back to article IT-savvy US congressmen to Feds: End your crypto-backdoor crusade

US Congress' only Comp. Sci. majors are trying to convince the head of the FBI that there's no such thing as a safe backdoor. In yet another attempt to instil good sense in the Feds, Congressmen Will Hurd and Ted Lieu have written an open letter to FBI director James Comey trying to spike the latter's enthusiasm for encryption …

  1. Shadow Systems

    There's a simple way to explain it to them...

    "If I build the lock with a way to open it other than the key I provide to the customer whom buys the lock, then *anyone* with that spare key can open that lock. So if I make a lock & give it more than one set of keys, a second set that could bloom to as many sets as there are users on the internet, would you REALLY like me to install that lock on your daughter's Chastity Belt? Because she'll be just as fucked as everyone else whom uses that brand of lock, knowing every bastard on the planet could potentially have the spare key."

    Watch how fast the bastard backpeddles on wanting that backdoor installed & try not to laugh too hard at the smoke blowing, hand waving, "That'll never happen! We're the Government & we're Secure!" style bullshit starts to flow out their mouths.

    Idiots, the majority of them. At least we've got one or two with a brain they've got the balls to use in our defense. The rest of them need to go up against the wall when the Revolution comes.

    1. Charles 9

      Re: There's a simple way to explain it to them...

      "Watch how fast the bastard backpeddles on wanting that backdoor installed & try not to laugh too hard at the smoke blowing, hand waving, "That'll never happen! We're the Government & we're Secure!" style bullshit starts to flow out their mouths."

      They'll add, "If that were true, you can do it with physical keys, too. Why aren't we seeing a rash of break-ins into high-security sites courtesy of copied keys, hmm?" And any argument you put against it will be applied to the crypto argument. You need an argument that has no physical analogue.

      1. solo
        Childcatcher

        Re: There's a simple way to explain it to them...

        Explaining amounts to supporting terrorists [sarcasm]. By the way, I wonder, how innocent those snoopers are that we need to explain to them.

      2. Christoph

        Re: There's a simple way to explain it to them...

        To copy the physical keys you need either access to a key (very small number of keys, hopefully kept securely) or access to the lock to dismantle and examine it.

        The software backdoors they are suggesting will be available to a very large number of people in different agencies and probably different countries. Any one of those could deliberately or accidentally release the information. That single failure will compromise the entire system, and it will be hugely expensive to replace.

        The 'locks' - the encryption software - will also be available to anyone who wants to examine it to work out the backdoor.

      3. Test Man

        Re: There's a simple way to explain it to them...

        "They'll add, "If that were true, you can do it with physical keys, too. Why aren't we seeing a rash of break-ins into high-security sites courtesy of copied keys, hmm?" And any argument you put against it will be applied to the crypto argument. You need an argument that has no physical analogue."

        I'd say physical keys are the same as digital keys - only one person has access to them. A physical master key or another way to open the door besides the key that came with it is the same as a digital back door - someone will discover it and use it.

        The only way to be secure is to give no one the keys and have no backdoors.

        1. Charles 9

          Re: There's a simple way to explain it to them...

          "The only way to be secure is to give no one the keys and have no backdoors."

          And even that isn't proof against strategically-placed explosives...

      4. Grikath

        Re: There's a simple way to explain it to them... @ Charles 9

        "They'll add, "If that were true, you can do it with physical keys, too. Why aren't we seeing a rash of break-ins into high-security sites courtesy of copied keys, hmm?" "

        Well, Real Life comes to aid there, since most of the physical breaking and entering in "secure" sites revolves around getting access to the physical keys to the place, either through theft, copying, coercion, or simply the "inside job".

        Only an idiot would.... oh wait... we're talking about U.S. politicians, right?

        1. Dan Paul

          Re: There's a simple way to explain it to them... @ Charles 9

          Your country's politicians are no different than ours Grikath.

          ALL Politicians are by definition, uneducated fools and idiots.

          1. Vector
            WTF?

            Re: There's a simple way to explain it to them... @ Charles 9

            "ALL Politicians are by definition, uneducated fools and idiots."

            And that's why I'm shocked that these two congressmen made such a logical, sensible argument.

    2. Planetary Paul
      FAIL

      Re: There's a simple way to explain it to them...

      In the early 1980's my school decided to move into a new building, think about a small campus for some 10,000 students and staff. In order to cut costs, management decided to not implement a modular key system, just plain random locks with only one master key. This meant that department custodians would have to carry around huge key chains with copies of all the keys of their department on them. So the physics and AV depts custodians got together and from a batch of random keys they reduced the master key profile. From this they machined a master key and to make a long story short, half the school staff ended up with copies of it in no time. These were all copied again when management ordered all staff to hand over their master keys, or else. Only when all locks were replaced with swipe card locks recently, was the problem solved.

    3. PassiveSmoking

      Re: There's a simple way to explain it to them...

