back to article Hillary Clinton says for crypto 'maybe the back door is the wrong door'

Democratic presidential front-runner Hillary Clinton has waded deeper in to the debate on encryption with the observation that “maybe the back door is the wrong door”. Speaking at a debate for Democratic candidates, Clinton was asked if she would legislate “to give law enforcement a key to encrypted technology”. Clinton's …

  1. Vimes

    She still wants a door though.

    *ANY* door is a problem, since the effect is the same. A door is a door. It doesn't matter if it's a back door, side door or front door.

    1. Graham Dawson Silver badge
      Coat

      <insert something about criminals going in through the wide open windows here>

    2. Dave 126 Silver badge
      Go

      >*ANY* door is a problem, since the effect is the same. A door is a door. It doesn't matter if it's a back door, side door or front door.

      Eh? What Vimes has just described is indistinguishable from running over your computer with a steam roller then throwing the remains into a volcano. There has to be *one* door, otherwise you are deleting your data instead of encrypting it. Perhaps you mean you just want a single door, but a door to which only you or your intended correspondent have the key?

      I say that in a friendly way. If I come across as pedantic, it because the people who are against back-doors ( i.e. broken encryption) largely have facts and accuracy on their side - especially when compared to politicians!

      1. Vimes

        @Dave126

        Perhaps it was poorly phrased and I should have said 'any *additional* door'. People like Clinton seem to think they can add one without weakening things (and that's being charitable and assuming she believes in what she says).

    3. Charles Manning

      Not the back door, try the bathroom door!

      Well she's knowledgeable on the subject having had a private secure-cough-cough server.

      In her case the door would have been to the bathroom she had the server in.

    4. P. Lee
      Mushroom

      >*ANY* door is a problem

      Mebbe its a radioactive door... its installation is a cancer on both privacy and security.

    5. Anonymous Coward
      Anonymous Coward

      Why does anyone care what Hillary thinks?

      She's flipflopped on ever issue that people seem to disagree with on. A very large part of her platform now resembles that of Bernie Sanders'. The reason for that is that a huge number of Americans support Bernie, but he doesn't have the Corporate backing that she does. Bernie has proven over 30+ years in politics that he is not for sale while Hillary's raison d'etre is to increase the Clinton Family Personal Wealth Portfolio by being yet another Corporate owned politician. Granted she's still better than any of the GOP Clown Car of Candiates.

      1. TAJW

        Re: Why does anyone care what Hillary thinks?

        Hmm...at least Republicans can drive. Hillary has no license and hasn't driven for years. That's for us serfs, not the elite like her. She's busy at the back of the car sucking on the tailpipe.

  2. a_yank_lurker

    Clueless is an understatement

    Any weakening of security via backdoors or weakened encryption is a dare to others to find the weaknesses. They are likely to find weaknesses, whether the deliberate ones or others. Either you allow strong security, state of the art security techniques or all communications is essentially send plain text.

    Remember we are talking about someone who rolled their own "secure" email server.

    1. Vimes

      Re: Clueless is an understatement

      Somebody ought to remind the government to be careful what they wish for. They might just get it.

      One U.S. official described it as akin to "stealing a master key to get into any government building."

      ...and said without any sense of irony too & a straight face too...

      http://edition.cnn.com/2015/12/18/politics/juniper-networks-us-government-security-hack/

    2. Dan 55 Silver badge
      Alert

      Re: Clueless is an understatement

      Why would they need to weaken encryption? They'd just need to make a law saying that gov must be able to access encrypted data. Services that offer end-to-end encryption with the server unable to decrypt the data would become illegal.

      This seems to be the UK's answer as well in the IPB.

      1. Raumkraut

        Re: Clueless is an understatement

        Services that offer end-to-end encryption with the server unable to decrypt the data would become illegal.

        You know how some films used to use "Banned in <country x>!" as a badge of merit? I can see a similar thing happening with consumer security products.

        Coming soon - The messaging platform the US government doesn't want you to know about!

        1. channel extended
          Black Helicopters

          Re: Clueless is an understatement

          Also the new head line on clickbait - 'One weird trick to bypass the govt spy's'.

