite the fact that here in my office in the USA I have easy access to several dozen rifles, shotguns & handguns. The "climate" around guns is different in England; as a Yank you have to experience it to understand it fully. Mostly, it's fear of the unknown (as you can see, from comments here on ElReg and other places).
But the fact is that the guns are there. Even where they are illegal. In fact, by making guns illegal you are making a new class of criminal ... people who own guns, but don't actually do anything illegal with them. Thus, non-outlaws become outlaws at the stroke of a lawmaker's pen. And you are STILL not addressing the REAL problem ... actual, as opposed to newly invented, criminals.
Just have the apps send the messages twice: once encrypted end to end - to keep the regular hackers away, and once encrypted with government keys - to keep the government hackers in the loop. It won't be a secret that you are spying on people, but that's not important.
Keep the government keys in a secure offline vault, under armed guard. Log everyone who checks them out, and the warrant that allows them to do so. Only allow the keys to be used inside the secure facility on a network that isn't connected to the Internet (although you're allowed to use VPN to scale out around the country).
Everyone entering and exiting the facility will have to get butt naked and get every orifice check both going in and going out. Only authorised devices past this point.
Impose fines on anybody who doesn't have this simple^W very complicated and very well thought backdoor in their app.
Possible bug: there's no guarantee that the message encrypted with the government key is the same as the one encrypted end-to-end, and no way to check either.
That will be $10M plus relevant taxes. Thank you.
An Armchair Internet Security Contractor
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
- 4th Amendment to the United States Constitution
Get a warrant, Barr, otherwise sod off. . . .
As already mentioned, the bad guys will likely not be compliant in using such broken encryption. Unless of course, they outlaw use and possession of "hard" encryption tools (are available after all), punishable by painful death (needs to harder punished than any possible crime that user wants to hide). But even then, the bad guys will simply use something else. So: bottom line: what he wants to achieve, that they can break the communication of criminals that way, will not happen. What will happen, of course, is that everybody they are supposedly not interested in, will be wide open to attack by said criminals, as they will likely be afraid of such draconian punishment and will obediently use the broken encryption. Is he too stupid to realize that? No, I guess not. Therefore: The real reason he wants that must be something else. Maybe the fighting crime thing is just a pretext to get exactly, what he claims he is not interested in, that being the possibility to listen in on EVERYBODY else (except the criminals/terrorists etc). Then all of this suddenly makes sense, doesn't it?
Law abiding citizens will all use the tools provided to them easily, but a criminal? One with half a braincell? They'll use an open source app sideloaded onto devices. Takes a minimal amount of minutes to do. Grab the source to Signal and away you go.
So, in reality this isn't about criminals - they'll continue to use end to end encryption that can't be cracked. Its about surveillance on everyone else.
Since this is hardly news (it's been rumbling on for years) surely there would have been moves - not just in the US, but worldwide - to deliver an end to end encryption system which is immune to Club Fed (or RIPA) requests.
But unless I am woefully underinformed, there haven't. Not even as nerdy POC-type exercises, let alone something with serious commercial backing.
Plenty of whingy-whining yes. But concrete developments ? No.
All most odd.
Any government official – politician, law enforcement, justice etc. – wanting what Barr wants must be characterized with two options:
1) This person is stupid. This doesn't work for the claimed purpose – fight crime and/or terrorism – as we all know, but we cannot exclude the fact that this person does not understand this.
2) This person is not stupid. Which means they knows it does not work for the stated purpose. Which means this person has another, unstated, purpose in mind for wanting this. Now, I cannot think of any purpose that this person can have in mind that goes against the principles of a free, democratic, open society. Can you?
"Crucially, the undercover agent testified he had no idea the two other men were planning a shooting spree at the center, despite the pair having three rifles, three handguns, and 1,500 rounds of ammunition lying around in their car."
6 guns and 1500 rounds in the car? Shoot, son, that's just going for a Sunday drive roun these parts.
The war between "people looking to score political gain" vs "people that actually understand what's being asked" provides entertainment and frustration in equal amounts.
No matter how many times you provide evidence of something being a bad idea, politicians will believe they just need to campaign more.
Secure and Backdoored are mutually exclusive terms in discussions like this.
