Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Wednesday January 25 2017, @11:22AM   Printer-friendly
from the ROT-13-is-too-secure dept.

Like other politicians and government officials, President Trump's nominee for the position of Attorney General, Jeff Sessions, wants to have it both ways when it comes to encryption:

At his confirmation hearing, Sessions was largely non-committal. But in his written responses to questions posed by Sen. Patrick Leahy, however, he took a much clearer position:

Question: Do you agree with NSA Director Rogers, Secretary of Defense Carter, and other national security experts that strong encryption helps protect this country from cyberattack and is beneficial to the American people's' digital security?

Response: Encryption serves many valuable and important purposes. It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national-security and criminal investigations.

Despite Sessions' "on the one hand, on the other" phrasing, this answer is a clear endorsement of backdooring the security we all rely on. It's simply not feasible for encryption to serve what Sessions concedes are its "many valuable and important purposes" and still be "overcome" when the government wants access to plaintext. As we saw last year with Sens. Burr and Feinstein's draft Compliance with Court Orders Act, the only way to give the government this kind of access is to break the Internet and outlaw industry best practices, and even then it would only reach the minority of encryption products made in the USA.

Related: Presidential Candidates' Tech Stances: Not Great


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by Thexalon on Wednesday January 25 2017, @01:28PM

    by Thexalon (636) on Wednesday January 25 2017, @01:28PM (#458469)

    Or, more to the point, it basically adds up to "anything the (supposed) Good Guys can use, the Bad Guys can use too". It's just like how if you keep a key to your house under the potted plant in your backyard, a burglar can look there too, find the key, and get right in.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 5, Insightful) by Anal Pumpernickel on Wednesday January 25 2017, @01:50PM

    by Anal Pumpernickel (776) on Wednesday January 25 2017, @01:50PM (#458477)

    We shouldn't assume those working for the government are necessarily good guys, either. There are often bad people working for the government (especially intelligence agencies and the like) and sometimes there is even an systemic effort to suppress certain groups of people (such as journalists, activists, whistleblowers, etc.). Given all the atrocities the US government has committed, it would be foolish to think of it as a good guy that can be trusted with our secrets.

    But even if I assume that the government can be trusted and that they can provide adequate security now and in the future, surrendering everyone's liberties in exchange for security is a cowardly act. If one person wants to make the personal decision to surrender their ability to use strong encryption, then fine, but leave me out of it.

    • (Score: 2) by Thexalon on Wednesday January 25 2017, @02:12PM

      by Thexalon (636) on Wednesday January 25 2017, @02:12PM (#458485)

      That's why I said "(supposed) Good Guys". You obviously leave that out when talking to Sessions and people who think like him, because authoritarians think only in terms of "we're the Good Guys, everyone else is the Bad Guys".

      --
      The only thing that stops a bad guy with a compiler is a good guy with a compiler.
      • (Score: 0) by Anonymous Coward on Wednesday January 25 2017, @04:35PM

        by Anonymous Coward on Wednesday January 25 2017, @04:35PM (#458521)

        It is quite funny. Obama and his team built the current system up over what they inherited, and that was OK. Obama's people also called for backdoors, and that was OK by most of the left as well. But a few days after the new team takes over, and the system they inherited is now ultimate evil, and folks on the new team saying the same things as the old team are cause for panic (and buying copies of 1984).

        • (Score: 5, Informative) by Anal Pumpernickel on Wednesday January 25 2017, @04:44PM

          by Anal Pumpernickel (776) on Wednesday January 25 2017, @04:44PM (#458524)

          That's strange, because I seem to recall countless criticisms of Obama and his cohorts over the issue of the surveillance state. There was certainly a lot of discussion about it on this website. Partisan hacks are nothing new and exist on both sides, so what are you even referring to?

          • (Score: 1, Touché) by Anonymous Coward on Wednesday January 25 2017, @05:14PM

            by Anonymous Coward on Wednesday January 25 2017, @05:14PM (#458537)

            But but libruls are evil!

            I'll bet this whole thing is fake news spread by libruls! Trump is going to make sure we have fantastic encryption! The best encryption!

            Trump! Trump! Trump!

