Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Sunday December 15 2019, @06:15PM   Printer-friendly
from the task-the-NSA-with-making-it dept.

Senate Judiciary Committee Interrogates Apple, Facebook About Crypto

In a hearing of the Senate Judiciary Committee yesterday, while their counterparts in the House were busy with articles of impeachment, senators questioned New York District Attorney Cyrus Vance, University of Texas Professor Matt Tait, and experts from Apple and Facebook over the issue of gaining legal access to data in encrypted devices and messages. And committee chairman Sen. Lindsey Graham (R-S.C.) warned the representatives of the tech companies, "You're gonna find a way to do this or we're going to do it for you."

The hearing, entitled "Encryption and Lawful Access: Evaluating Benefits and Risks to Public Safety and Privacy," was very heavy on the public safety with a few passing words about privacy. Graham said that he appreciated "the fact that people cannot hack into my phone, listen to my phone calls, follow the messages, the texts that I receive. I think all of us want devices that protect our privacy." However, he said, "no American should want a device that is a safe haven for criminality," citing "encrypted apps that child molesters use" as an example.

"When they get a warrant or court order, I want the government to be able to look and find all relevant information," Graham declared. "In American law there is no place that's immune from inquiry if criminality is involved... I'm not about to create a safe haven for criminals where they can plan their misdeeds and store information in a place that law enforcement can never access it."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Sunday December 15 2019, @11:28PM (3 children)

    by Anonymous Coward on Sunday December 15 2019, @11:28PM (#932534)

    When they say they will do it for you, they mean they will make it a law instead of being self regulated. Like all encrypted traffic must also be decrypted with the goverment mast private key, here is the public key for you to use.

  • (Score: 1) by pTamok on Monday December 16 2019, @12:25AM (2 children)

    by pTamok (3042) on Monday December 16 2019, @12:25AM (#932559)

    I predict a rise in the number of hobbyists who sporadically send a few kilobytes of random numbers to their friends, carefully encrypted with the government's required encryption.

    • (Score: 0) by Anonymous Coward on Monday December 16 2019, @02:36AM (1 child)

      by Anonymous Coward on Monday December 16 2019, @02:36AM (#932650)

      I know what they mean.

      As you mention, Apple can have the device encrypt a user key with an Apple public key and store the encrypted key on the device so that they can decrypt it at request. Of course if the private key ever got into the wrong hands or ever made it out on the Internet (or ever got cracked) then anyone can decrypt it.

      • (Score: 0) by Anonymous Coward on Monday December 16 2019, @07:30AM

        by Anonymous Coward on Monday December 16 2019, @07:30AM (#932728)

        Perhaps a better solution would be for the judiciary branch to have its own public/private key pair. An Apple device can encrypt the user password with Apple's public key and then encrypt that encrypted password with the judiciary branch's public key and store the encrypted password on the device. Then law enforcement would need to get a warrant from the judicial branch and they would need both Apple and the judicial branch to cooperate in the decryption of the key since each party has one of the needed private keys. This would make it more difficult for the government to secretly decrypt keys without anyone knowing since Apple will be informed and can inform the public. It would also make it impossible for Apple to secretly decrypt the keys solo since the judiciary branch also needs to be involved being they have one of the required private keys as well.

        Of course this begs the question, should device manufacturers be involved in the process at all since this really involves law enforcement?

        Perhaps law enforcement can have a public private key pair and the judiciary branch can have another public private key pair. This way neither branch can independently decrypt the password, both branches would have to cooperate. Of course this begs the question if we can trust the two branches not to secretly work together to decrypt the devices without our knowledge and conduct mass surveillance (well, presumably, they would need physical access to the device first?). In the case of the user password being encrypted by the manufacturer public key and then by the judiciary branch's public key it would be hard for the government to coerce every manufacturer into not telling the public about secretive inquiries.