SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow1
Trump's Department of Justice is trying to get a do-over with its campaign to get backdoors onto iPhones and into secure messaging services. The policy rebrand even has its own made-up buzzword. They're calling it "responsible encryption."
After Deputy Attorney General Rod J. Rosenstein introduced the term in his speech to the U.S. Naval Academy, most everyone who read the transcript was doing spit-takes at their computer monitors. From hackers and infosec professionals to attorneys and tech journalists, "responsible encryption" sounded like a marketing plan to sell unsweetened sugar to diabetics.
Government officials -- not just in the U.S. but around the world -- have always been cranky that they can't access communications that use end-to-end encryption, whether that's Signal or the kind of encryption that protects an iPhone. The authorities are vexed, they say, because encryption without a backdoor impedes law-enforcement investigations, such as when terrorist acts occur.
[...] "Look, it's real simple. Encryption is good for our national security; it's good for our economy. We should be strengthening encryption, not weakening it. And it's technically impossible to have strong encryption with any kind of backdoor," said Rep. Will Hurd (R-Texas), when asked about Rosenstein's proposal for responsible encryption at The Atlantic's Cyber Frontier event in Washington, D.C.
Source: Great, now there's 'responsible encryption'
(Score: 1) by Chromium_One on Monday October 30 2017, @09:04AM (7 children)
Best idea evar! Surely, only the people who engineered the back doors could ever possibly exploit them!
[insert long stream of profanities here]
When you live in a sick society, everything you do is wrong.
(Score: 3, Insightful) by Fluffeh on Monday October 30 2017, @09:24AM (5 children)
They don't care if your phone is hacked by someone else... as long as they can get into it if they care to.
Also, clearly then, if your phone cannot be accessed... you have something to hide. What are you hiding??
(Score: 0) by Anonymous Coward on Monday October 30 2017, @09:35AM (3 children)
None of your business. Now, can you please go back to respect me as a person?
(Score: 2) by MostCynical on Monday October 30 2017, @11:37AM (2 children)
Respect is often, apparently, bought, or, sometimes, demanded (usually without right).
Of *course* your government respects you.
Do *you* respect the government appropriately? (They can check, by reading your messages...)
*elections are bought, either by convincing by advertising, boondoggles, corrupted boundary management... it all takes money)
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 0) by Anonymous Coward on Monday October 30 2017, @01:39PM (1 child)
My comment was not targetted at the government specifically.
The point that I tried to make is that I'm more or less forced to open up everything to strangers (government or others) for no apparent reason. They can't know if I'm hiding something for them or it's just none of their business (I have no obligations towards them to show it). Yet, by demanding that I open up things I feel attacked (they don't respect me and the way I things do) and try to take control from me, the actions I do and my freedom to think and act as I see fit as an individual. As soon as I can't keep things to myself I'm not free of my own thoughts any more. That is the point of privacy, not that "I have something to hide".
(Score: 2) by Fluffeh on Tuesday October 31 2017, @05:58AM
Haha, sorry. I really should have used <sarcasm> tags around that bit - I totally agree with you.
I totally value privacy and loathe what is happening with this whole concept of "only people who are hiding something won't share their data willingly". Utter bollocks, but very sadly it's the tune of the last ten years as far as anyone in power is concerned.
(Score: 0) by Anonymous Coward on Monday October 30 2017, @04:12PM
"Your suggestion that I have nothing to hide is an admission that you have no reason to look. So leave me alone and get back to work...
(sotto voce: you stupid cop)".
(Score: 5, Insightful) by Runaway1956 on Monday October 30 2017, @12:03PM
Well, now, we all know that the NSA and various intel services have never had their stuff stolen. I mean, how could that even happen? They keep their stuff locked down tight, and NO ONE can get to it. Surely we can feel safe when government promises to keep our stuff secure.
http://mashable.com/2017/10/26/kaspersky-nsa-contractor-mistake-russia/ [mashable.com]
http://money.cnn.com/2017/04/14/technology/windows-exploits-shadow-brokers/index.html [cnn.com]
https://thehackernews.com/2017/01/nsa-windows-hacking-tools.html [thehackernews.com]
http://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers [wired.co.uk]
Well, just look at all of that! If those assholes in WAshington can't keep their own stuff safe, why should I believe they'll keep MY stuff safe?