      2. a_yank_lurker

        Re: Clueless is an understatement

        That solution sounds good but the weakness is there must be a centralized storage of encryption keys for that to work. If one completely encrypts one's hard drive then one must provide a password, key file, etc. to decrypt the data. This is something that the presumably only the user knows. For a spookhause to decrypt a drive in this scenario they either guess the unlock information or brute force decrypt. Either could be time consuming.

        About the only solution that might actually pass any reasonable muster is for the user to be served a warrant to unlock the drive so the police can rummage around. Any other system risks crippling security.

        1. Steve Davies 3 Silver badge

          Re: Clueless is an understatement

          Something people seem to forget is 'the two key solution'.

          One key unlocks the data.

          The other one unlocks the data thus complying with the law but immediately starts a process burried in the HDD/SSD firmware to erase the data.

          Spooks have been aware of this for years. After all, their agents would use it to stop the people they are spying on getting the data.

          As with every solution there are weaknesses.

          Thus the battle goes on, and on, and on

        2. Michael Wojcik Silver badge

          Re: Clueless is an understatement

          That solution sounds good but the weakness is there must be a centralized storage of encryption keys for that to work.

          Not technically correct. There are a number of cryptographic primitives and protocols that can provide multi-party access with some degree of control besides central storage of the key per se.

          There's the Clipper approach of including part of the key, asymmetrically encrypted, with the message, for example; a party with 1) the decryption key for the partial session key and 2) sufficient resources can recover part of the session key and then brute-force the rest.

          There are backdoors in other components, such as the Dual_EC_DRBG backdoor; a party with access to the secret parameters can recreate the CPRNG stream and recover the session key that way. Similar approaches can be applied to other primitives.

          There are key-splitting protocols. And so on.

          I'm not advocating any of these approaches - I think the anti-crypto fear-mongering is a combination of pandering to panicking fools, ignorance, and innumeracy - but central key storage is not necessary. It's only one possible approach.

      3. Yes Me Silver badge

        Re: Clueless is an understatement

        Um, unfortunately that would make all Internet services illegal, since any fule can encrypt anything before sending it. That is what "they" simply don't want to understand because it is so inconvenient: bad people will use strong crypto whatever the law says. Weakening crypto *only* hurts the law-abiding or the very stupid.

      4. Vimes

        Re: Clueless is an understatement @Dan 55

        Services that offer end-to-end encryption with the server unable to decrypt the data would become illegal.

        How, where & when something can be decrypted is just as important as to how strongly it was encrypted in the first place. In that regard any demand to drop end-to-end encryption is effectively an attempt to weaken encryption.

      5. Lyndon Hills 1

        They'd just need to make a law saying that gov must be able to access encrypted data

        I think they thought of that, and then realized that anyone who cares would simply use a non-US (or UK) service. The end result of back-dooring all US communications/encryption services will be that those US companies will lose a potentially substantial portion of their international business. They might even lose US based business if those companies chose to use foreign providers.

      6. Texas IT

        Re: Clueless is an understatement

        The problem with these types of government rules is that it only serves to keep already honest people more honest. Bad guys will still do what bad guys do...unless through a Christmas miracle they start following the laws on the books!

    3. Voland's right hand Silver badge

      Re: Clueless is an understatement

      http://xkcd.com/

      What does the disclaimer say? The third part of "Warning..." Nuff said.

  3. Efros

    Cost

    Getting on close to $30,000,000,000 if they match the Manhattan budget in today's dollars. Once you factor in DSFU's (Defense Spending Fuck Ups), LPPC (Local Politician Pork Costs) and other complications we can probably just add a zero.

    1. Naselus

      Re: Cost

      That's also known as 'the price of only 15 stealth bombers'. You may have missed a few zeros.

  4. John H Woods Silver badge

    Crucial difference

    The Manhattan Project (like the Apollo Project) was about engineering a way to realise the theoretically possible. Only idiots think a sufficiently big project can manage the not theoretically possible (let alone the theoretically not possible) and only liars would suggest it could if they suspected otherwise.

    The political elite seem to be, almost to a person, fools or frauds.

  5. Anonymous Coward
    Anonymous Coward

    Deliberately vague

    She knows there's no technical solution that doesn't sell the Senate to ISIS, so she's offering vague mumblings that will appease voters without actually breaking anything.

    Nothing will come of this.