      That won't work.

      The only thing that will is "If you try to push this through, I won't vote for you again".

      1. Charles 9

        Re: There's a simple way to explain it to them...

        "The only thing that will is "If you try to push this through, I won't vote for you again"."

        That won't work, either. They'll counter, "One smart vote against ten stupid votes. YOU LOSE."

    4. Michael Wojcik Silver badge

      Re: There's a simple way to explain it to them...

      There's no need for simple explanations. The problem isn't that those calling for weak crypto are unaware of the consequences; it's that they find those consequences desirable.

  2. Mike Green

    The thing is, physical locks need physical access to break them. With crypto locks, the thief/spy can be on the other side of the planet, get past all the border control you have and right into your bedroom without going anywhere. With the same hole in the crypto, they can access everyone's data who uses that crypto virtually all the time, whereas it'd take centuries to break into all those physical houses, find their credit cards etc.

    1. Charles 9

      Some people are willing to go that far by using networks of PEOPLE (as in a spy network like an enemy state, a crime syndicate like the Mafia, or a terrorist group like Al-Queda). Which means odds are there's a LOCAL guy SOMEWHERE.

  3. LaeMing
    Trollface

    #closed-source-software-problems

    1. Anonymous Coward
      Anonymous Coward

      "#closed-source-software-problems"

      You're right. The back doors have already been put in FOSS.

    2. Michael Wojcik Silver badge

      Sorry, but the troll icon only excuses entertaining flame-bait, not unoriginal rehashes of tired arguments.

      And it never excuses hashtags.

  4. dan1980

    Here's the problem: the government and the federal agencies won't admit that what they are clamouring for will inevitably make cryptography weaker.

    They are claiming - either through ignorance or outright falsehood - that their plans would provide the access they seek without adversely affecting the security of those using cryptography to keep their data safe.

    They are wrong, of course, but they won't admit it so no amount of reasoned argument and logic can convince them.

    1. Shadow Systems

      @Dan1980...

      I'll give them the combo if they want it: it's 1... 2... 3... 4... 5.

      It's the same as my luggage!

      *Cough*

      On a more or less serious note, that's why I use a 1Tb encryption hash. It gives them something to do & makes it *really* funny when they find out the file it was used to encrypt amounts to "To Do. Change the passkeys on all my encryption. They've just broken the old one. Hi Guys!"

      =-)p

      1. Afernie

        Re: @Dan1980...

        Here in the UK, that sort of tomfoolery will likely earn you a couple of years in the slammer, courtesy of RIPA. Which is depressing.

  5. Crisp
    Boffin

    In other news GPG still supports 2048-bit RSA keys

    And it's all open source.

    I wonder how they would try and put a back door in that?

    1. DocJames
      Paris Hilton

      Re: In other news GPG still supports 2048-bit RSA keys

      It's already there. Now where's my tin foil hat?

      Paris, cos...

    2. This post has been deleted by its author

    3. Hans 1

      Re: In other news GPG still supports 2048-bit RSA keys

      They cannot ... up until 2012, that is, they could not crack PGP.

      Source (inn Djörmann):

      http://www.spiegel.de/netzwelt/netzpolitik/snowden-dokument-so-unterminiert-die-nsa-die-sicherheit-des-internets-a-1010588.html

  6. Hans 1

    Crypto backdoors?

    Not really needed ...

    https://www.youtube.com/watch?v=dy3-QZLTpbQ

    Worth a watch/listen

  7. MacGyver
    Big Brother

    If you've done nothing wrong...

    You know the adage, but I often wonder why the people that spout it still buy curtains. I mean if they have nothing to hide, then why use curtains to block the police from looking inside? I'm guessing it's because normal people could then see in too. If I develop a curtain that lets only the police see through the curtains I could make a lot of money, right? Come to think of, we could do away with the whole "selectable curtain" problem by just hooking a camera up inside of the house, and have it only display to the police. So, I wonder how many of the "no encryption" advocators we can get on-board the camera-in-the-house idea? I mean, if they are doing nothing wrong, then they have nothing to hide, right?

  8. Will Godfrey Silver badge
    Unhappy

    Wrong Discussion

    They are fully aware that the proposed back door is intrinsically unsafe. They don't care.

    In some ways they are like the spoilt brat that would rather destroy his own toys than let anyone else play with them.

  9. Anonymous Coward
    Anonymous Coward

    Pointless

    Trying to speak sense to an armed gorilla and have him lay down his gun is an exercise in futility.

    You have to operate at his own level - just shoot the bastard, then destroy the evidence.

  10. Michael H.F. Wilkinson Silver badge
    Pint

    IT-savvy US congressmen?

    An endangered species, methinks. I propose a toast to this rare utterance of (at least a little) common sense in a sea of paranoia-driven gibberish.