I just continue screwing for chastity. I have as much chance of getting that right, as they have of getting "responsible" anything right.
(Score: 5, Informative) by Anonymous Coward on Monday October 30 2017, @09:31AM (3 children)
Die
(Score: 2, Informative) by Anonymous Coward on Monday October 30 2017, @11:15AM
underrated post
(Score: 0) by Anonymous Coward on Monday October 30 2017, @11:20AM
be careful alienating the ministry of truth!
(Score: 3, Funny) by DannyB on Monday October 30 2017, @04:03PM
If those nerds in Silicone Valley can create perpetual motion machines and faster than light engines, then why can't they create Responsible Encryption which is perfectly secure until the moment that a judge signs a warrant?
(do I need an /s tag here?)
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 2, Insightful) by Anonymous Coward on Monday October 30 2017, @09:45AM
Great, another term that means the exact opposite of what it means. Doubleplusgood.
(I'd rant about this, but pretty much everyone here is already familiar with all of the reasons why backdoors and "golden keys" and pixie dust are stupid, so I'll spare both your eyes and my keyboard.)
(Score: 5, Informative) by pTamok on Monday October 30 2017, @09:58AM
I recommend reading the comments on Bruce Schneier's blog entry covering this topic, and the EFF response.
Bruce Schneier's blog: https://www.schneier.com/blog/archives/2017/10/fbi_increases_i.html [schneier.com]
EFF: https://www.eff.org/deeplinks/2017/10/deputy-attorney-general-rosensteins-responsible-encryption-demand-bad-and-he [eff.org]
(Score: 3, Insightful) by Anonymous Coward on Monday October 30 2017, @10:26AM (4 children)
'Responsible encryption' is no more responsible than 'intelligent design' is intelligent.
(Score: 3, Informative) by c0lo on Monday October 30 2017, @11:51AM (3 children)
'Responsible encryption' is like 'responsible rape'.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Touché) by Anonymous Coward on Monday October 30 2017, @01:35PM
Responsible encryption enables nonconsensual decryption.
(Score: 0) by Anonymous Coward on Monday October 30 2017, @03:36PM (1 child)
Actually, it's a lot like "responsible disclosure" - the idea that when you find a security hole that could cause untold lost data for millions of people, you should give the marketing department three to six months to do damage control before telling those affected that they are at risk.
Both are based on the idea that the bad guys will never know what the good guys know, and that the people who do get the information are by definition the good guys, and both are in reality only an advantage to the bad guys.
(Score: 3, Insightful) by DannyB on Monday October 30 2017, @04:08PM
Responsible Disclosure means that you contact the party with the vulnerable system. In the current environment, describing to a big corporation how their vulnerable system can be trivially exploited is likely to get you arrested or worse.
It seems a lot safer to anonymously leak the information in a way that gets widest possible exposure.
If the big corporations don't like it, they brought it on themselves by their past behavior towards people who tried to responsibly disclose. Sort of like how advertisers created the necessity of ad blockers by their own unrestrained out of control behavior.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 0) by Anonymous Coward on Monday October 30 2017, @10:45AM (7 children)
Sure, because the bad guys will not ever learn how to get safe encryption anyway.</sarcasm> The cat is out of the bag, you can't get it back in. And if you try to detect it, they will just add a layer of steganography to the mix.
(Score: 2) by c0lo on Monday October 30 2017, @12:24PM (6 children)
You think you mean 'the cat has bolted, too late closing the stable door'
Because 'letting the cat out of the bag' [wikipedia.org] means to 'reveal something nasty which was previously hidden', not 'solve the problem too late'
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1, Insightful) by Anonymous Coward on Monday October 30 2017, @01:32PM (1 child)
can we just say "the sources are on github, no way you can delete all the clones" instead?
why do computer people need to use expressions that grew up on a farm anyway?
(Score: 2) by c0lo on Monday October 30 2017, @02:16PM
Better "the project was forked"
Because they grew on a server silo? The next generation will be even better, they grew in the cloud.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by cmdrklarg on Monday October 30 2017, @05:58PM (1 child)
In this case I like the phrase "Pandora's box is already open."