    1. Youngone Silver badge

      Re: Deliberately vague

      I think @mycho is correct here.

      Hilary is on the horns of a dilemma here, she's massively indebted to Wall St, the very corporations who need strong encryption, but the military and Law enforcement agencies are politically powerful and determined to have access, so she'll need to find a way of convincing business that it's in their interests to let Government have access to our stuff.

      I'm not sure how she'll manage it, but that will be her aim.

      This is just the period of the process when she pretends that ordinary voters have a stake in this.

      Once she has her hands on the levers of power, she'll have to decide which side she owes more to.

      1. Anonymous Coward
        Anonymous Coward

        Re: Deliberately vague

        Which side does she owe more? Why, her own, of course. The others only get promises.

      2. Steven Roper

        Re: Deliberately vague

        "This is just the period of the process when she pretends that ordinary voters have a stake in this."

        She never mentions ordinary voters in her quoted statement. Ordinary voters don't figure in her reasoning, which makes it clear that they simply don't matter to her. She knows she's on the Democrat end of a two-party oligarchy masquerading as a democracy, so the only voter danger she has to concern herself with is ensuring said voters don't go for Trump - which doesn't seem like a hard ask. It's not like the voters have any other choice that has any chance of gaining power.

        So the only stakeholders she can see in this discussion are the TLAs and Silicon Valley - the likes of you and I don't enter into it. She made that clear when she said, "...something that would bring the government and the tech communities together to see they're not adversaries."

        Us little people being adversaries to the big boys in that equation? Not even a blip. And she's not even trying to hide the fact.

      3. Naselus

        Re: Deliberately vague

        "Hilary is on the horns of a dilemma here, she's massively indebted to Wall St, the very corporations who need strong encryption, but the military and Law enforcement agencies are politically powerful and determined to have access, so she'll need to find a way of convincing business that it's in their interests to let Government have access to our stuff."

        I don't think she has much dilemma at all, no. Hilary's gonna do what she always does and side with whoever has the deepest pockets.

        This has two functions - one, she tempts Silicon Valley money by playing to their fears about what encryption-busting will do for their exports, and two, she's offering them a huge carrot in the form of this 'Manhattan-type project' - which just needs to be a really, really, really expensive supercomputer, preferably one that can keep ahead of the Chinese for another decade or so.

        There's no unbreakable encryption which is feasible to use - no, one time pad doesn't count as feasible - so you just need something big enough to do the math ridiculously quickly. She's telling Silicon Valley both that they can keep their encryption credentials clean, and that she'll also throw them a trillion dollars of government cash (I'd say 'taxpayer money', but the US doesn't use taxpayer's money anymore - it uses Chinese loans instead) to build an encryption-busting machine.

        I'm willing to bet that if we take a look at the donations for the Clinton Campaign, she's gonna pick up all the tech giants in short order now.

    2. PleebSmasher

      Re: Deliberately vague

      I've got an idea for a better Manhattan Project.

      Get all the techies and Silicon Valley together. Bake encryption into every protocol. Develop and deploy new, stronger encryption methods that can resist classical and quantum computing. Shore up Tor and set up more nodes.

      1. DavCrav

        Re: Deliberately vague

        "Develop and deploy new, stronger encryption methods that can resist classical and quantum computing."

        I'm not sure that is really feasible, until everyone themselves has quantum computers. I'm not much of an expert on quantum computers, but more or less, we are heavily reliant on some sort of complexity problem to make encryption work, at least public-key encryption.

        One-time pads are 100% secure, so there is already something that defeats all attempts at breaking. But to be useful, the encryption key often needs to be delivered in plaintext, so we should assume that the attacker can always encrypt. Now here's the problem: more or less, anything that it is easy for a classical computer to do, it is easy for a quantum computer to undo. That is a massive lie, technically, but for non-technical discussion it will suffice. So if you want your classical computer to make the encryption, a quantum computer can break it.

        Once everybody has quantum computers then the field gets re-levelled, but the first good quantum computers *will* pwn all classical algorithms that are not based on randomness in some way.

        1. John H Woods Silver badge

          Re: Deliberately vague

          "but the first good quantum computers *will* pwn all classical algorithms" -- DavCrav

          I thought that (a) there already exist quantum-computing resistant algorithms and (b) that the speed-up offered by, e.g. Shor's Algorithm is not so vast that it cannot be realistically kept at bay for a while by using (maybe much) bigger key sizes with classical encryption.

