# Americans should have strong privacy-protecting encryption ...that the Feds and cops can break, say senators

In its latest attempt to come up with a digital encryption scheme that's both secure and not, the US Senate Judiciary Committee on Tuesday heard conflicting testimony from industry, academics, and law enforcement about whether encryption can simultaneously protect information and also reveal it on demand. Committee Chairman …

1. #### For a given value of two in politics

2 + 2 = 5

Which is true for large values of 2.

Politics assures us to have very large values of two, every time, by repeating it often enough. Therefore, politicians can guarantee the correct sum, regardless its actual value. See, we can be have a cake and eat it at the same time; you just need a politician assuring us the correct large value of the cake!

1. #### Re: For a given value of two in politics

Upvote and pedant note: next time use a sum of >5, because, where the numbers are written to 1 significant figure (or 0 decimal places) 2+2 can legitimately be 5, or even as low as 3.

1. #### Re: For a given value of two in politics

I suspect that was his point, it's a common enough mantra in science and engineering circles when including the (for large values of two) qualifier that he already had. It's the fact that it is correct that makes it such a mantra.

1. #### Re: For a given value of two in politics

gosh imagine if mathematicians had terms that define the properties of the type of number, those were based on the level of precision and how close to the important integer value one was, and eventually they were used for the basis of the mathematical type system that computers merely implement...

Since we're all unpacking the implications of sarcastic phrases, imagine how much information you'd have to selectively discard to report that 2+2=5, and the kind of person who'd do that knowing that everyone listening knows they're obviously gaslighting even if they can't describe exactly why....

2. #### Re: For a given value of two in politics

"2+2 can legitimately be 5, or even as low as 3."

Only if you are looking at a measured value. From a purely mathematical viewpoint, 2+2 cannot equal 5 (or 3).

2. #### If politicians were mathematically literate

Nations would not run up unsustainable debt that will never be paid back. (Or default on sovereign debt.)

1. #### Re: If politicians were mathematically literate

We don't have unsustainable debt, we have a, um, working overdraft.

1. #### Re: If politicians were mathematically literate

It's not really an enforceable debt if you are a country with it's own military, and your creditors are not.

2. #### Really?

"no American should want a device that becomes a safe haven for criminality."

I am an American. My house has walls that protect against outside eyes. My car has a gas pedal, which (on occasion) has led to speeding.

Do I want both of those? Yes, I do. Do I consider myself a criminal? No I don't. Does the government think I'm a criminal? I'll let you know.

In my mind, the tool - whether a gas pedal or encryption - is not criminal in and of itself. Its use is what determines that.

1. #### Re: Really?

Yes but it's not like you can own anything really dangerous like a machine gun

1. #### Re: Really?

The NFA has made the cheapest machine gun almost \$20k, and it still requires a 8+ month wait for the processing and background check.

1. #### Re: Really?

But you can still own a machine gun in America.

How much and how long for an assault rifle, a pretty deadly semi-automatic firearm as has been demonstrated in many schools, malls and places of worship pretty much since they were available to the public. And yet you never learn...

1. #### Re: Really?

They tell you gun control doesn't work, then you turn on the TV and see a terrorist in London can't get one, so has to turn up with a knife and a fake suicide vest.

And he then promptly gets wrestled to the ground and has the shit kicked out of him by passers by before the plod turns up to really ruin his day. When you have gun control, even a guy with a narwhal tusk ripped from a display case is enough to stop a terrorist. In the US, they need swat teams to stop a skinny kid at school or some fat bloke in a hotel from mowing down dozens of people.

But, they say, knives are *just as dangerous* as guns, as are cars. Yet, they still insist that US troops be armed with assault rifles rather than potato peelers and toyota corollas, so you know they don't believe it.

2. #### Re: Really?

Actual assault rifles are in the same category of weapon as full-on machine guns(the official dividing line is two or more shots with a single trigger pull). "Assault weapon" is a meaningless term that encompasses whatever the utterer feels like, which can mean anything from scary-looking versions of ordinary rifles(which are sold mostly on their looks) to almost every last semiautomatic weapon in existence. And just to cap this little rant off, the "A" in "AR-15" is short for "Armalite", the company that made the original design.

With that bit of pedantry over, feel free to return to the debate.

2. #### Re: Really?

So the US constitution permits that states or the government *can* apply rules that say certain types of weapons can require special permission, checks and costs that effectively prohibit ownership by most citizens?

And furthermore, the weekly school and workplace massacres in the US are almost always NOT perpetrated with such 'illegal' assault weapons, but instead with consumer versions that are easier and legal to obtain.

Fascinating. It's almost like gun control doesn't conflict the the constitution, and is effective?

1. #### Re: Really?

"massacres in the US are almost always NOT perpetrated with such 'illegal' assault weapons, but instead with consumer versions that are easier and legal to obtain."

DING DING DING DING DING DING DING DING DING DING, WE HAVE A WINNER

Now do you see where the problem lies?

1. #### Re: Really?

"Now do you see where the problem lies?"