We have idiots in positions of power in DC. Sadly, this is the norm for just about any country with more than 2 people in positions of power in their capital.
I would have thought that the Federal Office of Personnel Management personnel records hack (which occurred because the personnel data was on old systems where it couldn't be properly encrypted) would be enough to convince the Feds that watering down encryption is a horrible idea.
But, I guess that those who don't learn from the past are condemned to repeat it, and those who refuse to learn from the past rush to repeat it.
The key point is that the individual’s right to privacy and the [police's] right of access are two sides of the same coin
I'm sorry, where is there a police "right of access" written anywhere? There is something about searching and seizing after due process but "access" isn't written anywhere. If police have a warrant and search one of my documents and find they can't read it after nary a glance, there is no obligation on me to translate it for them.
Yeah, I took that as just more of the same state power expansionist bovine excreta that I know for a fact he doesn't believe. I'm all for him putting his money where his mouth is so when is he going to start pushing for legislation mandating the release of police body cam footage? I'm guessing he'd start trying to justify that certain "zones of privacy" are more private than others.
The speech as prepared for the Attorney Gen is here
However there is a distinct absence of emotive descriptions such as bastards, daesh-bags etc.
I'd prefer to know what someone said, not an over the top paraphrasing - and if he really did use some or all of the language used in the piece then identify it.
The Reg is entertaining but don't over-egg the stories!
...on rooted Android phones:
"These are our chat apps to use from now on. They have end 2 end encryption with no backdoors. When the US government tries to tell us we are required by law to put in a backdoor. We will tell them to fuck off"
This is what will happen. This is what the two fucking idiots in power are incapable of understanding.
I created a script to create a block of 500 to 1000 random characters. On various e-mails, I would cut and paste these behind a Mime header. Apparently it was driving the scanning software berserk as I had a friend who worked for one of those places that don't exist call and politely request that I please stop doing that.
"Crime rates are dropping..."
No, More people are Coming in and being Born than committing crimes...
Always Hated that "per 100,00" nonsense....
There are 5K plus new murders but since our population has gone up it's
obfuscated by the number of "citizens"....COUGH**UK Knife Crime**COUGH
Comparing crimes per a set number allows comparison over time and across borders because we have a set scale. You can compare the number of knife attacks in the UK and the US but the number itself is meaningless until you look up population and do some maths. Same with looking at London in 1960 and 2019. The population has increased and that context matters.
At risk of massive downvotes: "This kind of special secret access has already ended in disaster". It might have, but the example given with the Juniper backdoor isn't one of them.
What they are asking for is a process where they can approach WhatsApp, armed with a court order, where WhatsApo can validate the request and then silently add the TLA to the conversations. This is nothing like the Juniper cast which is unlimited, uncontrolled, autonomous "root" access through a single unchangeable secret.
Where are the examples where these powers that have existed in PSTN networks for decades have led to disasters?
"What they are asking for is a process where they can approach WhatsApp, armed with a court order, where WhatsApo can validate the request and then silently add the TLA to the conversations."
But, at present, secure comms apps (don't know about WhatsApp any more since Facebook bought them..) are encrypted end-to-end. So in fact what they are asking for is flawed insecure crypto systems with master keys built in. Which WOULD be found, just like with Juniper.
I think the real question is should encryption be strong. Should encryption be weak enough that the government can go in and transfer money out of your bank account? Anything that a government can do online, so can the terrorists. And that means that weaker encryption is actually enabling the terrorists to get into us honest people's bank accounts. Why do I want to enable a terrorist to be able to access my honest and lawabiding money?
Who's going to trust a US technology company anymore? Can't trust them as a supplier after Huawei ban. Can't trust the product because it is designed so that it isn't secure.
US technology companies are barred from supplying Huawei because they put back doors in their products. US technology companies put back doors in their products. Therefore, US technology companies cannot supply US technology companies.
If the cops and Feds can't ... hear people whispering ... , you will install ... personal recorders ... for us, regardless of the security hit, US Attorney General William Barr has told the technology world. While speaking today in New York, Barr demanded eavesdropping mechanisms be added to ... all P2P activity ... .