          1. Michael Wojcik Silver badge

            Re: Deliberately vague

            I thought that (a) there already exist quantum-computing resistant algorithms and (b) that the speed-up offered by, e.g. Shor's Algorithm is not so vast that it cannot be realistically kept at bay for a while by using (maybe much) bigger key sizes with classical encryption.

            You are correct, and DavCrav is wrong. This has been explained ad nauseum in this forum and elsewhere.

            The current state of "post-quantum cryptography" isn't great, in that the publicly-proposed methods all have one drawback or another, but it's a popular area of research and the techniques will only get better. More importantly, even if and when practical QC gets powerful enough to attack keys of reasonable length - which does not appear to be happening anytime soon - it remain far out of reach for all but state-level actors for the foreseeable future, and will be too limited to be used against all but the most valuable targets.

            The simple fact is that most encrypted data isn't worth much. Encryption just has to push it above the level of low-hanging fruit.

  6. Anonymous Coward
    Anonymous Coward

    There's an easy answer. Get a fucking warrant.

    1. tom dial Silver badge

      This might be a solution in matters of domestic criminal activity, provided the warrant was served on a party that possessed a copy of the key. In that case they might be able to persuade the key holder to provide access to the encrypted material by presenting it as the preferable alternative to various contempt of court punishments.

      Otherwise, they are asking, in principle, for something they never have had in practice: a way to access messages encrypted using methods they do not know and keys that they do not have and which those who do will be reluctant to disclose and possibly unavailable for interrogation and possible punishment. Lack of that capability and its successful circumvention have been a consistent thread in political and military history for several thousand years, probably about since the invention of written communication. It is a "nice to have" but never has been, is not, and probably never will be, a "must have."

      1. Anonymous Coward
        Anonymous Coward

        There are continents other than the US. And those continents are filled with people just like you.

  7. Anonymous Coward
    Anonymous Coward

    I'm still surprised that they still haven't addressed personally encrypted files/messages. There have been, so far, several contradictory rulings on point but tends to fall in line with LEO's having to suck it up and do it the hard way (brute force, preponderance of data, ...).

  8. Graham Marsden
    Big Brother

    Gods forbid...

    ... they don't go the British route where simply refusing to reveal your password becomes a criminal offence (supposedly it was to "protect" us from terrorism, but nobody bothered to include that stipulation in the law, so it's wide open for abuse...)

  9. Dave 126 Silver badge
    Alert

    Dear fellow commentards...

    ... let's take five minutes and imagine a near future, a speculative fiction. Let us imagine a near-future in which the whole idea of encryption is irrelevant.

    A future in which encryption doesn't matter because so much cctv and drone video footage is collected that the location and behaviour of every citizen is known in real time. In such a scenario the authorities would learn very little from reading (broken) encrypted messages over what they already knew by observing subjects directly.

    If this fictional authority has a MagicTechnolgyMachine that stopped all bombs from exploding or guns from firing, it wouldn't need to read the emails of any potential terrorist.

    1. Gordon 10
      FAIL

      Re: Dear fellow commentards...

      that's flawed on a number of levels.

      Firstly encryption would still need to be broken to prove intent.

      Secondly I forget the stat but something like 75% of the currently installed CCTV camera's not suitable for use as evidence due to poor quality or poor maintenance or poor storage of the recorded data. There is no reason to suppose that will change in the near future.

      1. DavCrav

        Re: Dear fellow commentards...

        "Secondly I forget the stat but something like 75% of the currently installed CCTV camera's not suitable for use as evidence due to poor quality or poor maintenance or poor storage of the recorded data. There is no reason to suppose that will change in the near future."

        Three important words: chain of custody. CCTV can, and has been doctored, and as this becomes easier the evidence will become less admissible.

    2. Lyndon Hills 1

      Re: Dear fellow commentards...

      Ever read AE Van Voitgt Anarchictic collossus?