Yes, the over prescription and lack of supervision of people on serious psychoactive drugs. Both being on the drugs and stopping taking them are both shown to cause people to become violent. Many of the shootings in recent years have been by people on these sorts of prescribed medications. There may not have even been a good reason why they were put on these drugs in the first place other than being a bit more rambunctious kids than the neighbors little brats.

2. #### Re: Really?

"Does the government think I'm a criminal? I'll let you know."

No, they'll let you know. But they probably do, they just haven't got round to deciding which crime but they're sure you should be placed under surveillance.

3. #### Re: Really?

"the tool - whether a gas pedal or encryption"

or a knife. Or a firearm.

1. #### Re: Really?

Or a pencil. Or a map.

4. #### Re: Really?

The argument can be extended to cover banning cash to thwart criminals. Nevermind that sans banknotes, criminals will trade in other valuables. I'm old enough to remember when a box of CPU's or RAM could be more valuable than the same size box of Gold and a heck of a lot less massive.

A crowbar can be used to break into a business to steal property or it can be used to pry open the door of a burning home to save somebody's life. It's just a tool. I use my car for work. A car can also be used to get away with the contents of a bank's vault.

Encryption can be used to cover up the plotting of a crime and it can also be used to keep a governments secrets.......... ummmmmm. Maybe that's not the best analogy.

3. He wants a design rollback to a time when Apple held the keys to its products and could thus provide them on-demand, for better or worse.

Erm, Apple still has the keys -- this is shown every single time they issue a signed OS update. To pretend they don't is delusional, and it remains an open question of whether or not Apple (the company) can in fact be forced to issue updates to allow government entities to break in to specific devices.

I politely suggest these legislators go first, allow every single lawyer across the nation to go through their daily lives. If they aren't in prison due to various crimes (even reckless driving -- aka 10 MPH over the limit -- will get you locked up in certain US states) after a couple of years, or thrown out of office due to various private acts the public won't stand for, then we'll take a look at their proposals.

1. "Apple still has the keyskeys"

the plural "s" is important. There are multiple keys involved in every device.

Apple do indeed retain some keys to allow them to update the device. No delusions, they do Other keys, in particular in Apple's case, are generated at first configuration and stored securely on the device and Apple has no access to them.

Yet more keys are generated when you configure certain Apps, and they are secured behind the device user owned keys.

So where do the Government want to put the responsibility? Because Apple (or any other device manufacturer) are not in control of all places keys are generated.

1. So where do the Government want to put the responsibility? Because Apple (or any other device manufacturer) are not in control of all places keys are generated.

No, but they COULD have the device store or generate the keys in an accessible to them manner. I'm not suggesting they SHOULD, but to claim they can't isn't helping, it's stalling, and that only ever works for a while.

What needs to happen is a proper grown up debate without the trench warfare, and then a decision made by the populace, sort of like democracy, which is then enacted by all parties. That debate could go either way, but the alternative is the tech companies stall and eventually the government steamroller through whatever they want to do.... and I'm not sure any of us actually want that.

I think there's a good argument to be made in that the key repository would become one of the biggest hacking targets on the planet, and compromising it could leave to personal, and economic devastation as well as war if its found to be state actors behind the hack. I think there's a good argument to be made in favour of the right to privacy. Those arguments aren't being made because they're hiding behind the fig leak of impossibility.

1. #### the fig leak of impossibility

I don't know if I should up-vote or down-vote...

Most of what you said is reasonable... The fig leaf of impossibility however is not; and it is I suspect the reason for your current down-votes.

The the crypto boffins tell you that there is no way to build a secure crypto system that contains back doors... They do so with reason.

What you effectively doing; is wanting to go up AND down at the SAME time. It's a physical impossibility

4. This reminds me of that Malcom Turnbull (former Australian Prime Minister) quote: "The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia". It was on the same subject, too, in which he insisted that they needed encryption which was magically secure against evil hackers but also insecure if a Good Guy™ wanted access.

1. Those who can do, those who can't teach and those with no clue got into politics...

Reg we need a drooling idiot ICON especially for politicians.

1. #### Reg we need a drooling idiot ICON especially for politicians.

May I suggest a Tangerine?

1. #### Re: Reg we need a drooling idiot ICON especially for politicians.

@hplasm, "May I suggest a Tangerine?"

That would certainly be a risky prospect for politicians!

1. #### Re: Reg we need a drooling idiot ICON especially for politicians.

That would certainly be a risky prospect for politicians!

That makes it even better.

5. #### This is like the political argument that huge tax cuts pay for themselves

Partly true, but if you cut the tax rate from 20% to 10%, you pretty much have to double the taxed activity to get that lost tax revenue back. That is a huge hill to climb, except in taxes on some very specific types of transactions that are highly price/return-elastic.

1. #### Re: This is like the political argument that huge tax cuts pay for themselves

Of course if you cut the tax rate to 10% for only 0.01% of the population that happen to be your friends...

1. #### Re: This is like the political argument that huge tax cuts pay for themselves

I think what you want to do is mention something about 501(c)(3) in the USA, which _APPEAR_ to be somewhat ABUSED, to not only SHELTER income from taxation, but to use it improperly to engage in (let's say) questionable purposes, like political activism (right George?)

