SoylentNews is people
SoylentNews
from the Mister-Potato-Head!-Mister-Potato-Head!-Back-doors-are-not-secrets! dept.
Senators Diane Feinstein (D-CA) and Chuck Grassley (R-IA) are preparing legislation that would regulate encryption and potentially mandate "backdoors." The Senate Judiciary Committee has been meeting with tech lobbyists and at least three researchers to come up with a "secure way" to allow only law enforcement to access encrypted information:
US lawmakers are yet again trying to force backdoors into tech products, allowing Uncle Sam, and anyone else with the necessary skills, to rifle through people's private encrypted information. Two years after her effort to introduce new legislation died, Senator Dianne Feinstein (D-CA) is again spearheading an effort to make it possible for law enforcement to access any information sent or stored electronically. Such a backdoor could be exploited by skilled miscreants to also read people's files and communications, crypto-experts continue to warn.
Tech lobbyists this month met the Senate Judiciary Committee to discuss the proposed legislation – a sign that politicians have changed tactics since trying, and failing, to force through new laws back in 2016. New York District Attorney and backdoor advocate Cyrus Vance (D-NY) also briefed the same committee late last month about why he felt new legislation was necessary. Vance has been arguing for fresh anti-encryption laws for several years, even producing a 42-page report back in November 2015 that walked through how the inability to trawl through people's personal communications was making his job harder.
Tech lobbyists and Congressional staffers have been leaking details of the meetings to, among others, Politico and the New York Times.
From the NYT article:
A National Academy of Sciences committee completed an 18-month study of the encryption debate, publishing a report last month. While it largely described challenges to solving the problem, one section cited presentations by several technologists who are developing potential approaches. They included Ray Ozzie, a former chief software architect at Microsoft; Stefan Savage, a computer science professor at the University of California, San Diego; and Ernie Brickell, a former chief security officer at Intel.
[...] The researchers, Mr. Ozzie said, recognized that "this issue is not going away," and were trying to foster "constructive dialogue" rather than declaring that no solution is possible.
Also at The Hill.
Previously: New Paper on The Risks of "Responsible Encryption"
Report On Device Encryption Suggests A Few Ways Forward For Law Enforcement
Senator Wyden Calls on Digital Rights Activists to Block Legislative Efforts to Weaken Encryption
(Score: 2) by Wootery on Wednesday April 11 2018, @02:08PM (3 children)
You seem to be ignoring the indirect consequences of making other people's devices work for you, rather than for them: they stop buying from you, and start buying from your competitors. We've already seen US-based cloud vendors take a hit for the US's spying practices.
(Score: 1) by pTamok on Wednesday April 11 2018, @06:02PM (1 child)
Actually, no, I'm not.
1) Try buying a commercially available PC or Server CPU that doesn't have ME, PSP or TrustZone in it. You'll find it is not easy. I am aware of niche items, like the Talos workstation.
2) You may have missed the 'what if?' point I made, which was that if the USA opened up ME/PSP/TrustZone, and made the technology open to all governments, there would be a strong incentive for it to be used. It would not take much - many campaigners are trying to get Intel and AMD to open up the Secure Enclaves so that FLOSS firmware could be loaded. The other edge to that sword is that opening up the technology allows any government to impose its own requirements about running government signed firmware.
If you make back-doors available to everyone, then you can make cosy agreements with other governments about which back-doors are mutually transparent to each other. If you impose a requirement that government sanctioned code/certificates must be present in the secure enclave, or you can't legally use the Internet, then you close off options of buying cpus from elsewhere.
It would be frighteningly easy to implement. Telecommunications carriers already install a lot of monitoring equipment for governments that the general population is not aware of, so the process is not novel. Specialists are aware of things like 'Legal Intercept Modules' that are installed in certain equipment used by carriers, and things like Room 641A [wikipedia.org] are well known in the (rather small) information security community. Knowledge of such things is 'out there', but it certainly is not mainstream, even after Snowden.
(Score: 2) by darkfeline on Friday April 13 2018, @07:13PM
That's because ME (and related) is a feature for the user. Enterprises use it to control their hardware. They literally pay extra money for this feature (or at least, for the feature to be enabled. A CPU model might support ME in hardware, but only the more expensive variants will have it enabled).
If, somehow, non-ME CPUs start becoming a desirable feature for a large proportion of purchasers, then there will be commercially available PCs that don't have. So far, that is not the case (no, SN does not comprise a large proportion of purchasers).
Join the SDF Public Access UNIX System today!
(Score: 2, Insightful) by Anonymous Coward on Wednesday April 11 2018, @06:19PM
at&t got caught splitting the internet feed in san fransisco for the @#$%^ NSA and the vast majority of people won't even switch their phone carriers.