  10. a_yank_lurker

    Others say Hildabeast is Clueless

    Quoting the Verge :

    http://www.theverge.com/2015/12/19/10628208/hillary-clinton-back-door-debate

    "Democrats have strange ideas about the internet, too. At tonight's ABC News presidential debate, candidates offered a number of vague, borderline-illiterate thoughts about technology, especially Hillary Clinton. It all started when ABC gave her an inane prompt, characterizing encryption as a "terrorist tool used in the Paris attacks." In response, Clinton suggested that, instead of breaking encryption, the US should launch a "Manhattan-like project" to "bring the government and tech communities together" so that law enforcement can "prevent attacks."

    It seems anyone moderately knowledgeable about encryption is saying Hildabeast is a loud-mouthed moron proving Mark Twain's observation - "It is better not to speak and have people think you are a fool than to speak and remove all doubt."

    1. Mark 85

      Re: Others say Hildabeast is Clueless

      It seems anyone moderately knowledgeable about encryption is saying Hildabeast is a loud-mouthed moron proving Mark Twain's observation - "It is better not to speak and have people think you are a fool than to speak and remove all doubt."

      It seems that this applies not only to her but everyone else running for the job. They're all spouting nonsense. The scary part is that they are all spouting is the "fear" and "terrorists" cards for which "they" have the solution and so far, they've all been inane.

  11. Anonymous Coward
    Anonymous Coward

    Even if there were a way to add Hillary's "side door"

    You can't make terrorists use the encryption that western governments can access. The encryption they can't access is already out there.

    If they got Apple, Google, and Facebook to use "side door" encryption, smarter terrorists would avoid iPhones, Android and Facebook and communicate using methods that allow them to use today's encryption. That won't be uninvented because something else comes along.

    But of course that wouldn't matter, they'd eventually catch some dumb terrorists who were communicating with WhatsApp and declare the program a success. And either point to something else as the reason they missed other attacks carried out by smarter terrorists, or say the tech world needs to figure out how to put the Genie back in the bottle!

  12. The Nazz

    Well at least Hilary's safe and secure

    If her "back door" was the last back door in the world i still wouldn't go near it.

    Dreadful woman.

    1. Anonymous Coward
      Anonymous Coward

      Re: Well at least Hilary's safe and secure

      Why are you even thinking in a sexual way about Mrs. Clinton? Care to share?

      1. Mark 85
        Pint

        @Big John -- Re: Well at least Hilary's safe and secure

        Why are you even thinking in a sexual way about Mrs. Clinton? Care to share?

        Oh god, you had to go there... and if he shares, there isn't enough mind bleach in world to help us.

        Icon ---> closest thing to mind bleach I have on hand.

        1. Knewbie
          Coat

          Obligatory...

          I enjoyed the pure clarity of :

          "What do you mean, wrong door ?"

          And translating her message on collaboration as :

          "Don't worry darling, it won't hurt..."

          Mine is the coat with the industrial/federal strength lube in the pocket.

  13. Anonymous Coward
    Anonymous Coward

    Work the problem

    Maybe if there was less of a need for people to become terrorists.... <-- put money here.

    1. Pascal Monett Silver badge
      Trollface

      And ruin the financial prospects of all those arms dealers ? Tsk, tsk.

  14. Cincinnataroo

    Sometimes, Hillary, it's better to remain silent and be thought an idiot, rather than to open ones mouth and remove all doubt.

    1. Anonymous Coward
      Anonymous Coward

      Jebus knows!

      Donald Trump is living proof.

  15. Christian Berger

    There is a way to do this... encourage bug doors

    The non-suspicious way to add back doors to your system is to encourage the creation of bug doors. Once a system reaches a certain level of complexity, mistakes will just happen. And the more mistakes and bugs happen, the more likely it is that those will be exploitable. Just invest into code reviews and there you go, back doors for free and everybody can easily claim they did it on purpose.

    Doing this is comparatively easy, encourage complexity increasing ideas like the Stroustrup-like OOP, discourage simple solutions to trival problems. Eventually you will raise a generation of "Poetterings".

    A nice side effect is that the "market" for software will become more monopolized. Having a highly complex logging system means that it becomes harder to re-implement it.

    1. Stoneshop
      Headmaster

      Re: There is a way to do this... encourage bug doors

      Doing this is comparatively easy, encourage complexity increasing ideas like the Stroustrup-like OOP, discourage simple solutions to trival problems. Eventually you will raise a generation of "Poetterings".