So, for THESE very rich people, who might have a foundation or 10 that are 501(c) tax exempt, all of the money poured into these non-profits is just THAT, i.e. TAX EXEMPT. if you THEN use it to "buy something" you want, whether it's inflated salaries to friends and relatives, or uber-special vacations for board members, and maybe some stealth-political-activism in the form of employees that are effectively paid to BLOG all day, you end up amplifying the effectiveness of whatever money you funnel into these things. And your personal overall effective tax rate gets lower, and lower, and lower...

But of course you'd have to be SUPER wealthy for any of this to work.

2. #### Re: This is like the political argument that huge tax cuts pay for themselves

The Laffer Curve discusses this sort of thing

/me withholding political pontification on this subject - worth mentioning I don't agree with a lot of the details in the wikipedia article, yet it DOES describe the basics pretty well

3. #### Re: This is like the political argument that huge tax cuts pay for themselves

Partly true, but if you cut the tax rate from 20% to 10%, you pretty much have to double the taxed activity to get that lost tax revenue back.

Not really.

If you cut income tax by 10% a decent slug of that "lost" money will be spent, and subject to 20% VAT. Some of the rest of it will be invested there by producing more economic gains in following years and so a greater number of pounds taxed at the new rate and a greater number subject to VAT when spent.

Some of it will be spent on road fuel where the price is already mostly tax, thus substantially increasing the tax taken on those pounds.

The Laffer curve is about as well proven fact as anything in economics.

Missing from all of the above is the fact that due to low taxes, more of the "black economy" comes back onto the table and moves from a rate of zero tax to the new lower rate.

1. #### Re: This is like the political argument that huge tax cuts pay for themselves

"Missing from all of the above is the fact that due to low taxes, more of the "black economy" comes back onto the table and moves from a rate of zero tax to the new lower rate."

California is finding out this sort of thing the hard way... again. Pot was legalized for recreational use and one of the arguments was that by being legal, it could be taxed. That sounded so great and the politician all got raging hardons (even the women..... it's hard to explain other than "California"). Now the price on the black market is cheaper than what it costs at the corner shop with the green sign and there are motions to add even more tax to one link in the supply chain or another. The upside is that pot is legal to have and consume. How is The Man® going to know where you got it? You can just claim to have grown it yourself (which many pot heads are doing anyway).

When taxes are so high that the risk of avoiding them is offset by a pile of money, many people will opt for the pile of money. Although in the UK, when it was legislated that people making bio-diesel had to register and pay the taxes on the fuel, people queued up. It was later decided that you didn't have to sign up and pay the taxes if you didn't produce over a certain amount. The paperwork involved was costing the government way more money than it was bringing in. The cost to process the taxes on 20 liters is the same as 20,000.000 liters and the 20 liter bloke needed a lot more support to fill out the forms correctly.

1. #### Re: This is like the political argument that huge tax cuts pay for themselves

This sort of thing has happened many times (particularly in the USA where total taxes on various items can vary even across towns and cities within a state).

A couple I can think of:

Back in the 90s the price of tobacco products in Michigan (and in particular in Detroit) rose dramatically; the only problem here is that Canada is but a short drive away so the locals would take a day trip once a week (you know - visiting family or attractions) to stock up.

(I am not advocating tobacco usage, merely highlighting a perfectly foreseeable outcome).

The same sort of thing (and much harder to stop) occurred at the border of Massachusetts and New Hampshire for both tobacco and alcohol.

Another short sighted policy (this time by a university campus near where I used to live) was to require that all users of the car park (including the staff) had to pay to use it (and it was expensive); the upshot of course was that everyone parked on the streets (including residential) and massively increased local congestion. The car park was always empty except for those with exemptions from the charges.

Such people seem incapable of thinking things through logically, and the same goes for encryption.

Speaking of which, the name of the game is to make decrypting something more expensive than the value of the information; end to end encryption raises this bar significantly (as it should). If law 'enforcement' think something bad is being planned, they can always do what we used to do - you know - surveillance, who is meeting who and so forth. These are things we know work (although not always very well, admittedly).

Having been in electronics and high tech for a long time, I am always amused at some people's (particularly politicians) faith in technology. It is certainly useful, no doubt about that, but believing it stands as a complete replacement for other methods is very silly indeed.

4. #### Re: This is like the political argument that huge tax cuts pay for themselves

The problem is that at the 20% rate there are all sorts of loopholes, deductions and credits that were added to the legislation so certain entities aren't affected in the same way. They wind up paying 2 or 3%. If the rate were dropped from 20% to 10% AND all of those exemptions were removed, actual collected revenue would go up (and accountants would be cutting staff).

It has been shown throughout time immemorial that making taxes simpler and less rapacious brings more compliance. It's just harder to play politics if you take all of the shenanigans out of the game.

6. If such encryption did exist, the bad guys wouldn't use it; only law abiding citizens.

but I have a feeling that the government know this and are fine with that; I don't think they really care about the "bad guys", they instead want the control and knowledge of what their denizens are thinking at every moment so that they can control and contain them. This is purely about power.

1. Yes, but think about the children!

1. "Care about the children" - All joking aside, I do care, actually, and to really protect the children, we need their web traffic and device storage ENCRYPTED for privacy reasons, at the very least.

