Backdoors won't weaken your encryption, wails FBI boss. And he's right. They won't – they'll fscking torpedo it FBI head honcho Christopher Wray is rather peeved that you all think the US government is trying to weaken cryptography, privacy, and online security, by demanding backdoors in encryption software. During a session at the International Conference on Cyber Security at Fordham University, New York, Wray backed a proposal mooted …
Not Stalin but Lavrentiy Beria and Felix Dzerzhinsky.
You know, Trump should know better, after the WITCH HUNT he's been through...
I wrote a note to the Pres yesterday, comparing crypto to guns and locks on your door. The comparison to guns is like what happens when gummint comes after them. they take away guns, and ONLY criminals will have them! Similarly for strong un-back-doored crypto. And WHO would WANT EVERY LOCK on your door to HAVE A MASTER KEY that "only police can access" ???
Tell that to Houdini, who one day as a kid apparently invented a 'skeleton key' that he was able to use to access everyone's house, for laughs etc.. It proved how worthless those old-style locks were, and as a direct result of people *like* Houdini demonstrating the effectiveness of a skeleton key, the lock-makers quickly came up with a set of wards and tumblers that are FAR more effective at locking things.
The obvious thing is NOBODY would use locks like that. And the genie is out of the bottle, Pandora's box is open, and if it's illegal to make strong crypto inside the US, you'll find it in Finland, Belarus, France, Venequela, and probably Russia and N. Korea, in some cases with "their own back doors" maybe, or maybe not... but yeah LOTS of open source stuff already exists with NO back door and WHO IS GOING TO STOP IT? Nobody.
ANYONE can download (for free) an SDK to create Android programs, and they can be run WITHOUT going through "a store" that could revoke them. You can't stop ANYONE from owning strong crypto, and the applications can remain "on the dark web" even, so that ONLY CRIMINALS can use them...
Such nonsense. But we _ARE_ dealing with politicians, after all, even if they ARE "Attorneys General"
If backdoors are mandatory (and is not clear they are not right now for US companies), you would have:
-Backdoors in the UEFI
-Backdoors in the Chip itself, in the black box "safe enclave".
-Backdoors in the HDD and network card.
Yes, you can install Linux, but you would still be as vulnerable as before..
There are some nice videos of interesting possible existing routes. Or existing routes that are only currently used for easy of use, say network adaptor firmware automatic updates. Or more so, hidden wifi antennas in devices/chips. Often just innocently cut from the development budget, but still released in the production model due to retooling/supply delays.
Every one of those backdoors is useless if the PC isn't connected to the Internet. There is not, and cannot be anything to prevent the crims creating and encrypting a message on an airgapped PC (with or without ineffective backdoors), then communicating that message via the leakiest app ever made. Ingenuity is the mother of invention and the airgapped PC can be as simple as a commodore 64 - it only has to run 1 program and be able to save the data to a common storage format. Don't forget that the original BBC model A computer had a whole 32KiB RAM and yet people were able to produced formatted documents, drawings and even databases. Yes that is KiB not MiB or GiB.
Never forget that politicians are mainly people who have never actually worked at a real-life job and forget that creating a law which forces backdoors in comms software (on even the bios/uefi) can never work on a device which has its bootloader set with 16 switches on a frontpanel. Even if they define a computer as a device with a CPU, enthusiasts have created computing devices out of 74 series (what you might call a distributed processing unit). All they can ever manage is to create a market in archaic devices. Every device which is created until the law comes into force will eventually be defined as archaic.
If backdoors are mandatory (and is not clear they are not right now for US companies), you would have:
The key counter to that is the simple fact that while many countries would like to have this, most aren't that friendly to the US. Any company that makes clean machines would do very well, and those countries that house such companies would also clean up in the increased tax take (though they do have to watch for "accidental" US missile strikes against scheduled passenger trains, passenger aircraft and of course the odd "accidental" rapid relocation of an embassy or two).
Clean machines being built would also lead to a thriving and rather profitable black market in clean hardware in the affected country. Anyone who could import a clean 2-core CPU would probably be able to retire the next day. And those "across the boarder" who can intercept and re-transmit signals.. The person who can smuggle in a sat phone able to reach a near-horizon satellite? Simultaneously the most hunted, most respected, and most valuable person in the nation!
Unless everyone gets 'on board' with this......
Actually, there are effective backdoors in all of those things. You hear about critical security issues from time to time when one of them gets figured out by hackers. In some cases they've been able to break into computers that weren't even on. Your best option to avoid those is to buy a computer from Librem. They rip out as much of that crap as they can and have the computer still function.
As for nobody using locks with government-held master keys... That's what the TSA locks are. And yes, they've been cracked.
How sure are you that those areas do not have backdoors done in a way of plausible deniability by the manufacturers?
-UEFI made it easier to implant and hide a backdoor over BIOS and gave much more memory to play with
-TPM/Trusted Platform Module was introduced in Intel chips to offer extra security where in fact there were so many holes it made things like bitlocker and such totally insecure. Sell it as security while it weakens it, sounds and smells like a backdoor.
-Some HDD manufacturers are known to give their source code and signing keys to the agencies so they can compile their own firmware with backdoors that cannot be found with most usual methods.
-American owned Broadcom made some network cards with plenty of space to put your own code and someone showed how a rootkit could be installed on the network card in this space. Coincidence or manufacturers giving the agencies the capability to backdoor their products?
-Not to mention software companies like WhatsApp not long ago bringing out a 'backup' 'feature' that it nags you to use which saves your messages unencrypted on google servers. If that is not an in your face backdoor for the security services then i'll eat my grey hat.
Assume everything is being backdoored in some way now, especially if an american company.
'The comparison to guns is like what happens when gummint comes after them. they take away guns, and ONLY criminals will have them!'
Most of Europe seems to manage without everyone owning a gun. It is not a great example.
Other than that I agree with your post.
"Most of Europe seems to manage without everyone owning a gun. It is not a great example."
One can "manage" under a lot of circumstances. The example is quite apt. In most of Europe there are complete bans on carrying guns and bans on carrying anything that can be used as a weapon even... To the point where people who are attacked by robbers in their own homes end up going to jail in some places if they injure one of the poor dears who broke in with murderous intent... And yet the criminals who have plans that require such items always seem to have them where and when they want them. There are entire organized crime groups who make their money by providing illegal weapons for such activities. If smuggling them in proves infeasable they just manufacture them.
Likewise it's been discovered that TrueCrypt's mysterious financial backer was actually a drug kingpin, and the project's shutdown was due to him finally having been arrested. The criminals will have what they need and the only way to stop it would be to reduce the entire population of the planet to the stone age.
Make no mistake: the real target of both gun control and encryption backdoors isn't the criminal underworld like they claim. That's just their way of trying to get you to accept it. It's the common man they're afraid of. In both Britain and the United States modern gun control schemes showed up not when lawmakers saw large amounts of violent crime (They're usually well protected from that) but when circumstances were looking like there was going to be a revolt (Communists in Britain and disaffected former soldiers who were being denied their wages for WWI in the U.S.)
Likewise the call for encryption backdoors didn't start when organized crime and terrorists started using it. Any of them worth their salt have been encrypting their communications and records since before such things were handled by computers, and will continue to use strong encryption no matter what the law may say about it. No, it's when all the serfs "go dark" and suddenly they can't keep an eye on us as easily as they used to that they get worried...
If you want to see what those who want backdoors consider ideal, look at what China's building. That's the goal. Everyone monitored, watched, and tracked 24/7 and anyone who criticizes the government in even the smallest way denied jobs, housing, and transportation until they just wither away and die. Because as far as they're concerned, you're all too stupid, immature, and violent to run your own lives. Never mind that those in government are generally worse than average in all three of those areas...
@tlhonmey: "Likewise it's been discovered that mysterious financial backer was actually a drug kingpin, and the project's shutdown was due to him finally having been arrested."Do you have any hard evidence of that? I can't find any.
