Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Friday January 26 2018, @07:00AM   Printer-friendly
from the oh-my-god-give-it-a-rest-already!!! dept.

Prime Minister Theresa May has not abandoned her usual crusades:

On a break from Brexit, British Prime Minister Theresa May takes her crusade against technology giants to Davos.

"No-one wants to be known as 'the terrorists' platform' or the first choice app for pedophiles," May is expected to say according to excerpts released by her office ahead of her speech Thursday at the World Economic Forum in Davos. "Technology companies still need to go further in stepping up their responsibilities for dealing with harmful and illegal online activity."

Don't forget the slave traders.

Luckily, May has a solution... Big AI:

After two years of repeatedly bashing social media companies, May will say that successfully harnessing the capabilities of AI -- and responding to public concerns about AI's impact on future generations -- is "one of the greatest tests of leadership for our time."

May will unveil a new government-funded Center for Data Ethics and Innovation that will provide companies and policymakers guidance on the ethical use of artificial intelligence.

Also at BBC, TechCrunch, and The Inquirer.

Related: UK Prime Minister Repeats Calls to Limit Encryption, End Internet "Safe Spaces"
WhatsApp Refused to add a Backdoor for the UK Government


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Informative) by bradley13 on Friday January 26 2018, @07:32AM (20 children)

    by bradley13 (3053) on Friday January 26 2018, @07:32AM (#628140) Homepage Journal

    Gizmodo has a nice article that discusses a letter sent by a Senator to the head of the FBI, demanding a list of the cryptography experts he has talked to, who claim that backdooring is possible without destroying security. He demands this list by 23 February 2018. Gizmodo ends pungently with "We're guessing it's a short list".

    Someone with a clue, and access, needs to publicly pose this question to any leader who comes out with this bullshit. Look at the trouble we have achieving security without deliberately crippling it! They are being advised by some collection of (a) other politicians, all doing a circle jerk, (b) law enforcement experts, or (c) sadly possible, IT people who care more about money than anything else.

    If it's the latter, we want to know who they are. Government policy should not be made in a vacuum, and there should be no reason for anonymity on an issue this important.

    --
    Everyone is somebody else's weirdo.
    Starting Score:    1  point
    Moderation   +2  
       Informative=2, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 2) by bradley13 on Friday January 26 2018, @07:34AM (3 children)

    by bradley13 (3053) on Friday January 26 2018, @07:34AM (#628141) Homepage Journal
    • (Score: 2, Informative) by pTamok on Friday January 26 2018, @11:30AM (2 children)

      by pTamok (3042) on Friday January 26 2018, @11:30AM (#628216)

      And here's a link to the source:

      https://www.wyden.senate.gov/download/?id=B31DD6FF-98E8-490C-B491-7DE6C7559C71&download=1 [senate.gov]

      Note that I can make no guarantees that the text of the electronic copy you download will be the same as mine. Web.archive.org does not have access, so in the absence of digital signatures, you have to trust that the copy you get is the same as the one sent by Sen. Wyden to Christopher A. Wray, Director, FBI.

      I think the key point is asking specifically to confirm that experts have been consulted and advised that it is possible to "design government access features into [...] products without weakening cybersecurity". Maybe such questions should become a mantra for reporters and journalists who hear requests for 'government back-doors'.

      Perhaps one or several of the government agencies entrusted with knowing about these things have found a novel and subtle approach that does do what people currently believe to be impossible. If so, it would be nice if they told us about it, and not leave non-secret research to find it independently (like the S-box setting of DES [archive.org]).

      There is a way in which the intelligence agencies have got their back-door: by having knowledge of inadvertent vulnerabilities before they become well-known; and, possibly, by adding vulnerabilities (Dual EC DRBG [wikipedia.org]). The U.S. Military take a great deal of trouble to assure the supply-chain of certain of their electronics, having secure fabs etc. If you subvert the supply chain of non-military electronic components, you can ensure that pretty-much undetectable back-doors can be included from the hardware upwards [phys.org]. Some expert commentators speculate that AES was chosen as an encryption method because of its susceptibility to side-channel attacks [wikipedia.org] when not carefully implemented in hardware - in other words, cryptographically, it is fine, but it is difficult to implement properly, so that in practical use, unless someone has worked very hard on the implementation, there will be ways of extracting keys by observing the AES hardware in action. Similarly, subverting hardware random-number generators built in to processors is difficult to prove, but can give you access to the required data - some examples [wikipedia.org].

      Poor implementation of cryptography by non-expert programmers and users also subverts keys in useful ways, such as the duplication/re-use of RSA factors used in implementations across the Internet [iacr.org].

      The above vulnerabilities mean that a material portion of data that its owners thought was protected by strong encryption actually wasn't, and could easily be decoded by third parties. It is reasonable to assume that government agencies will continue to take advantage of flaws that they find that are not publicly known, and may indeed subtly encourage such flaws to appear.