If you're not the military nor in big business, you'll just have to suck it up, and use that ... personal recorder... system for your personal communication and commercial dealings, Barr argued. Otherwise, he claimed, criminals, who are able to ... whisper ... outside the grasp of the law, would have a free hand at the expense of society. And again, over what? ... Whispered ... sex ... and ... private conversation...? Get real, nerds.
Whats to stop the tech co's just upping and leaving the US if they dont want to install backdoors? The US doesnt own the internet and without a China like great firewall they cant stop their citizent using apps and services from other countries where encryption isnt banned. Sometimes the old ones are the best....Use a free email account, write a draft message, dont send it. The person you want to communicate with has access to the same account and just reads the draft. Mail is never sent anywhere, nothing to intercept. There are many many ways to talk without other knowing what you say and hardly any of them rely on technological encryption.
One that spring to mind is going old school and have a particular obscure book that you use for your encryption / decyrption 3 numbers to determine a word which equate to pagenumber, line number, word number. As long as both people have the same book then bobs your uncle, secure comms. You could even have multiple books and have a reserved number pattern or header which instructs the recipient to switch books / which book to use for decryption.
So, we think bad people use off-the-shelf packages to communicate? Why would a bad actor use a well known system to communicate. May catch the low skilled actors, but not the highly skilled actor that have the capability to create their own apps/comms system and encryption schemes.
The approach suggested will just lower the trust in US IT/Cloud providers not to snoop or accidentally release information
Nothing is stopping them. They have no real need to do any work, either ... very strong encryption already exists, is in the wild, is available for the price of the download, and can't be swept back into the worm can behind the open stable door.
However, Barr and his ilk would rather we don't shift the curtain to expose the man behind it.
Barr must be out of his freaking mind, whatever is left of it.
Capitalists have ruined our planet and our country. They have been released from all sanity in Dump-Fu¢k's assault on our institutions.
My privacy is 100% more important than his ability to catch a pervert caller.
They already have the ability to listen in on live telephone calls, why does Nut Barr need to see our MOST personal device?
KEEP YOUR FAT ASS FINGERS OFF OF MY FREAKING PHONE, NUT BARR.
Trump and his side push through something truly ghastly, but are (mostly) prevented from truly benefiting from it due to the outcry. The outcry is turned into a partisan us vs. them issue over the next years.
Then, when the next Democrat becomes the president, suddenly the by-now politicized outcry is muted, and the new White House then proceeds to do nothing substantial to repeal the particular evil. Instead, in a couple of years, we find out hints that the new capabilities are being used as a matter of course, continuously expanding in scope, just couched in some bureaucratic obfuscation. The next president, either Republican or Democrat, then continues this fuckery, as supporting it has somehow become the bipartisan consensus.
Fool me once with Dubya and Obama...
Further, the Office learned that some of the individuals we interviewed or whose conduct we investigated-including some associated with the Trump Campaign — deleted relevant communications or communicated during the relevant period using applications that feature encryption or that do not provide for long-term retention of data or communications records. In such cases, the Office was not able to corroborate witness statements through comparison to contemporaneous communications or fully question witnesses about statements that appeared inconsistent with other known facts.
-- The Mueller Report
A) What a gaping asshole.
B) So, he wants to have US vendors do the same things people exactly like him are claiming Huawei is doing, and using as an excuse to try to lock them off the market. Besides being an asshole who does not care about privacy he's a hypocrite.
C) I'll just stop with Ben Franklin's quote: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
Some of the best encryption is written and deployed by folks beyond the reach of your legal system. So, scream and kick all you want in that little tantrum on the floor. You are not all powerful, and have no background in software or encryption. Please stop making a fool of yourself. Once you take 5 minutes to actually read about encryption, then perhaps after a few math classes you'll realize just how silly and impossible your silly-speak is.
Please take just one second to review history and how backdoor's have been used by state actors to facilitate assassinations, plant malware, cripple commercial activities and endanger even hospitals and schools. Encryption IS a form of protection against criminals, not just a tool used by criminals.
Note: Anyone can write an encryption algorithm, I've written several. Anyone is free to make an app and use that encryption. Anyone in any country can do this.
Passing laws that can not ever be enforced is political grandstanding and nothing more. It weakens our country's security, and endangers law abiding citizens.