Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Wednesday January 25 2017, @11:22AM   Printer-friendly
from the ROT-13-is-too-secure dept.

Like other politicians and government officials, President Trump's nominee for the position of Attorney General, Jeff Sessions, wants to have it both ways when it comes to encryption:

At his confirmation hearing, Sessions was largely non-committal. But in his written responses to questions posed by Sen. Patrick Leahy, however, he took a much clearer position:

Question: Do you agree with NSA Director Rogers, Secretary of Defense Carter, and other national security experts that strong encryption helps protect this country from cyberattack and is beneficial to the American people's' digital security?

Response: Encryption serves many valuable and important purposes. It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national-security and criminal investigations.

Despite Sessions' "on the one hand, on the other" phrasing, this answer is a clear endorsement of backdooring the security we all rely on. It's simply not feasible for encryption to serve what Sessions concedes are its "many valuable and important purposes" and still be "overcome" when the government wants access to plaintext. As we saw last year with Sens. Burr and Feinstein's draft Compliance with Court Orders Act, the only way to give the government this kind of access is to break the Internet and outlaw industry best practices, and even then it would only reach the minority of encryption products made in the USA.

Related: Presidential Candidates' Tech Stances: Not Great


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Wednesday January 25 2017, @07:43PM

    by Anonymous Coward on Wednesday January 25 2017, @07:43PM (#458615)

    how about a real physical key?
    if lawful authority has the physical encrypted device in hand then they can really unlock it with a real key and then remove the
    chips that are storing the data (and get around the encryption)?

    this would be "okay" if the real key were securely stored, difficult to copy and would leave a paper trail if removed (and used)
    from the real physical storage box .. somewhere.

    but ofc this "solution" isn't what is wanted. what IS wanted is the means to willy-nilly spy over great distances thru a
    in-place network (internet) by any 'lil whim ... and you don't have to worry because you're a good law abiding person that has nothing to hide ...