      That's a definition of "eventually" of which I was not previously aware.

    2. Roo
      Windows

      Re: There is a way to do this... encourage bug doors

      "Doing this is comparatively easy, encourage complexity increasing ideas like the Stroustrup-like OOP, discourage simple solutions to trival problems. Eventually you will raise a generation of "Poetterings""

      That's old hat, the Java boys are leading the way with stuff like Spring & Dependency Injection. I've already seen backdoors injected that way by the hundred... ;)

      Cue much head-scratching from the Devs who can't work out why their rigorously unit-tested code isn't behaving the at run time... Ironically they used DI to force themselves to write testable code which enabled the vulnerabilities that they couldn't unit test for...

  16. royston_vasey

    I have a plan. I think it will take $1bn to run this project and take around 10 years to complete. I'll get started just as soon as I receive the money ☺

    1. Midnight

      I think you have what it takes for government work.

  17. Jeffrey Nonken

    While we're asking for miracles...

    ...I want bullets that only kill bad people.

    1. Mike 16

      Re: While we're asking for miracles...

      I hear you can get them from the Weapon Shops of Isher. Van Vogt seems to be having a good day.

      If we want to start a major project, maybe we could work on reducing the number of criminals and terrorists. A pilot study could involve reducing the number of terrorists and criminals that are employed by the US and UK governments.

  18. Francis Vaughan

    Its pretty clean the encryption they are worried about is communications. Data on disks is a sideline in comparison. Next, although everyone talks ISIS, the reality is, and the FBI and the rest well understand, they have just as many threats from homegrown Christian or just pain nutter terrorists as external ones. This will, and always will, be about the local population. It isn't about stopping the next Paris attack.

    We already have the ironic spectacle of one part of the government inventing and popularising a secure and untraceable communication system to further its operations, and another spending great effort to subvert it again.

    In the end, real terrorists resort to notes passed from hand to hand, and one time pads. No Manhattan project can solve a one-time-pad. Demands for weakened or backdoor'ed encryption are a solution to a problem that only uses existing encryption because of convenience. If it is not possible to use common encrypted channels operationally, terrorists simply move to other methods. Methods for which current meta-data analysis probably have less traction - making the job of the security agencies harder, rather than easier.

    1. AndyS

      Your post has, well, some issues.

      >This will, and always will, be about the local population. It isn't about stopping the next Paris attack.

      The Paris attacks were committed by the local population. Belgians (local-ish) and French nationals.

      >In the end, real terrorists resort to notes passed from hand to hand, and one time pads

      No, they just get on with their attacks fast enough that they're not stopped. The Paris attackers, who were pretty "real," did not use encryption. Nor have most other recent attackers, either Islamic or other.

      All the recent noise about encryption is down to 2 things. Firstly, the "something must be done" brigade (including Donald Trump banning & tracking Muslims and closing down the internet at the extreme end). Secondly, the ongoing target of total mass surveilance, that the NSA / GCHQ et al are up to. The first will have no impact on terrorism. The second is just using it as an excuse.

      1. Francis Vaughan

        The point was - the US isn't going to stop the Paris attacks. France might, but the US won't. Hillary allowing the FBI to decrypt US communications does not help stop ISIS wreak havoc half way across the planet, despite the implication it does. Indeed, they don't need to use encryption. Like I wrote, a note passed hand to hand will do. Or if they really are worried, a one time pad, either for the note, or for an electronic communication.

  19. CAPS LOCK

    Hmmm the Manhattan Project, didn't some bloke say something about...

    ... 'destroying worlds'? Is that a road we want to go down again?

  20. Jeanb

    Hi All

    I offer the below as our thoughts on politicians (plagiarised)

    A South African Story:

    While stitching a cut on the hand of a 75 year old farmer, whose hand was caught in the squeeze gate while working cattle, the doctor struck up a conversation with the old man.

    Eventually the topic got around to politicians and their role as our leaders.

    The old farmer said, "Well, as I see it, most politicians are 'Post Tortoises'.'

    Not being familiar with the term, the doctor asked him what a 'post tortoise' was.

    The old farmer said, "When you're driving down a country road and you come across a fence post with a tortoise balanced on top, that's a post tortoise."