But let's not stop there... NOT being tracked, marketed, exploited, etc. should be high on the priority list as well. Right Google? Microsoft?

And if it is possible for any government to go on a "fishing expedition" ["don't worry if you have nothing to hide" you say? have you been paying attention to the news inside the U.S. House of Representatives? have you EVER been falsely accused? Have you EVER gone through a divorce? "Fishing Expedition" is your WORST NIGHTMARE! ], if it becomes THE NORM to have your data rifled through EVERY TIME you are interviewed by a police officer, or (worse) WHEN ENTERING A FOREIGN COUNTRY, then your rights have just entered the bottom of the vortex and gone down the pipe.

Anyway, some of this should just be obvious to the most casual observer. And it's always "ok" when it happens to "someone else", until it happens to YOU...

as for me, all I have is a pre-paid "dumb phone" and anything of importance isn't stored on any OTHER computing devices I might carry with me. A lot of people don't like that idea, and so UN-CRACKABLE encryption SHOULD be "the norm" so you don't HAVE to!

1. Horse Hockey Pucks to EVERYONE who dislikes STRONG encryption !!!

EVERYONE should be going over to Quantum Computing Resistant encryption schema (aka stops Shor's Algorithm hardware!) That means Multivariate, One-time Pad, Super Singular, Symmetric Key, Lattice, etc)

https://en.wikipedia.org/wiki/Post-quantum_cryptography

NO LAW OF MAN stands against the laws of MATHEMATICS !!! Math Wins! Humans Lose!

Get over it! One can make ANY high level quantum computing resistant encryption system work as a separate layer that runs on top of EVERY web browser which means YOU can encrypt EVERY Facebook message, Instagram post, internal email, and every web based mail message within such online mail services such as as hotmail, gmail or yahoo mail and it will be GIBBERISH to anyone else except the local machine and/or authorized persons who have their own long-bit-length keys! Even WhatsApp messages can be encrypted on the fly within an over-top-of-browser-layer encryption/decryption code running as an HTML or Javascript applet !!!

.

P.S. I am NOT Bombastic Bob BUT I MAY BE a possible Canadian descendent or possibly even a distant over-the-pond relation -- Who Knows?! ...OR... we may be BOTH just crazy-in-the-head programmers whose frontal lobe executive reasoning brain parts have been well-affected by the same taste for 15+ year old Asbach Uralt German brandy poured over ice or drunk flashed steaming hot with a white hot fireplace poker!

.

.

2. I do, but they cry so much when you show them the spit they'll be roasted on. Besides, I like regular pig better. "Long" pig can be a bit stringy.

7. #### Imaging for a minute if this was possible.....

What would they want next? The ability to read minds? Seriously, there really isn't a need for this, and it's only on the law, for want of better word, enforcement's excuse making, of we cannot do our job because possible criminals are hiding encrypted data.

Surely the only use for this is wholesale intelligence and mass surveillance. Why the fuck can't the three letter agencies do their fucking jobs with their huge fucking budgets with pointing resources to specific targets using traditional investigative techniques? Are they that useless? For fucks sake when are the people going to wake up?

1. #### Re: Imaging for a minute if this was possible.....

No, the next logical step is legally-mandated surveillance cameras in everyone's home. Almost all criminal activity begins in someone's home, after all. But don't worry, nobody will actually watch the recorded video without probable cause, pinky-swear.

1. #### Re: Imaging for a minute if this was possible.....

The name escapes me... I swear it had some numbers in it and was some sort of year.

1. #### Re: Imaging for a minute if this was possible.....

"1984? Ya right man. That's a typo. Orwell is here now"

[ From the movie 'Hackers' - 'Cereal Killer' aka 'Emmanuel Goldstein' said this ]

2. #### Re: Imaging for a minute if this was possible.....

"No, the next logical step is legally-mandated surveillance cameras in everyone's home. "

It has no need of being legislated. People are doing it to themselves and this holiday season should be a windfall for TLA (Three Letter Agencies).

SMART - Surveillance Marketed As Revolutionary Tech (seen right here on El Reg).

There was just a story in the US where a nurse that worked night shifts used a Ring Doorbell in her daughter's room to be able to check on her from work. Somebody hacked into it within 4 days and was being really creepy. The punters never see this coming.

8. UK just as bad, worse going on about "the low rape conviction rates" without actually considering what the evidence actually was, or whether the accused was guilty in the first place, no a rape complainant is now a "victim" and their allegations MUST be believed without question, to the extent that Scot.gov wants to remove the ability fo cross examine rape complainants, instead the defence will be able to submit a list of questions to be asked and answered on pre-recorded video to be shown during the trial, tipping the balance towards the complainant massively and likely with an end point of "guilty as men are ALL rapist scum so why waste time on a trial"

Blackstone's Ratio and Habeas Corupus ripped up in one fell swoop....

1. You make it sound personal.

1. #### re: personal

Having a friend that served 2 years of a 5 year sentence after being wrongly convicted of raping a minor, I'll tell you there should be no exceptions!

Conviction quashed as the building in which the little bitch said it happened didn't exist at the time she alleged the rape took place.