          • (Score: 2) by DeathMonkey on Wednesday January 25 2017, @06:16PM

            by DeathMonkey (1380) on Wednesday January 25 2017, @06:16PM (#458563) Journal

            Obama Won’t Seek Access to Encrypted User Data [nytimes.com]

            The Obama administration has backed down in its bitter dispute with Silicon Valley over the encryption of data on iPhones and other digital devices, concluding that it is not possible to give American law enforcement and intelligence agencies access to that information without also creating an opening that China, Russia, cybercriminals and terrorists could exploit.

            The fact that they actually made the right call helps...

            • (Score: 0) by Anonymous Coward on Thursday January 26 2017, @12:58AM

              by Anonymous Coward on Thursday January 26 2017, @12:58AM (#458758)

              They are all pro-surveillance.

              This should not in any way be a partisan issue, it is US (the people) versus THEM (the politicians and their authoritarian backers of various stripes and creeds.)

              We need to remind them who is in charge and stop acting like livestock for them to do as they please.

              And people need to stop whining about liberals or conservatives and allowing them to divide us over the stupid parts of each side's ideology, rather than uniting over the common pieces neither side SUPPOSEDLY wants infringed.

        • (Score: 3, Insightful) by Thexalon on Wednesday January 25 2017, @05:08PM

          by Thexalon (636) on Wednesday January 25 2017, @05:08PM (#458534)

          I've been consistently critical of the surveillance state, regardless of who's in charge of it. And I'm certainly not alone in that.

          I agree that partisan hackery exists, on all sides, but there is such a thing as ideological consistency. Basically, scratch somebody who works specifically in politics (whether professionally or not), and you'll find a lot of partisan hacks. Go for anybody else, and you'll find that while they often favor one party over another, they're much less partisan hacks.

          --
          The only thing that stops a bad guy with a compiler is a good guy with a compiler.
  • (Score: 2) by LoRdTAW on Wednesday January 25 2017, @01:54PM

    by LoRdTAW (3755) on Wednesday January 25 2017, @01:54PM (#458480) Journal

    It's just like how if you keep a key to your house under the potted plant in your backyard, a burglar can look there too, find the key, and get right in.

    I'd say it's more akin to allowing johnny law to have a skeleton key to every lock "just in case". Once that key is discovered and copied, it's all over and there is no going back. A free for all will ensue.

    • (Score: 3, Informative) by darnkitten on Wednesday January 25 2017, @05:41PM

      by darnkitten (1912) on Wednesday January 25 2017, @05:41PM (#458549)

      I'd say it's more akin to allowing johnny law to have a skeleton key to every lock "just in case".

      Already have 'em... [knoxbox.com]

      They're intended for fire departments, but...

      • (Score: 2) by urza9814 on Friday January 27 2017, @12:53AM

        by urza9814 (3954) on Friday January 27 2017, @12:53AM (#459227) Journal

        I'd say it's more akin to allowing johnny law to have a skeleton key to every lock "just in case".

        Already have 'em...

        They're intended for fire departments, but...

        1) They're not on every lock. They're on apartments and office buildings which voluntarily decided to grant that access. I have no problem with the government having a program where I can voluntarily submit my encryption key. I wouldn't, but they're free to provide a drop box for 'em.

        2) It's not a single master key, it's a different key for every local fire department. Much less risk. But of course, you can't really do that with crypto as it isn't tied to a physical location.

        3) I believe most building codes specify that your front door has to be weak enough that the fire department can break it down. In the commercial buildings where these things are installed, the doors are often glass. So if they didn't have these keys they'd just use "brute force" and break through the door, which would probably be *faster* than using the key anyway. So unlike crypto keys, physical keys don't actually offer much protection to begin with.

        4) Those boxes should be installed so they trip the building alarms when opened. In a fire, it doesn't matter, because the alarm is already going off. If you open one to try to break in when there ISN'T a fire, you're going to have the whole damn building coming towards you wondering what the hell is going on.

    • (Score: 2) by tibman on Wednesday January 25 2017, @07:00PM

      by tibman (134) Subscriber Badge on Wednesday January 25 2017, @07:00PM (#458593)

      Here, you can 3d print TSA master keys: https://github.com/Xyl2k/TSA-Travel-Sentry-master-keys [github.com]

      --
      SN won't survive on lurkers alone. Write comments.