  11. Anonymous Coward
    Anonymous Coward

    It's a real pity

    ...that the populace is so technically challenged and has not a clue about national security in the 21st century. The media loves to perpetuate the false belief that authorities are spying on people's everyday life when nothing could be further from the truth. Most security is simply scanning of mass communication by computers. Unless you're a crim chances are no one even knows that you exist nor do they even care. Protecting the clueless from crims and themselves is a thankless job.

    1. Trevor_Pott Gold badge

      Re: It's a real pity

      Metadata is data, you voyeuristic, sociopathic half-wit.

  12. Tony Haines

    //Second, they make the hard-to-argue point that any backdoor “can be exploited by bad actors such as criminals, spies and those engaged in economic espionage.”//

    But isn't that exactly why they want it?

    Is there a word or phrase for when both sides of the argument use the same fact to draw different conclusions?

    If not, I propose we call it an Adams' dolphin standoff.

    //For instance, on the planet Earth, man had always assumed that he was more intelligent than dolphins because he had achieved so much—the wheel, New York, wars and so on—whilst all the dolphins had ever done was muck about in the water having a good time. But conversely, the dolphins had always believed that they were far more intelligent than man—for precisely the same reasons.//

    ― Douglas Adams, The Hitchhiker's Guide to the Galaxy

  13. nilfs2

    Go FOSS and forget about the Yanks.

    Let the open source community develop the encryption standard without asking permission from the US government, the big IT companies should chip in and adopt the new encryption standard.

    The Internet belongs to no one, why should we care about an oppressive government's opinion? Let's force them to get adapted or get left behind.

    1. Anonymous Coward
      Anonymous Coward

      Re: Go FOSS and forget about the Yanks.

      All you'll do is fragment the Internet. Countries are already getting wise to the fact they can control their country's network by corralling the transit points. After all, the WIRES AND FIBERS are in their SOVEREIGN territory. China's well aware, and there's a fair chance any further attempt to break national boundaries will result in a doubling-down and locking down. IOW, if you cut America off, you may end up cutting everyone else off in the process.

      1. Trevor_Pott Gold badge

        Re: Go FOSS and forget about the Yanks.

        "All you'll do is fragment the Internet"

        Why is that bad? The world would be a better place if the US of NSA were isolated.

        1. Anonymous Coward
          Anonymous Coward

          Re: Go FOSS and forget about the Yanks.

          Because in cutting them off, you'll probably cut everyone else off as everyone balkanizes and walls off their own sections of Internet. Basically, trying to cut off America would probably be the last straw. Without some overarching authority to keep things in line, everyone would go their own way and sections soon won't be able to talk to each other for fear of stuff they don't like crossing. Look at China for an example.

  14. tekHedd

    Seriously, how stupid are we supposed to be?

    In the movies, there is always a secret passage that leads into the castle. The "good guys" use this passage to sneak in. Real castles do not have secret passages like this because a castle with a secret unguarded entrance is stupid.

    1. LaeMing
      Unhappy

      Re: Seriously, how stupid are we supposed to be?

      See: Binary liquid explosives on planes because Die Hard 3.

      If in doubt, consult a competent chemist.

    2. Solmyr ibn Wali Barad

      Re: Seriously, how stupid are we supposed to be?

      "Real castles do not have secret passages"

      Quite frequently they do. In times of yore, security by obscurity had somewhat better chances, as geographical distances imposed a considerable limit on the number of adversaries, and there were no automated scanning tools available.

      1. Anonymous Coward
        Anonymous Coward

        Re: Seriously, how stupid are we supposed to be?

        Perhaps secret passages WITHIN for use as shortcuts by the staff and so on, but real ingress/egress secret passages? I doubt there'd be one unless it was one-way such as a drop-hole escape.

        1. Solmyr ibn Wali Barad

          Re: Seriously, how stupid are we supposed to be?

          Three famous examples:

          - Passetto in Vatican, about half mile long. It provided an escape route for at least two popes. Alexander VI Borgia escaped during a French siege, and somebody else (Clement? Julius?) escaped during the Sack of Rome.

          - Marie Antoinette escaped from the palace of Versailles, when the palace was overrun by the angry mob.

          - Nottingham Castle has a passage which was used for breaking into the castle. To rescue king Edward III, if the memory serves right. And intruders had help from the inside.

          So you are quite right about that part - secret passages are definitely a security weakness. To counter this they were cleverly hidden, rarely used, only a handful of people had the knowledge. Pure obscurity.

          This model wouldn't possibly work for crypto backdoors. There has to be a wide circle of people with an official need to know, thus it's bound to leak sooner or later. Worldwide access - millions of people banging on the doors, some of them are quite bright and well equipped. Hopeless.

          1. LaeMing

            Re: Seriously, how stupid are we supposed to be?

            I would see this sort of crypto back door as less of a 'secret passage' and more 'a well-known back gate to which just about every petty beaurecrat in the city has a key"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like