No compensation, and no charges were levied at her for lying under oath, or taking 2 years of his life.

1. #### Re: re: personal

Sounds like the defence didn't do a very good job if they didn't discover the building issue prior to the trial. I'd be suing the lawyers for the compensation.

2. You make it sound personal.

You make it sound like you can guarantee you and nobody you ever care about will be subject to a false and malicious allegation.

I never have been, nor has anyone I care about, but my ability to predict the future becomes limited the further we progress from today. Doesn't yours?

1. You're leaping to one fuck of a conclusion about me there.

I wanted to find out why our anonymous friend felt so strongly that he felt the police and justice system's attitude was "their allegations MUST be believed without question" rather than the more accurate "their allegations MUST be properly investigated". Many people who have been sexually assaulted don't go to the police because they don't think they'll be listened to, and no-one is going to get their day in court without a police investigation and a CPS referral. Our friend is justifiably angry about the miscarriage of justice suffered by his friend, but has reached extreme conclusions when he says truly ridiculous things like 'a rape complainant is now a "victim"' (hence most of the downvotes he garnered, I would guess).

9. #### False dichotomy

The choice isn't between "unbreakable encryption vs exploitable backdoors". You don't have to add a backdoor, just make sure it's possible to use the front door.

If a communication is fully encrypted from end to end, that still leaves two ends. Take control of either one of those, and you will probably be able to access the content of the communication. I have no problem with the feds doing that, when circumstances warrant it.

Of course the owner of the end in question may be so paranoid that they carefully delete both the decrypted text and the key used to derive it - but in that case the communication really no longer exists (to put it in 19th-century technology for the benefit of lawmakers, it's like burning a letter) - so you wouldn't expect to retrieve it if you searched the subject's personal effects, either.

10. In a perfect world a government back door in encryption would mean a return to snail mail or in person for all financial transactions.

11. Law enforcement has the ability to read encrypted information, called probable cause and a search warrant. The FBI is abusing and pillaging the FISA database, so I see no need to entrust them with more power to abuse. Rather comical that they site a case where they paid tens of thousands to unlock a phone that gave them zilch. An unconvincing argument.

1. I'm sure the senator (D) would be happy for all her party's communications to be in the hands of the president. Surely that's the whole point of a democracy = the winner is always right ?

12. #### Magical thinking...

[edits are mine]

"We can be certain that if we build a backdoor for the US government, [the] government, including [ours, can be another] repressive and authoritarian regime [just like those others all] around the world, [we] demand access or try to gain it clandestinely, including to persecute dissidents, journalists, and their political opponents,"

There; Fixed that for them.

13. #### If they were *really* thinking of the children...

... then things like 'the seal of the confessional' and client-lawyer privilege, etc. would also be under discussion. But since most abusers are known to their victims, no technology, no communication and thus no encryption is involved in the abuse; this is a false flag, the real concern is political dissent.

Look how much the 'leader of the free world' admires repressive dictators that can suppress their populations. Heck, if you've got oil like the Saudis, you can murder U.S. citizens and journalists at home (9/11) and abroad (Jamal Khashoggi), and there's no blow-back.

1. #### Re: If they were *really* thinking of the children...

I do not think that phrase meant what you think it means...

'For the children' (to me) is more like a generational thing - the basic idea is to leave the next generation a world which is BETTER than the one left to US.

"Only back-doorable encryption" isn't "better" - that's like saying "only master-keyed locks on your door"

1. #### Re: If they were *really* thinking of the children...

@bombastic bob

Unfortunately, “think of the children” as (ab)used by politicians is almost always about the current darling tykes - “you don’t want *anything* slightly bad happening to your preciousssss do you?”. If people considered your interpretation then this planet wouldn’t be as messed up as it is.

14. Why not go via front door?

1. that's what SHE said

15. Why not request access via front door instead?!

No need for back door then.

16. #### Cyrus Vance's argument

That Apple didn't have any breaches of its "locking" scheme prior to 2014, is like me saying "the US military doesn't need any encryption beyond WWII Navajo code talkers, since that was never breached".

Just because no one has ever picked the lock to my front door doesn't mean it is as secure as it could be, and I should retain the right to upgrade its security without waiting for someone to break in first.

17. #### What's the problem?

This is just like the old days when heat and fire became illegal because criminals were burning the documentation of their crimes.

1. #### Re: What's the problem?

If we ban burning books then only the criminals will burn books

18. #### Whenever Lindsey Graham and Dianne Feinstein are involved in a debate about crypto ...

... you can rest assured that the end result cannot be anything but an epic, incomprehensible clusterfuck.

Nothing really new here. We go through this ritual every two or three years or so, with entirely predictable results.

1. #### Re: Whenever Lindsey Graham and Dianne Feinstein are involved in a debate about crypto ...

@ST

Sadly, the results are not predictable. As the old saying goes, they* only need to win once - and they will keep hammering away until they get what they want. So, eternal vigilance and endless patience needed. Good luck with that in these attention deficit... oooh look - squirrels!

*they - feel free to define as you will.

2. #### Re: Whenever Lindsey Graham and Dianne Feinstein are involved in a debate about crypto ...

