SoylentNews is people
SoylentNews
The EFF addresses some shortcomings in the recent report to policy makers by the National Academies of Sciences (NAS) on encryption.
The National Academy of Sciences (NAS) released a much-anticipated report yesterday that attempts to influence the encryption debate by proposing a "framework for decisionmakers." At best, the report is unhelpful. At worst, its framing makes the task of defending encryption harder.
The report collapses the question of whether the government should mandate "exceptional access" to the contents of encrypted communications with how the government could accomplish this mandate. We wish the report gave as much weight to the benefits of encryption and risks that exceptional access poses to everyone's civil liberties as it does to the needs—real and professed—of law enforcement and the intelligence community.
The report via the link in the quote above is available free of charge but holds several hoops to hop through between you and the final PDF. The EFF recognizes that the NAS report was undertaken in good faith, but identifies two main points of contention with the final product. Specifically, the framing is problematic and the discussion of the possible risks to civil liberties is quite brief.
Source : New National Academy of Sciences Report on Encryption Asks the Wrong Questions
(Score: 2, Informative) by Anonymous Coward on Sunday February 18 2018, @05:20AM (16 children)
What gets me, is even if they do come out with an encryption standard that has "exceptional access", it won't make a bit of difference. The encryption cat is out of the bag, and we have multiple encryption specs to choose from.
(Score: 2) by Runaway1956 on Sunday February 18 2018, @06:01AM (3 children)
Bingo. You, the individual end user, need not even adhere to any standard. If you are really worried about privacy/secrecy, you may take any standard at all, and use it, or modify it, for your purposes. It isn't necessary that your new "standard" works for anyone else, aside from the person you are communicating with. You agree with him/her that $standard with $modifications using $key is your private channel - and no one is likely to break in. If/when you feel the need to include third/fourth parties in your communications, then you offer those people your new standards, and your key or key generator.
Of course, Gubbermint will probably declare you to be a de facto criminal for using your private encryption scheme.
(Score: 4, Interesting) by Dr Spin on Sunday February 18 2018, @09:09AM (1 child)
Good luck with agreeing a private encryption protocol with your bank (or Amazon).
It looks like the main purpose of this is to give criminals access to your bank accounts and enable them to buy and sell things using your name.
However, look on the bright side: it will expose every politician's dirty secrets to the entire world. There must be some merit in that?
Warning: Opening your mouth may invalidate your brain!
(Score: -1, Spam) by Anonymous Coward on Monday February 19 2018, @02:31PM
No, no funcionaría con Amazon. Pero, nuestro cartel de drogas usa adentro en casa, para comunicarse con mulas y soldados. Los anglosajones aún no lo han descifrado, y los federales son tan estúpidos como para saber qué es el cifrado.
(Score: 2) by FatPhil on Monday February 19 2018, @07:03AM
"Will"? Has already, at least in the 51st state, so I presumed it had in the original 50 states too. If encryption is fine, but you are obliged to release your keys when handed a warrent, then they are saying encryption is illegal. Because if you refuse and keep your keys private, will go to jail. There's no way else that can be interpretted except as private communication being illegal.
Personally, that disgusts me, and I would be prepared to take a stand and to cling to my keys with at least as much resolve as the NRA cling to their murder tubes. If I'm asked to decode H4sIAEd2iloCA3MrTc5WKMlIVchJLNdRyCxRL1ZIzFNILC5W5AIAIZXpARsAAAA= my response will be simply
It means capital-h four lower-case-s capital-I capital-A ...
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1, Insightful) by Anonymous Coward on Sunday February 18 2018, @06:06AM (11 children)
The cat may be out of the bag, but there's an ICBM headed towards it. After government-backdoored "encryption" is introduced, the next step is outlawing non-backdoored encryption. It doesn't matter if you're hiding porn or state secrets, if they can prosecute you for the "hiding" part (cf. civil forfeiture).