I didn't even bother trying. His posts read like some of the more sane but still nutty conspiracy types.
However, if I do see such a link (to a reasonable source), I'll freely apologise :)
Thanks as ever, Kiwi. The closest I can find is some speculation on a Wikipedia page about Paul le Roux (https://en.m.wikipedia.org/wiki/Paul_Le_Roux).
Thanks - an interesting read but not exactly backing the OP's statement (however, a reasonable mistake to make if one was only loosely familiar with the case).
Poor guy must have been cursed with 'may you have an interesting life'.
Sorry, I didn't notice you guys had replied. Mr. le Roux denies having been behind Truecrypt, but given that the terms of his agreement with SecurStar effectively prohibited him from being involved in any further work on E4M-based software that would be his expected answer regardless.
Meanwhile, the guy who wrote the software on which TrueCrypt was based went from encryption enthusiast to encryption professional to online gambling to online prescription sales to arms dealing and the exact extent of his quasi-legal and illegal activities was difficult to pin down because he made heavy use of both TrueCrypt and encrypted communications throughout his entire organization.
And then the TrueCrypt Foundation closes up shop right around the time the authorities finally nail him...
Yes, it *could* have been someone else providing funding who merely wanted people to *think* it was le Roux.
Or it could have been merely one of life's truly bizarre coincidences. Stranger things have happened.
But, of the various theories for who could have been the TrueCrypt Foundation's big, anonymous backer, le Roux seems to be a rather reasonable conclusion.
Regardless, the point was that if someone's making millions on illegal activity, they'll fund the creation of whatever tools they need to continue that activity most profitably, be that drug transport vehicles and drones, or guns, or effective encryption software. So banning the average citizen from having various tools just because criminals use them denies the vast majority of the population whatever benefit they might get from using them while merely inconveniencing those who intend to misuse said tools.
In most of Europe there are complete bans on carrying guns and bans on carrying anything that can be used as a weapon even.
I didn't know I was banned from carrying an umbrella, a rolled-up newspaper or a walking stick.
In both Britain and the United States modern gun control schemes showed up not when lawmakers saw large amounts of violent crime (They're usually well protected from that) but when circumstances were looking like there was going to be a revolt (Communists in Britain and disaffected former soldiers who were being denied their wages for WWI in the U.S.)
When has it ever looked like there was going to be a Communist revolt in Britain? On the contrary, I can remember Conservative politicians in the 1980s telling people that Michael Foot wanted to ban guns because they'd be used to resist the Communist revolution he wanted to instigate, which was a complete lie. In the end, the only ban we've seen was the large-calibre rifle and handgun ban brought about by the Conservative government in 1996 after the Dunblane massacre, which was extended in 1997 to include .22-calibre handguns by the New Labour government. Not even their greatest detractors would ever accuse New Labour of wanting to advance the cause of communism...
To the point where people who are attacked by robbers in their own homes end up going to jail in some places if they injure one of the poor dears who broke in with murderous intent.
I want to see you back this up with evidence. If you chase after someone who you've scared away, and beat them half to death in the street then, yes, you can face prosecution. You make it sound like self-defence of home and family isn't allowed, when it most certainly is.
or a walking stick
For attending non-seated gigs[1] I have a seat-stick - the top has a pivoting small seat that, in the upright position becomes the handle for the stick and, in the down position, becomes a small and fairly uncomfortable seat.
In the upright position it would make a fairly good weapon - especially if someone glued a sharp edge on.
When has it ever looked like there was going to be a Communist revolt in Britain?
In the 1920's.. the then politicians were petrified that the events in Russia would be replicated in the UK. There was a huge amount of labour unrest (a lot of it for very good reasons) and a lot of the young male population had military experience of one sort or another.
t's the common man they're afraid of. In both Britain and the United States modern gun control schemes showed up not when lawmakers saw large amounts of violent crime
Au contraire - the big jump in anti-gun laws in the UK came about after the Hungerford massacre (17 people died including the shooter). In the wake of which, the Firearms (amended) Act 1988 was passed that made it illegal to own semi-automatic weapons and restricted heavily the use of pump-action shotguns.
Things were further tightened up after the Dunblane school massacre.
Criminals will always be able to get guns (which is why the police have firearms squads) but at least our laws make it harder for them to be obtained (especially automatic and semi-automatic weapons) and a lot of the gang weapons recovered tend to be older weapons put back into commission (usually pretty crudely).
" the lock-makers quickly came up with a set of wards and tumblers that are FAR more effective at locking things."
Then there were city ordinances that required you to put the keys to your business in a box that emergency service could open in case they needed to get in. Time passes and articles are published that tell how thousands of those "secured" master keys cannot be accounted for (unless you search for them on eBay). Just as bad, a black hat could steal one of those lock boxes from a vacant address, disassemble the lock and make their own key. One key to rule them all and in the darkness bind them. Every business has their own key, but one key can be used to access all of those locations. It's even worse when physical access isn't required and the hacking can be done remotely in non-extradition countries.
My hypothesis is that MBA's and attorneys are required to have a lobotomy that removes any sciencey bits of gray matter they may have before starting on their career. Booster surgery being required when taking public office.
"Cops show up and demand access."
Well, to be fair, he did say "with a warrant", but then if the cops show up with a warrant, they still either have to get you to unlock your front door for them, or they just smash it down.
The 'smash it down' option isn't really there for encrypted files, which just leaves showing up with a warrant and insisting that the user unlocks their own files. The you run into problems with "I forgot my password" etc.
The 'smash it down' option isn't really there for encrypted files
Not exactly a manual (not a how-to guide) but it offers some good guidance, very useful to all those who want to stay in power, it shows a viable way to control the populace.
1984 gives you a manual while Idiocracy gives you a Grand Vision. Both are useful, a politician or a top corporate executive who want to stay in power love them both, equally, they can not afford to dismiss either.
Is "Idocracy" really worth watching? The synopsis imaked it sound so puerile that I've actively avoided watching it, but it is cited here a lot.
I won't give it a rave review. It does have the correct Wilson brother IIRC (IE not the one who seems to wind up giving long boring whiney monologues in every one of his movies (I say "seems to" as I usually turn the thing off not long into it).
It's tolerable, and maybe even entertaining on some level. I didn't hate it.
When you have some time to spare and nothing else to do, give it a whirl. I promise you that, when you have completed watching it, you will have watched Idiocracy. I won't make any other promises, although I'll predict it won't be the worst movie you'll see in your lifetime :)
Thanks, Kiwi - I'll give it a go.
You might be able to get the gist of it by skipping 5 or 10 minutes at a time. I did find it OK enough to recommend to a couple of people with more discerning taste, but it's not something on my "must watch again" list. It is on my "Maybe, if I nothing else grabs me and I can't be arsed getting off my arse and doing something else" list though.
P.S. I just noticed all the typos in my post - apologies to all.
Are you sure? This is El Reg - there should be at least a half a dozen corrections for each typo, and a dozen for each assumed typo that show's the 'correctors' ignorance! P)
Only the Good Guys will have access to the backdoor. It's a Good Backdoor. Only the Good Guys will use it.
The Bad Guys won't use it. Because, you know, the Bad Guys are sworn to be Bad Guys, and they only play in their sandbox, and they won't try to, and get, access to the Good Guys' backdoor.
And if the Bad Guys ever get access to the Good Guys' Good Backdoor, which will never happen, they'll never, ever try to circumvent it by using different crypto that doesn't have the Good Backdoor.
And the Bad Guys will only use crypto with the Good Backdoor, but they are never aware of it. Because the Good Guys gave the Bad Guys the crypto with the Good Backdoor, but the Bad Guys never knew about it. So they got caught.