Indeed. They're both sworn enemies of civil rights. Just goes to show that party affiliation is no obstacle to supporting the police state.

19. #### [Sorry...Repetition] But what if the "bad guys" use encryption.....

....BEFORE the bad messages enter the "end-to-end encrypted" channel?

*

Take a look at the material about the Beale papers. Two out of three messages have not been decrypted in more than 100 years. If a book cipher (widely derided by "experts") can protect a message for that long, then the "bad guys" simply don't need to worry if their private cipher is called "inadaquate" by "experts".

*

The question of the existence (or not) of backdoors is ENTIRELY MOOT!

*

Maybe someone can decrypt this inadaquate book cipher message, say in a small amount of time, say a day or two.

*

1R6C0Aks0pH50ZIE0CRv1Nro0laL11tD0EIC08Jt

0WI40f4m0r4G0t8b1krM0MX=1bDC08Vw17U60qC=

0UO81lES131c1r4G08w\$0QaW0S3W1gHl0ykD1TsT

1Jh50WRX0KMG0dny1kqf0TS51FUp0D780Uvw0dbe

14yC1nez01\$808Y40yLQ1LZF0AFV0rTB0tP11fP8

0S4i05vO1L350t690JZp0r\$D0ByA0B5V0nNG1bLh

1p=h0Vdh0Rzt1Cfp0zy41VXd0kkK0SCo1Gu00w5F

0sET1eHe17ZL0Fza0Qdk

*

20. #### "authoritarian regimes [...] would persecute dissidents, journalists, and their political opponents"

Don't tempt Mr Trump, in his mind, journalists are enemies of the people, while dissidents and political oponents are personal ennemies, and all of them must be fiercely fought, if not jailed. So a backdoor to persecute them can only be a good thing.

1. #### Re: "authoritarian regimes [...]

Trump is the biggest backdoor in modern history.

1. #### Re: "authoritarian regimes [...]

I have but one upvote to give...

1. #### Re: "authoritarian regimes [...]

Here, use mine.

21. #### The solution is simple

Duplicate each plaintext message before transmission, encrypt twice with two different unique public keys, one is for the actual recipient and an encrypted duplicate for the ?FBI? to store forever, always encrypted (only to be decrypted with a valid court order in a very small number of high security physical locations).

How many senators would choose to use such a system ? Function test it with ALL senators (they can only use secured government approved communications, and make it a crime for them to not use the system). See how long it takes until the bad idea is scrapped.

1. #### Re: The solution is simple

Also needs to be a crime for them to meet in private or use paper. ALL communication, no matter how private or banal, goes through the system.

And when (not if) the ravenous lawyers just waiting with probable cause (statistically, after two years there's bound to be evidence of *some* crime in there) root through the entire contents of those senator's lives for those years...

...they'll have *lots* of time post-trial to contemplate the nature of law, encryption, and privacy, with no pesky distractions whatsoever.

2. #### Re: The solution is simple

Such a solution would be used by law abiding people; it would not be used by: criminals, terrorists, pedophiles, ... The very people who this is supposed to deal with are the ones who will not use it & so not be caught.

In spite of what they say the politicians are not that stupid. So who's private conversations do the really want to pry into ?

22. said Feinstein. "In American law there is no place that's immune from inquiry if criminality is involved,"

Ok... you and the rest of Congress (both houses) and Admin branch go first. And maybe just uncrypt all government communications? Nothing to hide, nothing to fear, right? I'll go sit quietly over there by the beer cooler and wait to see what happens.

Once more, the Constitution comes under fire because government want to take away the right to privacy with some "promise" of never using illegally... I was born at night but not last night.

23. #### Next on the TO DO list...

...for whoever solves this.

Implement a borderless border for post Brexit NI.

Banish famine by providing everybody with a perpetual cake.

1. #### Re: Next on the TO DO list...

>Implement a borderless border for post Brexit NI.

Sell Northern Ireland to the USA

1. #### Re: Next on the TO DO list...

FFS, don't go giving Trump ideas! He's still trying to buy Greenland for his latest hotel and golf course.

2. #### Re: Next on the TO DO list...

Sell Northern Ireland to the USA

The scenery may be pleasant, weather permitting (which it rarely is), but the population is fractious, the summers abysmal, and the weather generally beastly.

And what passes for politicians are even less inclined to talk to one another than the likes of Conservatives/labour or Republicans/Democrats.

2. #### Re: Next on the TO DO list...

The cake is a LIE!

24. #### What is it ....

that these people don't understand?

1) If the Cops and Feds can " break" it, then so can just about anybody else.

2) that if anyone can break it, then it's not "strong".

Oh wait ....

I forgot it says .....

Senators.

Well that enplanes it.

They don't know jack shit about jack shit.

1. #### Re: What is it ....

I'm pretty sure they do know, or at least some advisor or whoever is pushing these laws does. A bit, anyway. One must wonder what their actual goal is, given that you can't really ban encryption or anything - backdoor the popular messaging apps people use?

25. #### Secret communications should always be available

We should ban whispering.

26. #### They should pose this question to the senators

Senator, if we weaken the encryption of your iPhone for law enforcement agencies and the following day someone hacks your phone and posts all your emails, dick pics, etc on the internet, who would you blame? Tech Company for weaking the encryption or you for demanding weakened encryption?