      • (Score: 1) by pTamok on Friday January 26 2018, @11:46AM

        by pTamok (3042) on Friday January 26 2018, @11:46AM (#628220)

        For those interested in RSA factor re-use, there's neat web-page that goes into it here: Understanding Common Factor Attacks: An RSA-Cracking Puzzle [loyalty.org]

      • (Score: 0) by Anonymous Coward on Friday January 26 2018, @10:46PM

        by Anonymous Coward on Friday January 26 2018, @10:46PM (#628601)

        Mod this guy +40 informative, ASAP!

        *AC high five*

  • (Score: 0) by Anonymous Coward on Friday January 26 2018, @08:57AM

    by Anonymous Coward on Friday January 26 2018, @08:57AM (#628153)

    If it's the latter, we want to know who they are.

    Probably an open borders type that avoids allegations of hypocrisy by sleeping with their front door open.

  • (Score: 3, Funny) by chromas on Friday January 26 2018, @09:23AM

    by chromas (34) Subscriber Badge on Friday January 26 2018, @09:23AM (#628158) Journal

    We're guessing it's a short list

    The list is likely nonexistent. You don't want him to dereference a null pointer, do you? Consequences will never be the same!

  • (Score: 1) by anubi on Friday January 26 2018, @09:44AM (8 children)

    by anubi (2828) on Friday January 26 2018, @09:44AM (#628171) Journal

    Its kinda wishful thinking to have something have two opposing properties simultaneously...

    Any of these lawmakers take a course in logic?

    What is the solution set to the AND function of Secure AND NotSecure? Null Set?

    Either its is secure or its not. Either the bolt stays in place, or it falls apart.

    There is no such thing as something that is "secure", but magically becomes insecure just because some badge-hat orders it to fall apart.

    However, the following logic does have a solution:
    ( Ability to tax other people ) AND ( Willingness to pay for what you want to hear ).

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
    • (Score: 2) by bradley13 on Friday January 26 2018, @10:53AM (7 children)

      by bradley13 (3053) on Friday January 26 2018, @10:53AM (#628202) Homepage Journal

      I wonder if it would help if IT people had a handy analogy. Here's one that might make sense to anyone with an understanding of things mechanical:

      "Build a submarine. Make it able to go really deep. But you must build in one inwards opening hatch in the hull."

      --
      Everyone is somebody else's weirdo.
      • (Score: 1) by anubi on Friday January 26 2018, @11:10AM

        by anubi (2828) on Friday January 26 2018, @11:10AM (#628205) Journal

        Sounds just like some people I have worked for... they were good in business, not so good in engineering.

        --
        "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
      • (Score: 2) by Runaway1956 on Friday January 26 2018, @11:31AM (4 children)

        by Runaway1956 (2926) Subscriber Badge on Friday January 26 2018, @11:31AM (#628217) Journal

        An actual, current analogy isn't hard to come up with. Locks on doors and other things is pretty accurate. When most people run down to the hardware store, and buy a shiny new padlock for twenty bucks, they THINK that they have a secure device. No one can open that lock, unless they are given the key, right? WRONG! In point of fact, there are thousands of locks in circulation around the nation that can be opened by the same key. But, since those thousands are shipped to different stores in different cities, in different states, it's unlikely that any two people will ever attempt to open each other's locks.

        Then, there are master keys. Given a master key, you may be able to open twenty, or a hundred, or a thousand different locks of similar constructions. They need not even be the same brand of lock - I have succeeded in opening a Master Lock with a Brink's key.

        Beyond master keys, you have picks, which are capable of opening almost every keyed lock in existence. (There are a couple European brands which are extremely hard to manipulate - but those cost a helluva lot more than twenty bucks!)

        If a pick doesn't work for you, you can always call in a master locksmith. He has knowledge and tools with which to get into almost any lock in the world.

        Now - let's consider what lawmakers want. They are asking that all keyed locks open with a tool which only law enforcement may possess. Basically, law enforcement will have a master key which will open any keyed lock, anywhere - whether it be a padlock, a door lock, a chest, cabinet, or box lock. Every lock produced anywhere in the world must open with this master key, which only law enforment will have.

        And, naturally, as soon as the bill is introduced, six companies in the US and 35 more companies worldwide start producing these magical master keys. Within months after the bill becomes law, a hundred more companies start producing the locks. Soon, everyone in the world has a key to open any lock in the world.

        This all sounds very secure to me!! NOT!!!!

        Way back when locks and keys were first invented, Royalty should have just outlawed their use.

        • (Score: 2) by Grishnakh on Friday January 26 2018, @03:10PM (2 children)

          by Grishnakh (2831) on Friday January 26 2018, @03:10PM (#628272)

          When most people run down to the hardware store, and buy a shiny new padlock for twenty bucks, they THINK that they have a secure device. No one can open that lock, unless they are given the key, right? WRONG! In point of fact, there are thousands of locks in circulation around the nation that can be opened by the same key. ... it's unlikely that any two people will ever attempt to open each other's locks.