And then there's the credits, and then the "No animals were harmed during the making of this film" disclaimer, and then the "The making of this movie has enabled over 50,000 paid work hours" happy announcement, and then the "Filmed in Panavision" thing, and then something about ARRI or SIGMA lenses, then the MPAA seal, and then you have to rush to the loo because you drank too much Pepsi, and bummer, there's a line.
Yeah, I'm sold on this concept. Totally works.
And, you know, all the Bad Guys already set the Evil Bit, while the Good Guys clear the Evil Bit. This discussion has been covered extensively and was solved adequately with RFC 3514.
Law enforcement should just snatch all the Evil Bit packets and they know they have the wrongdoers pinned down. Good, Fast and Cheap. Who said you couldn't get all three?
>rfc3514 was an April Fools joke, right?
Maybe it was a joke (and a fine one at that) but I still feel the urge to tweak my IP stack.....must resist......
IP6 is more relevant because it opens the door to positively identifying the communicating nodes. I've never been a great fan of this protocol partly because its grossly inefficient and but mostly because its got the potential to finger the user.
Please tell us you didn't sit there looking for friends' names in the LotR Fan Club roster in the credits of `Return of the King'. :^)
I did. And a few people I know in there.
But there's a lot of us who never got mentioned :) I helped make some of the camera mounts and a few off-camera parts of the sets - I've also handled some of the on-camera stuff as well. But the firm I worked for was sub-contracted to someone who was sub-contracted to someone else who was....... I actually think half the nation can claim to have done something related to those films....
Actually never saw LoTR in a movie theatre
We saw all of them - all on the last showing of the day so as to avoid having croth-fruit present (makes for a less-interrupted viewing).
And then we bought the directors cut of each of them to watch at home (for a number of years we watched them all back to back over the Christmas holidays).
I'd love for them to do some of The Silmarillion but I suspect that it's too broad a scope for them to touch.
Not that I'm a LOTR geek at all.. (but it was probably the first fantasy book[1] I read - by the age of 11 I'd read them all multiple times (including Silmarillion). However, I didn't read The Hobbit until doing my English O level.
[1] Of very, very many - I'm averaging one book/day at the moment.
"Yes, I usually sit through the credits because I'm a camera/lenses geek and I wanna know what camera and lenses they used to shoot the movie. :-)"
Spoiler alert: It was a RED camera and Zeiss glass (or that British company that makes really good cinema lenses I can't remember)
Just use the gov't MILNET (or ARPANET2) or a wide variety of other SCI networks that the US runs.
Close down the inner-tubes and force everyone to use a non Huawai phone not made anywhere else except in Pennsylvania, Ohio, Michigan, etc. That'll take care of needs for 5G forever.
Maybe we can piggy-back on the Great Firewall of China for all our security. Altho I'm guessing Trumpf has a lucrative deal with the FSB/IRA.
Watta world we live in now. It's been fun, comrades.
It is the nature of gummints to become oppressive police states.
It is the responsibility of citizens to TAKE ACTION TO PREVENT IT.
This is a lot like PEST CONTROL. Watch what happens over time if you fail to spray, bait, and/or trap.
That's right. The RATS and ROACHES will win. So we have to do what we MUST to prevent it.
It is the nature of gummints to become oppressive police states.It is the responsibility of citizens to TAKE ACTION TO PREVENT IT.
But.. Didn't you vote for Trump? Don't you still support him? How is that doing your civic duty to stop such people being in government?
"How do you propose to ensure that the hardworking men and women of law enforcement sworn to protect you and your families maintain lawful access to the information they need to do their jobs?"
I propose firing the next computer illiterate who insists I am not allowed securely encrypt business transactions to prevent others from spending my money.
The question is a complete red-herring. I have information in my head. It is, to all intents and purposes, encrypted because only I have the key and access. There is no way for "the hardworking men and women of law enforcement " to access it without my permission. This is a situation that has existed since crime began, and yet "the hardworking men and women of law enforcement " have somehow managed.
So how is encrypted information on a phone different?
Who needs high-tech mind reading probes??? People get very talkative if it averts a red-hot poker someplace sensitive!
Failing that, I hear water boarding gets you Grade A intel on The Bad Guys (TM)
Applies equally to digital or verbal data.. Whether or not you're believed depends on verification of the intel. Or some bastard just enjoys the wet screams...
Just Enough,
" .. I have information in my head. It is, to all intents and purposes, encrypted because only I have the key and access. ..."
You are forgetting the oft quoted https://www.xkcd.com/538/
Decryption of 'Your Information' is easier because there *is* a method that can access a built-in 'Backdoor' !!!
This sort of demonstrates the problem with all forms of Backdoors !!!
;) :)
Not forgetting it at all. What I'm saying is the principle is exactly the same.
In the case of xkcd's example; hitting someone with a wrench until they tell you the encryption password is no different from hitting them with a wrench until they tell you any information you may have.
To which I always ask, "What do you do with a masochist, who would GET OFF on getting hit with a wrrnch, or a wimp, who would faint at the mere sight of the wrench?" Either way, they're not gonna tell you anything useful.
Have dealt with many wimps (used to be their king at one stage!) - many would fold long before they fainted. Not all though, some have amazing resilience and pain thresholds well above what is considered normal (also a very strong fear of pain - I can tolerate a lot it seems, but the thought of so much as one of my cats hairs landing on me almost gives me a panic attack).
As to masochists, well, any torturer worth the name will get round them. Two simple rules about torture. One is that the info gathered is probably worthless, and two - and the most important one - every one breaks.
"Have dealt with many wimps (used to be their king at one stage!) - many would fold long before they fainted."
Then they aren't real wimps. REAL wimps would faint first, meaning it's impossible to get anything from them as anything even remotely resembling violence (like an angry dog bark) would make them a gibbering mess if not outright unconscious.
"...every one breaks."
Depends on what you mean by breaking. Given people have willingly committed suicide instead of surrendering, I would think there are some who would simply endeavor themselves, regardless of circumstances, to make it so that when they break, they shatter and become utterly useless in any event. Even if totally bound and helpless, they'd probably tap hysterical strength to tear their own bodies apart and bleed out.
either an idiot or a fascist.
A concise but accurate description of the Cabinet selected by new UK PM Johnson. It's an inclusive 'or', of course, so they can be both - see, for example, Priti Patel, the Home Secretary.
So it's only a matter of time over here. Won't be long before sealed envelopes and sticky tape on parcels are outlawed.
You know the simplest solution is going to be to mandate this in the Intel ME / AMD PSP. Phones already have mandated kill switches in the low-level firmware, so precedent is already set. Short term all you can do is try to move away from hardware like that and hope that these morons will be content with catching 90% of the non-technical traffic -- basically Linux/BSD on RISC-V or Power is they only way you're not going to be leaking your private data and conversations everywhere. Oh and mobiles are right out -- time to start practicing "I don't own a mobile phone because of the privacy dangers, please call me at my home/office number".
Stalin and Hitler would both be so proud. To have achieved mass deployment of the tools required to spy on the populous under the guise of "safety", then turn the spying on after said tools are so ubiquitous that eschewing them will kill the economy, now THAT's an achievement for the history books.
in general you still need physical access to hardware to "take advantage" of any built-in CPU back doors.
and such a back door could NEVER reliably decrypt encrypted traffic, not if it's done in SOFTWARE. Use of clever stream ciphers might prevent it entirely, since nothing would really be stored in RAM - encrypt or decrypt the stream as it passes by...
byte -> hash -> lookup table -> new hash -> rotate table with new hash -> encrypted/decrypted output
so simple! TKIP kinda works this way, too.
I was referring to the fact that Intel/AMD might be quite willing to come to a quiet, closed-door truce with the FBI that goes something like this:
Since no one knows what's in our magic DRM black boxes anyway, and for bonus points no one can edit out the malware bits we're secretly adding (by design, signing keys and all that), we'll simply snoop on the OS for anything that looks like a key and quietly exfiltrate it over the network. HTTPS using DoH would be nigh undetectable.