    The old farmer saw the puzzled look on the doctor's face so he continued to explain. “You know he didn't get up there by himself, he doesn't belong up there, he doesn't know what to do while he's up there, he's elevated beyond his ability to function,and you just wonder what kind of dumb arse put him up there to begin with."

    Best explanation of a politician I've ever heard.

  21. Anonymous Coward
    Anonymous Coward

    I've an even better suggestion.

    How about we require all manufacturers of door locks, safes etc to provide a "master key" to the FBI (or whoever) so that they can just come and have a look whenever they want.

    And how about you, Ms Clinton start the ball rolling by handing over copies of the keys to your house, car and that safe deposit box you think no-one knows about?

  22. John Mangan

    Thor's Hammer

    Maybe the solution to this is to show these people the episode of the 'Big Bang Theory' where the ladies are arguing about how 'only the worthy' can wield Thor's Hammer and asking who decides "Who's worthy?". How can a hammer decide?

    It might bring the discussion down to a level they can comprehend.

  23. sisk

    Her comment is easily explained when you remember that this is a woman who has demonstrated very minimal knowledge when it comes to security. She probably thinks that we can have strong encryption that can be broken by the company that created the algorithm without a back door.

  24. Ken 16 Silver badge
    Holmes

    Soundtrack > Bill Clinton's "Back Door Man" on Sax

    <letters></letters>

  25. Anonymous Coward
    Anonymous Coward

    Ffs

    Dear Government,

    Please leave me alone. I am not, was not and will never be part of ISIS or any other extreme "terrorist" organisation thereof. I am wholly against the practices of aforementioned and any other bastards, arseholes and fuckwads.

    I will continue to use encryption. Not as a means to hide any wrong doing on my behalf but as a means to protect myself from you and your clandestine secretive bullshit I neither requester or voted for.

    Kindly refrain from fucking me and my fellow citizens about because of your own fear and loathing for us. Understand that you lose votes and power because of your own actions not because the electorate are ignorant or misunderstanding.

    Best regards

    The Internet

    P.s. please bear in mind that we the internet hold the power to fund a kickstarter campaign to finance any old random person to boost them into a seat of power and people will buy in for a laugh should the current level of voter apathy continue to increase.

    It is only a matter of time.

  26. shovelDriver

    Appearance . . . of Integrity

    Apropos . . . why are the vast majority of Hillary pics airbrushed to remove wrinkles, change the eyes, and otherwise make her look , umm, "better"?

    Lying about one's appearance leads me to believe one might -just may be - lying about other things. After all, it's not as if we don't already have huge volumes of evidence demonstrating her talent for doing so. Though, in my opinion, she's not all that good at it. For much else, either.

  27. FuzzyTheBear
    Black Helicopters

    Geese Gander ... so what ?

    If a friendly government has the key and the keys get jacked by an unfriendly , we're simply all screwed.

    They got a bunch of what if's in their scenario .. but they always assume the government's defenses can't be penetrated and aren't ,which we all know is bullshit. So a) how can our friendly governments can tell us it's all fine the secret is safe with them ? i call total absolute bullshit on this and hence i must totally back tight encryption without backdoors.

  28. Fruit and Nutcase Silver badge

    Green Door

    She wants to know the secret behind the Green Door

    Green Door by Jim Lowe

    Midnight, one more night without sleeping,

    Watching till the morning comes creeping.

    Green door, what's that secret you're keeping?

    There's an old piano

    And they play it hot behind the green door;

    Don't know what they're doing

    But they laugh a lot behind the green door.

    Wish they'd let me in

    So I could find out what's behind the green door.

    Knocked once, tried to tell them I'd been there;

    Door slammed, hospitality's thin there.

    Wonder just what's going on in there.

    Saw an eyeball peeping

    Through a smoky cloud behind the green door;

    When I said "Joe sent me"

    Someone laughed out loud behind the green door.

    All I want to do

    Is join the happy crowd behind the green door.

    Midnight, one more night without sleeping,

    Watching till the morning comes creeping.

    Green door, what's that secret you're keeping?

    Green door what's that secret you're keeping?

    Green door!

  29. Jim E
    Boffin

    What she's probably referring to.

    I think Mrs. Clinton is referring to the fact that it has been pointed out that real-world end-to-end encryption systems, like the Apple one, already have a front door by virtue of their design. Let me explain.