          It's exactly the same with car keys. There's only so many combinations you can have with a mechanical key, and I've heard of plenty of people who actually unlocked the wrong car's door, thinking it was their car, and then wondering why there was someone else's stuff inside. This doesn't happen so much now since most cars have keyless entry, but in the old days it wasn't *that* uncommon. Luckily, in modern cars, you can't drive away in the wrong car, you can only open the door.

          Now - let's consider what lawmakers want. They are asking that all keyed locks open with a tool which only law enforcement may possess.

          We actually have this already: luggage on commercial airlines is supposed to have a "TSA certified" lock, which "only" TSA has the master key for, or else they can bust your lock open to inspect the luggage. Of course, this key is pretty trivial to duplicate and there's photos and diagrams on the internet for it, so no one's luggage is safe any more. This is probably the very best analogy IMO, because it shows how silly this is. If a large government allows lots of low-level employees access to the keys, inevitably that's going to get out there, and now everyone's lock is unsafe. We've already seen this with the TSA locks.

          Way back when locks and keys were first invented, Royalty should have just outlawed their use.

          They had locks back in Roman times, predating the royalty of the Middle Ages. (While the Roman Empire had a hereditary system of choosing emperors for a while, until the Praetorian Guard just started selling the position, I wouldn't really associate the word "royalty" with the Romans, it really seems to connote the feudal system that came later.)

        • (Score: 0) by Anonymous Coward on Saturday January 27 2018, @04:00AM

          by Anonymous Coward on Saturday January 27 2018, @04:00AM (#628697)

          UK gets a new tank for the army. Just in case they are captured by the enemy, UK demanded they come with a secret weak point, so they can disable them easily.

          Problem is everyone can get such tanks even before the war, copy them over and over, and test and disassemble them until they figure where the weakness is. Because they are crypto programs, not physical tanks. The "limited money" or "hard to im/export by law" defenses don't fly, even less with civilian tools like software also used to connect with your bank webserver.

          Do UK leaders still want that tank model? If they say yes, we now know they are total morons, and deserve an army uprising to kick them out, as they will push the army into unwinnable wars, with faulty equipment, because they think politics can win over physics, maths, chemistry and all those "silly" sciences.

      • (Score: 2) by maxwell demon on Friday January 26 2018, @11:54AM

        by maxwell demon (1608) on Friday January 26 2018, @11:54AM (#628221) Journal

        Put a strong lock to your front door. But put the key under the doormat so that the police can enter if necessary.

        --
        The Tao of math: The numbers you can count are not the real numbers.
  • (Score: 3, Informative) by Wootery on Friday January 26 2018, @10:14AM (4 children)

    by Wootery (2341) on Friday January 26 2018, @10:14AM (#628184)

    For completeness: that's Senator Ron Wyden, Democrat, Oregon.

    One of the very few politicians who actually listens to cryptographers.

    • (Score: 4, Interesting) by isostatic on Friday January 26 2018, @01:00PM (1 child)

      by isostatic (365) on Friday January 26 2018, @01:00PM (#628242) Journal

      "Senator Ron Wyden" would have been enough to identify him.

      I wonder if part of partisan problem, 'football mentality', 'us vs them', in the US is the insistence that every senator and congressman to attach a "D", "R" or "I", and a state to their name at every opportunity. While in the UK we say "Bob Bobson MP", then later you may find out they are a Labour MP, or a Tory, or a Green, if it's relevant. In the US It's "Bob Bobson (R-HI)".

      Rather than listen to the point, people at large see the tribe and accept or reject the point based on the tribe printed.

      • (Score: 3, Interesting) by Wootery on Friday January 26 2018, @04:40PM

        by Wootery (2341) on Friday January 26 2018, @04:40PM (#628317)

        I'm British. I figured his party affiliation was relevant. Why should I withhold that basic information about this politician?

        You're right about partisan politics, but I hardly think now is the time.

    • (Score: 1) by fustakrakich on Friday January 26 2018, @04:06PM (1 child)

      by fustakrakich (6150) on Friday January 26 2018, @04:06PM (#628303) Journal

      Yeah well, nobody listens to Ron Wyden, so he can speak up all he wants, like a lot of other "heroic" politicians. People with real influence over what becomes law keep their heads down and eyes forward. They will speak up (confess) after they retire and a book deal is signed. This is the standard procedure. It's all a lot of talk when we need real circumvention to render the issue moot.

      --
      La politica e i criminali sono la stessa cosa..
      • (Score: 0) by Anonymous Coward on Friday January 26 2018, @05:19PM

        by Anonymous Coward on Friday January 26 2018, @05:19PM (#628343)

        not likely true of the Pauls. i know Ron wouldn't have done that and i doubt Rand would either. Even though their politics differ some, he seems to be cut from the same cloth.