The research on key detection is already done. The black boxes are already in place and have access to memory for some asinine "reason" (excuse) I can't even recall at this point. The only thing missing is the kickback to the vendor to activate the malware (or threat of rubber hosing, though I suspect "we'll ban Huawei if you just do this for us" is a powerful motivator...)
One of the (nominal) points of the Intel Management Engine is that you can remotely control the computer, even when it's off. In other words, it's meant to undermine everything you just said(and with Intel-qwalitee security, being a person of interest almost guarantees you're screwed). AMD's PSP is less helpful, but I still wouldn't assume you need physical access to plant an OS-proof bug in there.
What we are seeing here has kind of happened before. In the 19th century there was a Catholic clergyman named Manning whose desire to rise to the top resulted in a degree of sliminess and sycophancy at which a Jacob Rees-Mogg could only wonder.
Manning wanted to be a Cardinal. Cardinals are appointed by the Pope. So Manning became ultra-Papist.
But Popes are surrounded by expert flatterers, who speak the language. How could Manning distinguish himself against such powerful opposition? His solution was near-genius. He aligned himself with the idea of Papal infallibility.
No need to find excuses to visit Rome constantly (though he did find an agent there.) How could you flatter a Pope more than suggest he is infallible? And yet it doesn't look like plain flattery because it hides under a veneer of Catholic doctrine.
So Manning became a Cardinal...
Barr seems to be trying the same thing. He has suggested that Trump should have even more power and be a kind of dictator, because Trump is so wonderful. Trump laps it up. And every idea that enters Trump's rather inadequate mind, Barr hails as the Second Coming. Including encryption backdoors.
Of course when it was clear Manning would be a cardinal he acquired his own train of bootlickers and bottom kissers. As Barr becomes associated with ultra-Trumpism, expect more people who know better to support his, and Trump's, idiocy. It won't affect them. They have people to deal with it. But the money, the fame, the well paid directorships, the high fees for public speaking will surely follow.
And now Johnson is in a position to go down exactly the same route. He's going to go full Barr. After all, it means the British government can uncover wrongthink too.
Trump is becoming a Mikado, and we, the ordinary people of the world, are all fucked.
I guess this is a rant, but it's a rant based on historical parallels.
Fair comment about rerum novarum
But my point stands, because if the Pope had not been in favour of it, I doubt Manning would have been.
Manning was doubtless capable, but the effort he put into self promotion showed that he didn't regard himself as someone who (like, say, John Fisher at the Admiralty) would rise to the top purely on merit.
My point was a general one about people who are so obsessed with obtaining high status that they will even go for credo quia impossibile est as doctrine if it furthers their aim. Barr and co., like that Australian politician (and the Brexiters for that matter) are adopting precisely that principle. If the boss thinks something impossible can be done, stuff reality.
It used to be the Telegraph that made jokes about union handbooks suspending the laws of physics, but today it's the Right that seems to inhabit the alternative reality universe.
And there's your work of genius right there.
They've managed to redefine how everyone thinks about politics so that the far left is Stalin/Mao while the far right is Hitler/Caesar and to convince everyone that we need a "moderate" who is somewhere in between the two...
Anyone who suggests that, you know, maybe totalitarianism *isn't* the way to go is ignored, ridiculed, or slammed with waves of patently false accusations until the retire from the public eye depending on what seems likely to shut them up the quickest.
Rubber hoses? Why do they think they are entitled to access every scrap of communication? It was well under 100 years where cops were able to 'wiretap' communications, and even then only if criminals used phones and didn't speak in code.
If encryption is backdoored and people meet in a dark corner of a park at night, I guess he'll insist on the government's right to have a drone follow every person as they walk around, so it can spy on any conversations that person may have. After all, if it is in the interests of law enforcement it must be a good thing, right citizen?
"It cannot be a sustainable end state for us to be creating an unfettered space that’s beyond lawful access for terrorists, hackers, and child predators to hide. But that’s the path we’re on now, if we don’t come together to solve this problem."
See what they are doing? They are trying to raise the bar from IF we implement crypto backdoors to Why not help us backdoor crypto, it will be better then.
It's rather simple. If the US has that sort of access then every other country will demand (and get) the same or else block the messaging service from their territory. After all, what honest and law abiding person would want to provide a safe haven to "terrorists, hackers, and child predators" by not being able to decrypt messages on their territory?
And of course there can't be a different phone backdoor for each country or else "terrorists, hackers, and child predators" would just use a messaging service from another country so that the country they are resident in can't open the backdoor.
If we follow the logic of this argument, then every country needs equal access to the same backdoor. Because if you don't do that then you either don't have a messaging service that works internationally or you have to admit that the whole "we need backdoors to protect against "terrorists, hackers, and child predators" is specious. Unless of course you are going to claim that only Americans are "terrorists, hackers, and child predators" and so only Americans need monitoring to stop them doing such things.
So the only logical end state is that every country eventually has access to every phone everywhere. And that of course will be "Totally Secure" (add spiffy logo and branded web site as required).
Hmmm. I suppose that real life events in the world show how that would work right? Ever caught a plane to the US? Ever wondered why (assuming you're from Europe) all your personal data nowadays is in the US quicker than you are? How quick EU countries "obliged" some years back the US "request" for all the personal data of the EU travellers? It wouldn't surprise me when you're taking off your shoes before your flight because it was an US idea originally. Then consider other things like PrivacyShields, Gulf wars, 5G, or ambassador turn over. I'm sure you can come up with more.
And then reconsider your original question how all this (US produced) software is going to land on (e.g. EU) Jane/ Joe Averages device...
But the funny thing is that US-mandated backdoors will be available to all of the US foes - Russia, China, Cuba, North Korea, Venezuela, Iran, <add your own here> - which will make easier for them to spy on dissenters and US citizens. Or they believe they could keep them hindered to access "law enforcement" backdoors - for which they will demand access for the same reasons FBI asserted?
Probably one of the few solution could be to install a weakened app only on suspects devices (after a warrant, and still it only works if you can act before) - but then again we have a few huge multinational companies many of which based in US and used worldwide - how to make such a system work, especially after something like the CLOUD Act?
It would be interested to know if Chinese and Russian apps are already backdoored someway. Putin made many efforts to ensure he has control over Russian Internet companies, and not just for the money. In China every transmission is carefully analyzed and censored - but those apps have not yet broad appeal outside their regions. Yet, does FBI believes Russia and China will give them access to their backdoors?
The shoe thing was after that gullible idiot tried to down a flight to the US with explosives in his shoes.
There's still a requirement to take off boots and high heels at Dublin airport security and I recall other locations in the recent past, so its certainly not US destinations that implement that procedure.
Many years ago the US had a ruling that meant that any encryption products (software) that were exported couldn't allow anything more than (initially) 40-bit encryption. This was deliberately weaker than the US-only products.
It would seem that the tables have now turned, where future products that are developed outside of the US would have to have a specifically weakened encryption algorithm for use in the Land Of The Free™
"...that were exported couldn't allow anything more than (initially) 40-bit encryption."
Yes, that's something that has always puzzled me.
Now I know about "American" exceptionalism but did they not realise that there are a lot of very clever mathematicians living outside the United States?
You don't have to live on an island to be insular.
Which may be why the first modern encryption software didn't come from the US (for example, the original software that grew into OpenSSL was by an aussie).
The next generation of crypto may come from those who stand up to these bullies. Like China, which ceases to be even slightly reassuring as they approach a position to dictate US-style to the rest of the world.
A global open source community is much more reassuring, but may also be more precarious as members fall victim to their own governments and to being arrested if they travel.
back in the 90's at the time all of that was being debated, politicians were given the clue-bat when a LOT of algorithms were simply "made available" with a big thumb-on-nose to gummints in general.