The world is full of kings and queens who blind your eyes and steal your dreams.
(Score: 3, Funny) by Osamabobama on Monday October 30 2017, @09:02PM
Well, we can hope there's something that didn't get out.
Appended to the end of comments you post. Max: 120 chars.
(Score: 2, Disagree) by fyngyrz on Monday October 30 2017, @10:00PM (1 child)
No, it doesn't. It means to reveal facts that were previously hidden. Read the whole wikipedia article, which indicates the etymology you cite has no known basis.
Besides... the primary reason a cat would be nasty in that case is because you were idiot enough to put it in the bag. Which makes the nasty entity... you.
Encryption's not like that. Putting things deeply and blackly in the encryption bag is a good idea. Putting cats in a bag, definitely not.
(Score: 2) by c0lo on Monday October 30 2017, @10:59PM
In the context of non-tangible things, it's the same
Speaking of the use of encryption, of course it is a nasty thing... for spooks
(the fact they want it now backdoored being the 'cat that bolted out of the bag').
Which doesn't make anyone using encryption an idiot.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 5, Interesting) by stormreaver on Monday October 30 2017, @01:03PM (6 children)
We tried having an adult conversation with the DoJ about encryption for 30 years, but they keep having a childish tantrum every time we try to engage what little adult brain matter they retain. They have proven over the decades that they are not adults, but rather are little children playing with big Government weapons that they want to level at the very people they are charged with protecting.
If there are two agencies in the U.S. that cause more harm than good, they are the NSA and the TSA. We would all be better off with both of those agencies being immediately dismantled.
(Score: 3, Insightful) by bzipitidoo on Monday October 30 2017, @03:23PM (2 children)
It's not just the DoJ. The US military keeps asking for unbreakable security that they can break. Been doing that for at least 30 years. Takes them on the order of 5 to 10 years to approve computer hardware, by which time of course it is not manufactured any more because it is obsolete. Naturally the military has lots of money to throw around and can persuade manufacturers to crank out obsolete equipment, but that doesn't help much because not only has all the software also moved on, there are few people left who still know how to use the old stuff. Firefox 50 simply will not be usable on a 1990s era Pentium computer with only 64M RAM. Can't go back to Netscape 4, it doesn't understand HTML5, and won't work on most websites, plus there are, oh, thousands of security fixes.
Children? More like, so adult, they're into their second childhood. These bureaucrats are like cranky, suspicious, senile old men demanding that all the cars have their carburettors serviced and points replaced, and think that explanations that in the 1970s and 1980s electronic ignition replaced points and fuel injection replaced carburettors, is just a bunch of made up bull to dodge work and evade responsibility.
I recently learned that just trying to fax a document can be a major pain in the rear. And why would anyone want to fax? Because they don't believe email can be secure. They don't want to be bothered with public key encryption. But faxes, now, that's security, that's HIPAA compliant! If it's any security at all, it's security through obsolescence. Faxes can be sent over VoIP telephony but it's not easy, may have to slow it down, and try several times. Really need a genuine land line. I dug out some old equipment that could fax. I find that manufacturers are dropping fax functionality from newer all-in-ones. Tried an old HP all-in-one, and the damned thing threw a fit over the ink cartridges, as it is programmed to do of course. Forces the user to wait 10 minutes while it tries and tries to align the ink cartridges, won't let that step be skipped. When it finally gives up, it might consent to let you use the scanner and fax parts. To avoid that I turned to my old 56K US Robotics external faxmodem. To use it I had to find a computer with a serial port, which became uncommon in the last decade. I suppose there are USB to RS232 adapters, or external modems that connect via USB, but that would mean more time and expense. I finally managed to fax a few documents over a VoIP, using a circa 2001 Pentium 4 PC with a genuine serial port to operate the external faxmodem.
(Score: 2, Informative) by insanumingenium on Monday October 30 2017, @06:18PM (1 child)
Why can't we just treat all telecom services (including Internet) as we do most common carriers and give a legally recognised expectation of privacy?
P.S. If you run it over VoIP, you aren't HIPPA compliant anymore.
P.P.S. Yes I realize that spreading that legal fiction to Internet services won't reduce the need for encryption. Having that expectation of privacy would be a nice first step though.