(Score: 4, Funny) by janrinok on Sunday February 18 2018, @09:21AM (10 children)
(Score: 1) by redneckmother on Sunday February 18 2018, @01:52PM (2 children)
I like this idea.
Are there any "blind drop" sites on the 'net? I have a hardware RNG, and would love to raise the background noise for the TLAs.
Mas cerveza por favor.
(Score: 2) by janrinok on Sunday February 18 2018, @11:20PM (1 child)
(Score: 2) by Bot on Tuesday February 20 2018, @04:25PM
until somebody uses it...
Account abandoned.
(Score: 2) by canopic jug on Sunday February 18 2018, @02:16PM (2 children)
They'd just throw your ass in jail until you cough up the key. However, since there is no key, you'd just stay there indefinitely.
In a much dodgier case [arstechnica.com], that has already happened.
It's a clever idea otherwise and could be tried. I suspect though that if there were enough suspicion to warrant closer attention and a larger budget, they'd just work toward an end-point compromise and eventually figure out that it was just noise.
Money is not free speech. Elections should not be auctions.
(Score: 2, Insightful) by redneckmother on Sunday February 18 2018, @02:39PM (1 child)
As others have noted, it's all about money.
If there were a "blind drop", and enough individuals would send (and read) gibberish posts, the TLAs could chase their tails until they decided to abandon such nonsensical efforts.
Who knows, perhaps one could put a little wheat in with the chaff? That possibility would give them nightmares.
I wish the gubmitt would spend more resources on improving life and respecting individual (as in living, breathing people) rights.
Mas cerveza por favor.
(Score: 0) by Anonymous Coward on Monday February 19 2018, @12:14AM
Aha, I knew there had to be more to that one ACs posts!
(Score: 2) by pipedwho on Sunday February 18 2018, @06:44PM (3 children)
The problem with this is that a law that is able to ‘forbid’ encryption is equally capable of forbidding this approach. They simply update the screed to include “...or otherwise indecipherable...”. And with the stroke of a pen your technological solution to a political problem has been rendered ineffective. The solution is to argue on philosophical, political and logical grounds.
(Score: 2) by janrinok on Sunday February 18 2018, @11:27PM (1 child)
(Score: 2) by pipedwho on Monday February 19 2018, @01:13AM
There are no laws requiring backdoored crypto at the current time. If the government decides to pen some laws and you find a technologically exploitable loophole, you can be sure that at some time shortly beyond that, that the hole will be plugged (well, at least for anyone that isn't part of the 'ruling class').
It doesn't matter how they do it, or the exact wording. The problem is arguing along this line of reasoning is futile.
If they can somehow legally ban all encryption for communications and otherwise require broken and back-doored crypto for the masses, then it isn't a far stretch that they can subsequently also make it illegal to transmit random nonsensical data.
The real arguments here should be about the legality and ethics from a civil rights perspective, and other external side effects of making effective cryptography illegal. For example, the first and fourth amendments to the US Constitution have something to say about this. And traditionally it has been an assumed right for people to communicate privately. Then for side effects; every crime organisation and foreign government will soon end up with access to everyone's communications. And criminals will just continue to use effective crypto anyway, even if it has to be coupled with steganography, thus driving the problem into the dark.
I personally don't want to have to resort to steganography to send sensitive messages (eg. design details, or pricing structures, etc) to clients to avoid rival organisation(s) (or governments) from intercepting and deciphering my messages. And for some channels of R&D and otherwise valuable information, there are big financial incentives to obtain access. Imagine the enormous monetary (and political) value of escrow keys, or back door access to a government security key database. With rewards like that, it's only a matter of time before the 'wrong' people have access.
And by definition, for me the 'wrong' people are everyone besides the intended recipient(s).
(Score: 0) by Anonymous Coward on Monday February 19 2018, @02:14AM
So Trump gets arrested for covfefe? And kids get interrogated by the FBI because agents can't understand the new lingo? People who can't spell get sent to prison?