PGP was described "in prose" and printed on T shirts. you couldn't (LEGALLY) publish the CODE, but you could DESCRIBE HOW TO WRITE IT. Or put it into a printed book. Heh.
Trying to control THAT is IMPOSSIBLE. You'd have to uninvent something. Won't happen.
How will the US force people in other countries to use communications which it is known the US can decrypt?
By making the likes of Huawei an offer they can't refuse, and then escalating if they try to refuse.
We've seen they how the UK government was on the point of reaching a sensible decision, but an agent within it (possibly Williamson) was able to scupper that. Vassal states do what we're told, and US sanctions have a long reach.
“I know we’ve started hearing increasingly from experts like cryptographers and cryptologists that there are solutions to be had that account for both strong cybersecurity and the need for lawful access,” I know this my President told me..... "there has never before been a huge biglier crowd of cryptographers, cryptologists, cryptkickers, crispologists, crapologists and cryptosporidium wanting my backdoor he told me...." .**
** fact check - this is obviously fake given the number of syllables and letters in the terms used.
p.s. I've heard that while using secure communications can make your day, a torpedo up your backdoor can make your whole week.
IF they (all government employees and elected officials and offices) backdoor all their computers first. That would seem fair. Oh.. don't forget "tax returns" and head guy's computers and phones.
I'm beginning to think that this isn't "law-enforcement motivated" but political to shut down those who oppose such things as human rights, free speech, etc.
The Big Lie is that we're "creating an unfettered space that’s beyond lawful access"... that space has always existed, and always will exist. Because there exist unbreakable ciphers (one time pads) and even when there is a way to break a cipher, you cannot break a code without a codebook.
So if the bad guys say "The Eagle Has Eaten The Wildebeest", that means whatever they want (and have agreed) it to mean. What does that chap repeating the word "Tora!" mean, anyway?
Just look at the controversy over coffee houses in Enlightenment Europe.
Places where people could get together and discuss subversive ideas - while also under the influence of this dangerous new drug.
Damn, why is there only the big friendly icon for any social-drinking drug? Beer and coffee are both great things, but not entirely interchangeable.
Isn't the NSA already the largest employer of mathematicians in the US?
If so, go for it! Shirley if it's so easy, you can walk up to a bunch of them and say "make it so, that we may make this magical new encryption the enforced standard for the world!".
Why wait for all those recalcitrant corporations and furriners, hmm? Stop banging on about it, develop this silver bullet and awestrike us with this mathematical marvel!
Why don't they just go whole hog and declare any unsanctioned encryption as illegal munitions (gets around the Second Amendment; sanctioned systems can still be used)? Probably won't even to get around that pesky Congress to do it. That way, by the time the 2020 elections roll around, all those fascists can be rounded up and executed for terrorism like Timothy McVeigh was, fatally flawed democracy can die (even Plato said it was flawed), the Cpnstitution burned for the paper it truly is, and the one government compatible with humanity (as told by Machiavelli) can rise: the benevolent autocracy.
This has f**k all to do with the usual "Four Horsemen*"
And everything to do about knowing everything about everybody forever.
*Drug dealers, money launderers, terrorists and paedophiles. In whatever order scares their audience the most.
... When the front door is so easy to kick down?
I have nothing against the feds doing whatever it takes to crack any system that is physically in their possession. Once they've - done whatever they need to do to seize it from its owners, they can go nuts.
If they're not willing to do that, fuck right off.
And that's my idea for a compromise.
"crack any system that is physically in their possession."
I fully agree with you, but it's not just the physical device contents they are wanting. They also want the encrypted stuff that travels around the networks and is read on the device then wiped, or possibly never stored at all on the source or destination device.
But that’s the path we’re on now, if we don’t come together to solve this problem.
That problem has been around for a few thousand years and it is only now that they think that they should stop it? Too late, my friend.
Cryptography has been around as long as there have been rivals, whether that is political, military, business or sexual. Most cultures came up with ways of creating encrypted messages that could not be (easily) intercepted. The Enigma machine is probably the best known breakthrough for mass cryptography, although it was flawed and cracked.
Since the advent of the computer such cryptography has been available to anyone who wants it, and if you really want to keep your conversations secret, you don't use a smartphone and a standard app, you use your own communication channel, using a tried and true public domain encryption library to create your messages, then it doesn't matter what medium you use to transfer the message.
Stopping consumer level messaging services from being encrypted (which is essentially what backdooring is, because the backdoor key will be publicly available at some point, soon after it is created) just opens users up to attack and exploitation by criminals. It won't actually stop those criminals, terrorists etc. because they will still be using open sourced / existing secure libraries to mask their conversations.
If anything it's going to make (especially sexual) criminals that much worse -- stalkers can passively listen for exactly the kind of target they have a fetish for, child molesters can learn all kinds of details to lure the kiddies in as a "trusted family member", etc. Or just straight blackmail.
This stupid, idiotic, asinine proposal will basically do the opposite of what the FBI is claiming it would do, and I'm more than a little concerned the general public cannot and will not understand this.
"[...] and I'm more than a little concerned the general public cannot and will not understand this."
Daily a significant proportion of the general public are proving they will gratefully swallow promises of their heart's desires. All they are asked to do - and are doing - is to give putative tyrants the levers of unrestricted power.
"So to those resisting the need for lawful access, I would ask: What’s your solution? How do you propose to ensure that the hardworking men and women of law enforcement sworn to protect you and your families maintain lawful access to the information they need to do their jobs?"
My solution is simple: target criminals via human and open intel, then engage in breaking encryption via HPC. Sure, HPC is expensive, therefore why targets need ... targeting.
Backdoors only are a mean for mass snooping.
Also, of course, and I'm baffled an FBI director doesn't know this, a backdoor will always massively weaken encryption. Why am I even stating the fecking obvious here ???
"What’s your solution? How do you propose to ensure that the hardworking men and women of law enforcement sworn to protect you and your families maintain lawful access to the information they need to do their jobs?"
erm... we don't. This was your idea. We told you it can't be done. If YOU think it can, then have at it.
But maybe the next phase will be to stop people being able to communicate except with approved providers. Your ISP will be mandated to prevent you sending messages to anywhere else.
Then to finish it off, all providers will need to stop you uploading encrypted content as well. Imagine if people used some sort of encrypted message, sent over email. The horror.
> For around as long as there's been adverts in newspapers, there's been encrypted messages being exchanged via adverts in newspapers.Otherwise known as the `Help Wanted' section.
And the personals (though those could also be classed as 'help wanted'... ;)
And I'll be even some apparently run-of-the-mill commercial adverts have been used as well - ie what item is on sale and what % price drop... Or those ads that have a 'SOLD' or 'UNAVAILABLE' printed on them, supposedly booked a while in advance but cancelled at the last minute yet the thing is already queued up to be printed and they can't put another ad or a filler in the space, but they can modify it to say cover it as being unavailable...
And you didn't need a backdoor for that, now did you ? You just did actual police work.
Oh, go ahead and implement your backdoored encryption. The rest of the world will use proper encryption and everyone will point and laugh at you.
No, because next they'll sneak in and bork the rest of the world's encryption programs as well. And open source won't necessarily save you, as they probably have ways if beating them. Failing that, there's still the secret quantum computer hidden under the data center in Utah...
Not even the one-time pad is immune, as I bet there's no way to create a OTP ciphertext that passes for literature. Meaning it stands out, meaning it can be mangled to break synchronization or at least spoil the message.
A puzzling conundrum.
If we break the strict definition of an OTP using a completely random key, and just the process of OR-ing the characters, with [insert key here] by picking the right key, you can turn whatever message you have into Shakespeare.
Of course, the key then becomes the holder of the useful information in such a system, which isn't exactly useful, as the idea is that the key can be shared ahead of time and has no relation to the information to be sent.
yes, you can kill the line of communication, spoil the message, but that would also be telling Alice and Bob that Eve is interested in them.