27. #### Missing a trick

Surely the response should be to ask for a large grant to do research into this area for the next decade or so. I'm sure that the answer can be found in some far-off, 5 star, all inclusive resort given enough time.

1. #### Re: Missing a trick

I like your thinking. Let's collaborate. What time does the bar open? I always do better work on my algorithms when I've had a few whiskeys

28. #### I’m not a technologist

"I’m not a technologist, but I’m confident the problem can be solved by a company re-design as well."

Magical thinking, here I come ! It's amazing to see this. I'm wondering how is day to day life when you're such an idiot ...

Probably every day you're wondering how to do your shoelaces before discovering it and being totally amazed by the miracle !

"its pre-2014 phone unlocking process never led to a known security breach... he recalled the situation before 2014, when different security mechanisms on devices were readily removed."

"The pre-2014 security was never breached, except for all those times we breached it."

30. #### The mind boggles

Vance admitted, "I’m not a technologist, but I’m confident the problem can be solved by a company re-design as well."

"Hey Apple, change the way you make things in a way that destroys privacy so we can spy on people en masse while denying we'd ever do that until we're found to have done that. Again."

Why is it always the idiots who have no clue how things work that demand that those who do understand "find a way"? Is it perhaps because they've grown up in an environment where the solution to any issue they have is money and / or corrupting influence? Any laws that have such massive implications like demanding access be made available would never apply to these clowns. If it did there is no way they would be so eager to break the privacy offered.

1. #### Re: The mind boggles

"Why is it always the idiots who have no clue how things work that demand that those who do understand "find a way"?"

Simply because they are ignorant of how encryption works, what it is and why it's used. To them it's something implemented by a tech company, say Apple, so Apple must have control of it and if so, can un-encrypt at their whim.

31. #### This can really work in the USA...

As we have seen, they have done a great job of making sure only the good guys get guns.

32. #### So I watched the Hearing...

All of it. Do not recommend.

There were a variety of questions, some repeated but reframed, but for the most part the theme was two brick walls talking at each other. The Senators had laser focus on "kiddie porn is still a thing, you aren't doing enough, why don't you have a (procedural) solution?", where as the tech rep for Apple's position was "We can't see any (practical) solution to give law enforcement access without weakening encryption for all". The rep for Facebook didn't really have much to add on the subject of encryption at rest (the main focus of the hearing) as FB doesn't manufacture phones.

It boils down to competing priorities, and it's incredibly frustrating to listen to. Apple et alia don't think the cost to end user security is worth weakening encryption for law enforcement access (fair), and the Senators are framing it as an issue of principle, being protection of children (also fair, although a little dishonest in this context).

There were some interesting points raised though; Vance pointed out that most law enforcement agencies / departments don't have the funding to pay for 0-day's and custom tools to break into these devices, which I think is probably something that the Senate and Congress can do something about. Namely, funding and resourcing as a start. As for the custom tools to get access, bulk expensive yes, but there are also a handful of TLA Agencies on that side of the pond who have teams of people dedicated to developing exploits (thank you Snowden et alia for bringing that stuff to light); are we expected to believe that it is impossible for law enforcement and the intel community to leverage their resources between them? Is that really less reasonable than expecting tech companies to compromise the security of their customers?

Beyond that, same shit different day; Senators and other non tech types don't understand the subject matter (with the exception of Mr Lee for this hearing), Round and round and round and round and round and round....

- A lawman who openly claims to not be a technologist but insists that claims there is no practical solution to accommodate law enforcement without weakening security for all as false (para 7 of the opening statement in his written testimony) should be viewed with skepticism

- Same lawman repeatedly asserting that Apple had keys to decrypt stuff before iOS 8, even after the Apple rep clarified 4 or more times that there was never any unlocking (data provided by apple under warrant at that time was not encrypted) indicates lack of basic comprehension skills (yelled at my computer and called the dude a fucking neanderthal at one point)

- And again repeatedly framing the release of iOS 8 as an effort to undermine law enforcement / government at large.

- Prof. Matt Tait asserting that a legislative solution is possible without outlining what those solutions would be is irritating; I would love to hear what these possible solutions are, else how are we all going to look at them and see if they are genuinely useful??? Having said that, I think he's right on the subject of E2E encryption for data in transit (but again, how to implement).

- Senator Whitehouse (approx 1hr15m mark) inferring that companies like Apple introducing full disk encryption etc are somehow morally liable for the harm caused to victims of child abuse is fucking outrageous, and I am baffled that no-one at the hearing had anything to say about that - the parallels to vicarious liability in other industries like automotive, alcohol and firearms are pretty obvious, would have thought at least some of the R's in the room would have said something

- Hearing briefly diverting to "Facebook blah blah data blah blah" is annoying. The points raised are correct, but not relevant to the hearing; waste of time.

- Sen. Mike Lee was by far the voice of reason in the hearing. His first round of questioning was good, but he requested a second round and I think he really delivered there (2hr12m50s to the end of the hearing). Worth a watch if you have the time.