    Each device (phone, tablet, PC, etc) generates a public/private key pair. The private key must never leave the device, but the public key is stored up in the cloud.

    Alice sends Bob a message. Her messaging client grabs Bob's public key, encrypts the message with it, and sends it. It can only be decrypted by Bob's device. OK so far.

    Now the real world intrudes. Bob has multiple devices. There is no really secure way for them to share a private key, so each device generates it's own key pair. Alice's software does not know which device Bob will use to read the message, so it must encrypt multiple copies of the message payload using Bob's several public keys. This multiple-key capability is the front door.

    All that Apple (or anyone else running PKI for end-to-end encryption) has to do is quietly add an NSA-generated public key to Bob's list. The NSA can now read every message that Bob receives. They can do this to selected users or to everyone.

    Of course, we can circumvent this by manually using PGP and exchanging public keys by email, but that is quite beyond the vast majority of users, who find the concepts of public key encryption hard to grasp. The automated version is what actually gets used.

  30. Anonymous Coward
    Anonymous Coward

    Piffle and balderdash

    I think just one word describes her (and others') ramblings about a subject they know nothing about......WAFFLE!

  31. Francis Irving

    Jury-based encryption

    This is a good suggestion from Clinton, because there *are* other solutions than "encrypt all the stuff so no matter what circumstance it can never ever be looked at" or "give 10,000 spooks access to everything everyone does and says".

    This essay by Vinay Gupta explains the context, and gives examples such as a jury-based system where data could be decrypted but only if a genuine random jury approves.

    http://vinay.howtolivewiki.com/blog/other/taking-a-crack-at-a-practical-system-introducing-the-escrownym-3004

    There is a *long* way to go here both technically and philosophically, and a project to do so makes total sense.

    1. John H Woods Silver badge

      Re: Jury-based encryption

      "This essay by Vinay Gupta explains the context..." -- Francis Irving

      Your source appears to explain a specific and clever solution that can be used by people who want to cooperate (e.g. to share encrypted video to avoid liability for copyright infringement whilst still providing a decryption path for e.g. identifying the source of banned content). We wouldn't need a big project to work out how to do this as the article you quote already contains a solution!

      The people that the powers-that-be are constantly pointing to as the threat which justifies mass surveillance are both able to use non-compliant cryptography and to hide the fact that they are doing so with steganography and other counter measures. It doesn't matter if you invent a new system that keeps all the good guys happy --- because the bad guys will ignore it.

  32. Anonymous Coward
    Anonymous Coward

    Really considering retiring to that bait shop in Florida

    The ignorance of the people in charge, heck ALL the people, is astounding.

    Mass surveillance has two equally compelling purposes for the deciders: (1) keep tabs on everyone to see to it they don't get out of line (militarizing the police was ancillary to that, leaving us with a disorganized and disordered mob pretending to be an occupying army); and (2) gather business intelligence that can be analyzed by their financial advisers (as I've said before, no one was listening in on Angela Merkel to find out if she was aiding terrorists -- what they really wanted to know was if she was aiding Volkswagen).

    With most of the public either proudly ignorant or blissfully unaware of the true depth of their ignorance, there's little hope of stemming the tide. Those of us in tech will play along because we're well paid to -- at least when we're not being targeted in the extortion plot du jour.

    A simpler life off the grid would be nice. No more 3 AM calls that the SAN went away so now all 1,000 hosts in the data center need to be manually restarted (including all those 10 year-old Oracle databases). No more weekends scrubbing the family's Windows PCs clean of the latest, probably state-sponsored, malware. Cut the cord for real, retreat to the travel trailer with a pile of movies transcoded to mp4 and a couple of fishing poles for the catfish down by the canal at dusk.

    Let's face it, these idiots don't want our help -- and they don't deserve it.

    Just walk away. Let the whole edifice break down from neglect and incompetence.

    It would be sort of the same way that retired legionaries on the frontier reacted when the barbarians started pouring south over the Danube.

    Step back and fade away. The industrialized world has made their own bed, now they can sleep in it.

  33. Sooty
    Coat

    I am very dissapointed in this article

    All those missed opportunities for the euphemistic use of the term "Back Door"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like