But also, how would you tell the difference between say, an encrypted message and idk... a noisy recording of a ham radio signal?
"yes, you can kill the line of communication, spoil the message, but that would also be telling Alice and Bob that Eve is interested in them."
Which doesn't mean much to Gene, because he doesn't care if they know (Gene is Big Brother in this case, Alice and Bob already know about Big Brother): only that they can't talk covertly to each other in this or many other ways that can't potentially be Eved, especially if they've never met in person (meaning Gene can potentially pose as one or the other in the First Contact Problem).
"It cannot be a sustainable end state for us to be creating an unfettered space that’s beyond lawful access for terrorists, hackers, and child predators to hide."
Sigh. Information being moved privately does not create a space for hiding criminals.
These wankers used to just whisper to each other and pass things physically. So go fucking catch them by their behaviour, not the whispers. I dont give a shit what these people whisper to each other about, I care when their behaviour hurts people in the real world.
Just because you've caught a few morons who shout about their bad behaviour doesn't mean that's the only model for catching people who behave in the same way. Laws are for preventing harm, information itself is not harmful - if it is, let's burn all the books again.
Let's start by burning some harmful laws ... and the malevolent idiots who wrote (or even proposed) those. .... A.P.Veening
That's exactly what the system relying on malevolent idiots who write (or even propose) harmful laws is absolutely and quite rightly terrified of, A.P.Veening.
Such though is a perfectly natural reaction/action/proaction and therefore fully to be expected and best enthusiastically supported?
@AMfM: there is a lot of truth there. It seems that, over the last 20+ years that I've been involved in this area of research, Western governments have been responding more and more to one overriding thought - "revolution is coming". They are right - Trump and Brexit show that there is a growing dissatisfaction with "normal". As to whether actions taken to protect themselves should be "enthusiastically supported" - no, I don't think so.
@AMfM: there is a lot of truth there. It seems that, over the last 20+ years that I've been involved in this area of research, Western governments have been responding more and more to one overriding thought - "revolution is coming". They are right - Trump and Brexit show that there is a growing dissatisfaction with "normal". As to whether actions taken to protect themselves should be "enthusiastically supported" - no, I don't think so. ...... Intractable Potsherd
Rightly terrifying malevolent idiots, and those also in governments, both Western or otherwise who write (or even propose) harmful laws, is that which is fully to be expected and best enthusiastically supported, Intractable Potsherd.
I apologise for not making that crystal clear with no shred of ambiguity allowing for misinterpretation and misdirection.
And does anyone else think that secret security systems arrangements are always easily fatally compromised via higher level steganographic chatter and 0day vulnerability exploitation which phishes quite openly in the See of Minnows Masquerading as Sharks?
For example, is the following sensible or nonsensical? And what/where/who would it lead?
amanfromMars [1907281738] …… shedding skins on https://www.zerohedge.com/news/2019-07-27/russia-warns-us-will-unleash-space-arms-raceIs space dominance virtually realised with IT and AI in Surreal Command of Absolute Remote Control?
If you think No, here is an AI Journey’s End for you ……… and just whenever Internetworking Things are Leaping Ahead BetaTesting Almighty Hot and Real Spicy Temptations for Quick and Decisive Victory in All Vital Operations.
Is there an Ultimate Temptation/Heavenly Desire whose Satisfaction EMPowers Ever More Generation of Something Equally EMPowering?
Explore and Energise that Powerful AIdDriver …… and Conception results in a Perfect Communion/Singularity of Passionate Purpose.
Venus/Mars/Saint/Sinner/Nymph/Satyr Terrain in Live Operational Virtual Environments. XSSXXXXeRated …. Not for the faint hearted and/or lily livered/the unhealthy and persistently confused.
Travel Further at Your Own Risk. Insurances and Assurances in such a Space/Place are of Questionable Quality.
cc US Space Corps c/o Trump Head Quarters
What one very quickly discovers and uncovers is that some who are as a gifted few amongst the many and who are considerably smarter that appears to be normal, realise the significance in certain communications so encrypted with openly shared secrets and things move on forward at an increased pace, leaving any opposition and competition trailing and trialing defence in the wake of developments which opposing competition struggle with and fail to comprehensively understand.
The Great Game has been Changed. And it sure as Hell is a Big Heavenly Deal? :-)*
cc Sino-Soviet Style IntelAIgent Space Forces and Middle East Kingdom Almighty Route Sources.
* Go on, .... say it hasn't and isn't, and allow AIRevolution free unrestricted stealthy reign wherever it appears out of nowhere, which you might like to realise are Base Cyber Space Places too.
And we haven't even started on exploiting the bounty available via the Private and Pirate Sectors.
Hmm... apply that to home security (something the FBI man might actually understand) and it comes out a bit like this:
We should have skeleton keys that can unlock anyone's door. I mean, if you have nothing to hide, you have nothing to fear. And this won't weaken your security - there's absolutely no chance of any of these skeleton keys ever falling into the hands of criminals. Not once. Not ever. Nope.
At the risk of getting flamed to oblivion and with caveats that I don't necessarily think it's a good idea and that it being technically do-able doesn't consider a lot of other factors...
It is do-able using something akin to RBAC with crypto protection on various layers of access. Broad brush (without thinking about it too deeply), you'd want three sets of (PKI) credentials:
Keypair1: User keypair, what is in place in pretty much any of the secure end-to-end products already
Keypair2: Communications records keypair. Who said something to whom and when but not what was said
Keypair3: Wrong'uns keypair. Access to everything, communications. Used for reading what clowns, mime artists and other undesirables are saying to one another.
Information accessable to one key pair isn't accessible to any other key pair with KeyPair2 and 3 being subject to legal/regulatory/whatever controls.
Yeah, I know. Those controls are a right whatnot to get right.
Rosie
Think the only way to do that without breaking encryption is to encrypt at each level, so end to end wrapped in 2 more layers. Massive computational expense and traffic volumes go up by an order of magnitude. And you still dont solve the problem, does layer 2 maintain session aware scope? In which case you implement TCP on top of an encrypted byte stream and your in a lot of trouble at this point.
How does this address the key issue, that it's apparently impossible to catch terrorists unless you can do a keyword search for jihad or IRA or bomb?
You'd encrypt only the data, forward it $somewhere for safe storage until someone turns up with the appropriate bit of paper saying they're allowed to look at it. No need to wrap encryption in encryption in encryption, just three different sets of encrypted information each using a different key pair. Traffic goes up by a bit over 2 (two copies of the actual content plus a tiny bit for the comms data) and no need to be diddling down at the TCP layer.
I never said it was a good idea, just tht it could be done.
And you don't catch people by keyword search, at least not unless you're really stupid and believe that would work. You catch people by working out who you'd like to know more about and then set about knowing more about them and the people they talk to. Old school like.
Rosie
It is actually easier to deal just with metadata than with content, given the number of bullshitting blowhards on the Internet. People tend to talk a load of complete crap on the Internet, so some silly billy busily ranting away at the evils of the current government and how everything is a conspiracy run by the Milk Marketing Board is not actually very much in demand by the security services.
What they would like to know about are people who know people who are on one side competent chemists, and on the other extremist religious sorts. That's a mix you don't want to encourage, unless they are playing with fluorides and fulminating oils in which case at some point you're going to be scooping up their remains with a brush and shovel after the decontamination people have finished.
Metadata is everything in the spying game, and has been so ever since the days of the Spanish Inquisition (who were remarkably modern in some respects, along with being thoroughly medieval god-bothering nutcases in others).
Sorry, no way in heck I'll be sending along copies of my personal, private, intimate thoughts desined either for myself or my SO to some bit barn for a politician or his hacks to rifle through.
Though...if you send me all your thoughts and conversations I'll be quite happy to keep them safe, until presented with a proper warrant. Until I think of course (some years from now) building an AI to impersonate and discredit you, or just string together a few more salacious bits into something that'll lock you away for life might be a more profitable way to monetize your data?