(Score: 4, Insightful) by bzipitidoo on Monday October 30 2017, @07:09PM
> If you run it over VoIP, you aren't HIPPA compliant anymore.
Quite true. But that didn't matter in the least, not to me. What mattered was that the bureaucrats at the big health insurer would accept it, whereas they would not accept the exact same document via email. They didn't ask what kind of line I was on, and I sure didn't volunteer that info.
One really funny thing in a sad way is that these were legal documents-- living will and physician directives kind of stuff-- that started with the quaint legalese: "know all men..." IOW, they were meant to be public.
I've gotten to where I really loathe the HIPAA excuse. Been used too many times as a barrier to deny services and in general make things difficult for the patient. It's the medical community's goto excuse for why they can't modernize their record keeping and get away from the ridiculous paper forms they still ask patients to fill out, why they can't tell you the results of the tests they ran on you, why they can't talk to a pharmacy, why they can't explain their prices, or whatever it is they actually could do but don't feel like doing.
(Score: 0) by Anonymous Coward on Monday October 30 2017, @05:06PM (2 children)
I'm assuming you are an American. If not, then your opinion about US policy and doing harm doesn't mean much, as those agencies are supposed to cause harm to US enemies.
I don't know all the stuff the NSA does, as most of them are US government secrets. However, think about two worlds:
1) The US government has no organization which handles computer security and espionage. Everything is done piecemeal, through individual departments or outsourced contracts.
2) The US government has an organization which handles computer security and espionage.
The first world seems a lot more dangerous to the US people than the second one does. So overall, I imagine the NSA has been at least neutral, despite the bad things they have undoubtedly done.
(Extending it onward, when I personally do the same exercise for the TSA, I think the first world is better so the TSA should be abolished...)
(Score: 3, Interesting) by HiThere on Monday October 30 2017, @05:55PM
There is very little evidence that the NSA has done anything to improve security in the last decade. The amount they have done in the last three decades is dubious. They appear to have concentrated so much on espionage that they've either ignored or intentionally weakened security with every decision they have made or policy they have promoted.
I'm not really of the opinion that the NSA should be totally abandoned, but I think it should be split into two agencies, one for security and the other for espionage, and that the security should get between three and seven times the budget of the espionage agency. And that they should have entirely separate reporting and management chains of command. The spooks have proven too willing to use subterfuge to be trusted with even an indirect say in the policies of the security agency.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 3, Informative) by Anal Pumpernickel on Tuesday October 31 2017, @12:29AM
They cause harm to to the US itself by violating the highest law of the land. The people in these organizations who violate the Constitution and the ones who are responsible for their treacherous actions should be in prison, or they would be if our system made sense at all. Mass surveillance should be completely banned in all circumstances, as not only is it a violation of people's freedoms (whether foreign or not), but it makes it impossible to avoid collecting the data of actual citizens given the global nature of the Internet.
The problem of the government violating the Constitution inherently does far more damage than any amount of terrorists or foreign powers could ever do, so the mere fact that the NSA is violating the Constitution makes it evil to me.
(Score: 4, Insightful) by crafoo on Monday October 30 2017, @02:14PM
Look, guys. What did you expect? DMCA. Computer Frauds Act and associated lopsided sentencing. Driving a teenage pilferer of scientific papers to suicide.
It's not like you can claim you don't know how your masters think. Every time the boot comes in for a kick you act surprised.
(Score: 3, Interesting) by RamiK on Monday October 30 2017, @04:21PM
That's because anything signed or encrypted off stateside CAs is backdoored.
compiling...
(Score: 1, Insightful) by Anonymous Coward on Monday October 30 2017, @04:45PM
lock that dumb fuck up for sedition. next dipshit that pops up talking about weakening the people's tech, lock their stupid ass up too.
(Score: 3, Insightful) by Azuma Hazuki on Monday October 30 2017, @07:55PM
This is a category error if there ever was one. Encryption is math; it is not sentient and has no moral content. Responsible *use* of encryption would be a slightly less crackbrained idea, though still stupid--what, are you gonna put an anti-munitions law out on *your own people?*--but I don't think the kind of jerkoff who would propose this sort of thing is capable of that distinction.
I am "that girl" your mother warned you about...