I think the only other point was made firstly by Sen. Graham, but by others too, and that's the "Find a solution off your own back, or we'll do it for you". With respect to the Senator, I think the senate and congress would have as much success doing that as legislating that the sun won't rise on Tuesdays. Unless they can legislate business priorities and consumer concerns under the same power, and guarentee that any process implemented will not be abused by the US government, or indeed any government / malicious actor (re: IG FISA report to see why that's bullshit), they are really toothless in this space.

anyway, just my 2 cents.

1. #### Re: So I watched the Hearing...

About your suggestion regarding exploits in devices: if governments are just meant to hoard security issues in everyone's devices, and then give access to these to every government department that wants to access someone's stuff, that's basically as bad if not worse as some system which "only" gives the government plaintext access to all communications.

1. #### Re: So I watched the Hearing...

I am not sure I agree with you. The system you refer to would be a deliberate weakness which needs to be maintained by vendors (be it key escrow etc), specifically for the government / law enforcement's use.

I think the exploitation route is (marginally) better as the vulnerabilities being exploited will, over time, be discovered and disclosed allowing Apple et alia to patch them. Law Enforcement / the TLA community will need to keep working at it to keep getting access.

To be clear, I am not a fan of the exploit option either; I just think if the government is already hoarding exploits for a variety of reasons, then they would be better off getting broader usage out of that over introducing a systemic weakness to consumer security.

33. It's almost like there's an election looming.

34. #### Obvious use for quantum cryptography

So it can be simultaneously totally secure and crackable by law enforcement. You just need to make sure that only legally authorised people are the right sort of observers to see the crackable version.

1. #### Re: Obvious use for quantum cryptography

Good idea.

Next we should market a form of encryption that is totally secure except against 100% trustworthy people.

35. #### The road to hell....

.....starts at the backdoor.

36. There's a very simple step legislators can take.

They can advertise for expressions of interest from developers. They then allocate a generous amount of money to each competitor to develop a proof of concept system. Each system then gets checked by an expert panel to see if it meets the criterion that it provides good protection for the user with only law enforcement being able to get at the data. If, when the experts have stopped laughing, they deem something suitable to go forward the legislators and official who were pressing for it become the beta-testers using nothing else for at least a year.

Obviously the total amount allocated for proof of concept has to be limited with an agreement before-hand that if the money runs out before they have a system that passes scrutiny they'll accept that it really can't be done or continue to finance development out of their own pockets.

Of course the best way of running the competition would be that they put their money where their mouths are and just finance the whole thing themselves.

37. #### Now imagine .....

If the big tech companies were actually stupid enough to implement this...

Any bets on how long it would take for the Good Guy™ keys to end up outside control of the Good Guys and into the hands of ...well.. the interwebs being what they are, potentially everyone?

My guesstimate would be about 4 weeks, but I'm regularly accused of being an optimist.

38. #### "I’m not a technologist, but"

I'm not a neurosurgeon, BUT, it seems like brain transplants would be trivial.

39. #### Get it from Russia

Apple, FB or any other comms company could dumb down security and put in a backdoor that will be breached days later. That still doesn't stop somebody from buying encryption software from a country that isn't much concerned about how they are viewed by "The West". If it's impossible to load on an iPhone, they'll use Android. There may even be way off brand mobile OS's that are built from the ground up to encrypt everything. They may not have much of an app ecosystem, but that's not what they'll be sold for. What will governments do about that? They can't even locate the scores of companies in China that make fortunes in knock off goods and ship them all over the world. The "forth shift" at places that already make phones could be right in plain sight. The phones on that line just have different software on them but are exactly the same as the other ones they are building that are loaded with Android. All any inspector will be able to take and test will be the Android version.

40. #### NSA loses encryption keys again!

Americans should have strong privacy-protecting encryption ...that the Feds and cops can break, say senators

I can see the title now. The NSA will lose their keys when they get hacked again, and then everyone can see the encryption. Now if the NSA could secure themselves, maybe I would think about letting them have access, but when they keep getting hacked, there is no reason to trust them.

41. #### Dumb, but not THAT dumb!

There seems to be a lot of technical superiority being bandied about, on the lines of "How dumb these politicians are. They don't even know that what they are demanding is impossible!".

Consider for a moment that they are probably not as dumb as all that. They have access to technologists who can use simple words to convey simple concepts. A lot of them are lawyers which points the finger towards morality not stupidity.

So why do they keep demanding "Back doors for the good guys only!" coupled with a Think of The Children and Paedo narrative.

If Law Enforcement fails to stop terrorists and paedophiles then this is ultimately the fault of the Government who hold responsibility for the funding and governance of Law Enforcement.

However if these hipster technologists from California block Law Enforcement because "technobabble" then they are obviously to blame, not the Government.

Consider that in the UK a terrorist was released from prison and not even monitored because, as far as we can tell, Probation Services, the Courts, and the Police are all seriously under resourced and under funded. Shambles is probably an appropriate word in this context.

How is breakable encryption going to magically cure that?

It is cheaper to find a scapegoat than pay money to fix the obvious problems.

Anyone familiar with IT projects and products will recognise the strategy.

## POST COMMENT House rules

Not a member of The Register? Create a new account here.