Rosie I didn't down vote, but to clarify: how do you send the message content $somewhere without encrypting it? Either its encrypted with standard keypair (so unreadable before I send it), or it isn't. So in effect you're suggesting I *dont* encrypt it and I trust someone else to do it for me.... so, breaking encryption
And just to refute that bit about factors of two or ten... 1 byte of text, encrypted, is not 1 byte of random data. Doing it properly you have to add data to get nice random pattern. So you cant add 3 layers of encryption and get 3 x the data, you get a larger factor for every layer you add. Hence my factor of ten comment. Again, I'm attempting to educate and not flame, very carefully, but Rosie you are wrong.
Wouldn't surprise me if I were wrong, I'm good at being wrong.
I was thinking PKI type stuff.
Keypair 1 is used to allow encryption between the two people who are having the conversation (sender's private, receivers public).
Keypair 2 for the comms data, (sender's private, $somewhere[comms_data_store] public)
Keypar 3 for the stream containing the same as keypair 1, (sender's private, $somewhere[warrant_required_data_store] public).
Access to the private key for 2 and 3 would be the bit that's subject to controls, far moreso for 3 than 2. That's also the reason I said a bit over double the traffic as I was starting from the point that there's already one encrypted stream, not one unencrypted stream.
In the pre-technological world it was impossible to reach high office, either in government or in business, unless you could read and write*¹. The reasons are obvious.
In this extremely technological world we have become used to influential people periodically displaying breathtaking ignorance—sometimes it seems like wilful ignorance—of technical issues. Notwithstanding the damage that can actively be done by powerful people who don't understand things, the opportunity cost of their stupidity is that vast amounts of time and effort are wasted by everybody trying to make them understand. If Christopher Wray had even a decent undergraduate knowledge of math he simply wouldn't keep spouting this nonsensical bullshit.
The problem is serious both with senior officials and the politicians who appoint them.
The quality of politicians in the UK and the US has dropped off a cliff in the past 35 years or so. Look at the circus of prize idiots and know-nothings infesting both the White House and now the British cabinet. We may not have liked or agreed with some ministers of, say, Thatcher's or Reagan's administrations, but most of them at least deserved the respect due to educated, knowledgeable and experienced adults. Boris Johnson's cabinet looks like a toddlers' party compared with people like Thatcher, Carrington, Nott, Whitelaw and a good many others: they were grown-ups.
One of the responses to this horrifying infantilisation of the body politic is to suggest that some kind of baseline of intelligence and ability is established before people can even become candidates. Personally I'd be all in favour of independently conducted, thorough IQ testing for parliamentary candidates: if you cannot average a modest 110 across the three classic zones (verbal, mathematical, visuospatial) then you don't get to stand for election.
Politicians thus qualified would be far less likely to be influenced by the kind of drivel Wray keeps spewing and, indeed, might be much less inclined to appoint such people to senior positions in the first place.
Perhaps an extension to this idea is to require some educational minima as well. Perhaps a modern politician should have to prove a decent level of scientific and mathematical literacy? Such higher-quality minds would swifly shut the likes of Wray up, or replace him if he persists in talking rot and wasting everyone's time.
Perhaps it sounds elitist, or even a touch draconian, but just think of all the problems that would simply vanish from the world ....
·
*¹ I am aware that some social media platforms now offer a way for those who are either semiliterate or lazy—or, in the case of the most famous Twatter, both—to showcase the stupidity of their needy egos.
"Perhaps an extension to this idea is to require some educational minima as well. Perhaps a modern politician should have to prove a decent level of scientific and mathematical literacy? Such higher-quality minds would swifly shut the likes of Wray up, or replace him if he persists in talking rot and wasting everyone's time."
The biggest problem with ANY kind of standard is that the standard itself can be twisted by whoever's up top, as there is no law written by man that cannot be changed by man if he's powerful enough. Even the vaunted Constitution can become just ink on a page to anyone with enough oomph to say, "Burn it or DIE" and be able to back up the ultimatum.
> Perhaps an extension to this idea is to require some educational minima as well. Perhaps a modern politician should have to prove a decent level of scientific and mathematical literacy?
I think the public has come to believe that -- while the politician him/herself may not be technologically literate -- they will put together a competent staff that includes technologically educated people who will properly advise the poltician about these matters. Unfortunately, this hasn't happened except in a few cases. What seems to have taken place is that the staffs are filled with poltiical hacks who excel at writing flowery policy statements that cover up the fact that the politician nor his staff have any idea of what's really happening with technology.
When a politician actually /does/ have a background in the sciences, they are rarely taken seriously and described as a `political outsider', `political newcomer', etc., ignored by the press, and/or rarely make it onto Congressional committees where they could grill people like Wray.
What reality would end up with is something like an MBA being required for political office.. "management", not STEM, and definitely not ethics.
While there are dangers in disenfranchising sections of the population here are a couple of suggestions for exclusion from eligibility (With a large enough population, it would be impossible not to bear some resemblance to real persons. funny, that.)
Multiple bankruptees - once is fair enough, twice is unlucky, three or more is either stupid or criminally deceitful - either case not anyone who should have authority over public money.
Reality TV 'stars' - narcissist attention whores practiced at appealing to the lowest common denominator.
Deliberate Hypocrisy - Espousing a mode of behaviour acceptable to their supporters but not living up to it eg "family values" while cheating.
Deliberate Hypocrisy - Espousing a mode of behaviour acceptable to their supporters but not living up to it eg "family values" while cheating.
That's rather a tough one y'know.
The values I most believe in sadly are not the values I manage to live by. It's not hypocrisy per se, but human weakness. Near complete honesty (not full disclosure but not lying), living by the sexual mores I support (save it for the marriage bed - but I haven't been married once let alone...), even little things like stopping for every stopped motorist unless I have a bloody good reason not to - much of the time I have the knowledge and tools that could get them going and if not, I could at least give them a ride or make a call (sometimes meet strandees in country areas where there's no reception).
I'd love to say "look at me, I'm perfect! You can be too!", but I'm only 'perfect' if you like toxic waste dumps. As Paul said, that which I hate I do, that which I want to do I do not do :(
Its not so much the personal failing to live up to whatever standard, its the blatant hypocrisy when someone sells themselves to the public as an upholder of a certain set of values, gaining votes/donations/followers/mana/upvotes, whilst in their private life they completely ignore those standards.
Crooked politicians and police, multimillionaire sybarite leaders of austerity cults, child molesting teachers or priests, televangelists,.. Its behaviour that should not be tolerated, let alone supported and rewarded.
Its not so much the personal failing to live up to whatever standard, its the blatant hypocrisy when someone sells themselves to the public as an upholder of a certain set of values, gaining votes/donations/followers/mana/upvotes, whilst in their private life they completely ignore those standards.
I'd forgotten some of that. I tend to avoid the 'news' over these ways so miss hearing a lot of that stuff.
This is the issue with all idiot politicians and government officials.
We are being quoted as one of the groups that are prepared to work with government because we made software that watermarks/obscures and swirls over parts on an image and uses tracking to do the same in videos. In other words the software the shits use to hide their faces.
To view without the watermark/swirl etc you need the key - pretty simple basic stuff like a password for a spreadsheet. Or as these c.... like to quote advanced end to end encryption.
The funny part is nearly all the cases of us reversing watermarks on p.... images/video is from people not using our software. Yep - it is nothing at all to do with backdoors but image manipulations (layers etc).
But hey no different than the iphone issue from a few years ago, open it for a terrorist and the NY DA had over a hundred requests teed up.
This is the issue with all idiot politicians and government officials.
It is not at all a problem. Repeat something enough, people will come to believe it through sheer reinforcement, eventually they get the outcome they want. Idiocy isn't a requirement. (Not an obstacle either of course.) Maybe he really believes what he's saying or maybe he knows the flaws and thinks it doesn't matter, people just need to be persuaded to do the Right Thing and it doesn't matter exactly how.
Universal Declaration of Human Rights, to which the USA is a signatory as are all other members of the UN (General Assembly resolution 217 A)
Article 11.
(1) Everyone charged with a penal offence has the right to be presumed innocent until proved guilty according to law in a public trial at which he has had all the guarantees necessary for his defence.
(2) No one shall be held guilty of any penal offence on account of any act or omission which did not constitute a penal offence, under national or international law, at the time when it was committed. Nor shall a heavier penalty be imposed than the one that was applicable at the time the penal offence was committed.
Article 12.
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
"No one shall be held guilty of any penal offence on account of any act or omission which did not constitute a penal offence, under national or international law, at the time when it was committed."
IIRC the UK tax agency has just prosecuted people for illegal tax evasion that happened 20 years ago. Their financial penalties are eye-watering. Yet it appears that the people made tax returns that were treated as legal tax avoidance schemes at the time.
It seems to be expected that if you infiltrate the hardware, the game's lost.
But is that actually true ?
What if you only ever dealt in encrypted data, and it was only unencrypted after a one-way link to a display device (so an infiltrated display device couldn't leak back to the internet).
Such devices even nominally exist .. Hollywood has conveniently developed non-working prototypes for us.
The question is, could you do all required datawrangling on encrypted rather than unencrypted data. Program code - probably yes. DB contents - probably yes. DB indexes maybe not. Some thought required. Discuss, preferably creatively.
How can you be SURE the link's permanently one-way? Electricity is inherently reversible, after all.(otherwise alternating current wouldn't be possible). Plus since human eyes can't directly grok encrypted data, the point of display is still a point "outside the envelope," meaning a skillful hardware hack can simply slurp the display datastream past the point where it MUST be decrypted. Recall, HDCP 2.0 has already taken some hits.
Fair comment, you do need to think about hidden channels (or intended ones as Kiwi suggests). But that's a different situation than merely having management supervisors or software infrastructure phoning home on the internet.
This is not the situation that encrypted video links was designed for : trying to prevent someone with physical access to the equipment from reading the digital stream.
It's a much more interesting problem : when YOU have physical control of the hardware, can you prevent something deeply embedded in the hardware from leaking YOUR information back to a nefarious eavesdropper. Using some anti-copying tech as part of that is just an ironical side issue, despite what some people (downvotes ? really ?) think. I'd be downvoting DRM too - that's absolutely not the point.
Cameras like that tend to pick up things our eyes don't, such as infrared. That can be exploited to emit an anti-camera interference that normal eyes wouldn't see. Sort of like how Macrovision exploited the slower reaction time of pure TV connections to changing sync signals to throw off machine-to-machine copying.
Cameras like that tend to pick up things our eyes don't, such as infrared. That can be exploited to emit an anti-camera interference that normal eyes wouldn't see. Sort of like how Macrovision exploited the slower reaction time of pure TV connections to changing sync signals to throw off machine-to-machine copying.
Dur.... No shit sherlock. Only been using phone cameras to check if remotes are working for 15 years or so, give or take (how long have phones had cameras anyway?)
But obviously you missed something stupidly obvious.. If they had a source emitting IR I'd be able to pinpoint it using said camera, and mask it with something like I dunno, masking tape? in a matter of seconds and still point said phone at the screen and record whatever I wanted to.
Yet again one of your problems is countered with less thought than it takes to press a button on my lap.
Are you
(a) so stupid as to believe it can be done or
(b) so stupid as to know it can't be done but it doesn't matter or
(c) so stupid as to know it can't be done, it does matter but we wouldn't really notice you're spouting dangerous bollocks or
(d) so stupid as to not understand the questions?
One of the above must apply.
History tells us that today's 'good guys' can very easily become tomorrow's 'bad guys'. Especially if there's power involved -- power once ceded is never revoked.
Trying to explain the nuances of encryption technology to these people is just a waste of time. Laws will be passed and will be ignored by those who have a need for security (quite often, the 'bad guys'). Law enforcement will spend big on tools to catch the miscreants, these tools will snare the odd teenager but by and large all that will happen is consultants and the usual big corporations will prosper. In other words, life will go on as normal.
(If you want to really delve into history the rot set in when governments failed to license the ownership and use of computers. I suspect that various aspects of modern computing which people think are decentralized but in reality are anything but are trying to remedy this. Ultimately it will come down to only allowing licensed machines to connect to the Internet....and I don't mean 'software licensed', either. It will be sold as 'security' or 'safety' -- there will be a campaign to make unlicensed machines unusable by targeted malware but the majority will just go with the program and use the approved stuff, knowing that their safe and that 'telemetry' will watch over them.)
Are you saying we shouldn't speak up and just let it happen?
No can do. I live in a country that was fascist 80 years ago. Another half of my country was a police surveillance state up ~30 years ago. I do not want it to happen here again, and I will speak up; it's about to happen across the Atlantic right now.
Ed Snowden walked out with a huge pile of NSA material, stuff under the highest levels of secrecy and protection, because he felt there was a need to. He and the people he worked for and with were subject to quite high levels of scrutiny before they could access the data he rightly gave to the rest of us, and yet he was able to bypass the psychology and the security and take stuff that he wasn't supposed to.
This was information that many suspected was there, but few knew for sure. The existence of a crypto back door, however, will be known by everyone and every resource from opposing state levels to hackers in mom's basement (some of whom have had interesting successes) to "criminal organisations" will be looking for it.
For this proposed "back door" to work, a great many people much lowed down the trust chain than those at the NSA will need to have access to the keys, or at least to software that makes use of said keys (or whatever other system is used). That means, in many countries, instead of half a dozen unknown people with the 'secret' there are many thousands of people, many of whom will have questionable loyalty (ie in it for power and money). Can you tell me that even within the best police force in the world there's not one single officer who will be motivated to abscond with the data? That with the best security known to man that there won't be someone who will see an opportunity and take it?
"Security by obscurity" is actually kinda important when we're dealing with some of the bigger secrets - the less people who know the less people can be inclined to act. Give one or two trustworthy people a big secret and they may take it to their grave. Give one or two million people a very valuable secret, and many of them will let it out.
There are two key motivators to get a man to do anything - love of money (or "fame and fortune") and love of family. The priorities might be somewhat reversed for women - love of family first, then love of money/fame, but these are still the two biggest motivators. People with access to the keys are going to be offered a lot of money to give them up, while others are going to find their families are being targeted. Those keys will be worth millions to any one with the desire to use them, and it'll be worth sending your minions after every local cop's family, after local council members families, or anyone in government or elsewhere. The value of getting people with the secret to talk will be high, and it only takes one to do it.
And then there's the issue of international treaties, and perhaps changes in who we're friends with today and who wants to kill us tomorrow....
--> Yet another stupid from the current US government...
There are two key motivators to get a man to do anything - love of money (or "fame and fortune") and love of family. The priorities might be somewhat reversed for women - love of family first, then love of money/fame, but these are still the two biggest motivators.
You are overlooking another very powerful motivator here: vengeance.
You are overlooking another very powerful motivator here: vengeance.
IME vengenace is very often motivated by a desire to exact retribution on people who have harmed ones you love - a desire to correct an injustice (although perhaps with just a tad extra pain, suffering, and bleeding on the part of the other side than they did to you).
It's an emotion my family knows well.
Although, other reasons for wanting it can occur I guess :)
the toss with the likes of inept politicians who clearly don't see the flaw in their logic, why doesn't someone create a suitable example of encrypted software with a carefully crafted backdoor - the sort law enforcement are after and put it out there.
Clearly label is as such and challenge the world to work it out.
some may crack it and stay quiet in the hopes their silence buys acknowledgment that there is no risk, but I believe there are enough people who just for kudos will work the system to failure.
Then you have a certified example of proof.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
