Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday May 19 2020, @06:54PM   Printer-friendly
from the gettin-the-camel's-nose-under-the-tent dept.

AG Barr seeks 'legislative solution' to make companies unlock phones:

ACLU Senior Staff Attorney Brett Max Kaufman responded to [US Attorney General] Barr's comments, saying "Every time there's a traumatic event requiring investigation into digital devices, the Justice Department loudly claims that it needs backdoors to encryption, and then quietly announces it actually found a way to access information without threatening the security and privacy of the entire world. The boy who cried wolf has nothing on the agency that cried encryption." While Barr's push for backdoors and cooperation from phone manufacturers raises concerns, Kaufman's response doesn't address that the DoJ isn't seeking the ability to unlock phones, but to do so as quickly as possible.

Apple's refusal to work with law enforcement has been an issue for years. The company wants to ensure its users feel confident in trusting Apple with their data, yet police and the FBI say that the refusals to cooperate hinder investigations and put lives at risk. It sounds like Barr wants to put a system into law that would oblige Apple to comply in future cases. How realistic this plan is -- or how much buy-in from politicians it will get -- remains to be seen, though it would force Apple to rethink how it approaches user privacy.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by DannyB on Tuesday May 19 2020, @07:26PM (14 children)

    by DannyB (5839) Subscriber Badge on Tuesday May 19 2020, @07:26PM (#996479) Journal

    He wants Apple / Google / Microsoft, etc to make products that are secure. Actually secure. (or so he claims)

    But then magically, as if by some spell, when a judge signs a piece of paper, the device mysteriously becomes insecure.

    How can this be?
    * does the device know that a judge signed a warrant?
    * does the device know that it was a real judge?
    * does the device know that it was a real warrant?

    I'm sure Barr will provide no answers for this mysterious magical fantasy, or how it could possibly be built, but will insist it be legislated into law.

    The device is either secure, or insecure. There is no try.

    If it is secure, then nobody can break in to it. Not even the government -- not even with a magical warrant.

    If the government can get into it (the warrant is irrelevant), then it is insecure -- and hackers, malware and state enemies can also get in.

    There is no halfway. Some people say the sun rises in the East. Others say it rises in the West. One of these views is correct, and the other is not. There is no trophy for participation. No feel good platitude of the wrong answer being "close" to right, so no hurt feewings.

    What Barr wants is an impossibility. Or what he really wants is insecurity, but branded as security, when it is not. And that's the most likely explanation.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    Starting Score:    1  point
    Moderation   +4  
       Insightful=3, Informative=1, Total=4
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: -1, Redundant) by Anonymous Coward on Tuesday May 19 2020, @07:38PM (6 children)

    by Anonymous Coward on Tuesday May 19 2020, @07:38PM (#996484)

    Some people say the sun rises in the East. Others say it rises in the West. One of these views is correct, and the other is not.

    The earth rotates around the sun, dumbass.

    • (Score: 1, Informative) by Anonymous Coward on Tuesday May 19 2020, @07:58PM (3 children)

      by Anonymous Coward on Tuesday May 19 2020, @07:58PM (#996495)

      The Earth and Sun revolve around the barycenter, dumbass.

      • (Score: 2, Informative) by pTamok on Tuesday May 19 2020, @09:38PM (2 children)

        by pTamok (3042) on Tuesday May 19 2020, @09:38PM (#996559)

        To a first approximation, yes, but as the apparent sunrise and sunset are generated by the Earth's rotation about its own axis, it is also pretty much irrelevant. What is more relevant is the angle of the Earth's rotation axis with respect to the plane of the orbit around the sun, because if it is not 90 degrees, the apparent location of sunrise and sunset vary according to where the Earth is in its orbit around the sun, and where you are on Earth. It won't always be exactly East. In some places, at some times, it doesn't rise above the horizon every day, and in other places it doesn't set below the horizon every day.

        • (Score: 0) by Anonymous Coward on Wednesday May 20 2020, @04:23AM (1 child)

          by Anonymous Coward on Wednesday May 20 2020, @04:23AM (#996745)

          I think you may have missed the joke. The grandparent seems more of a jab at the great grandparent's attempt at pedantic trolling than an actual attempt to explain anything related to the factors affecting sunrise location.

          • (Score: 1) by pTamok on Thursday May 21 2020, @09:23AM

            by pTamok (3042) on Thursday May 21 2020, @09:23AM (#997319)

            Oh, I didn't miss the joke*. But it was a grand opportunity to inform/educate possible spectators.

            *Some would say I missed the joke, others would agree that I didn't, but I'll take a compromise position mid-way between the two - a quantum superposition of missing the joke or not. Just don't put me in a box with a radioactive cat.

    • (Score: 0) by Anonymous Coward on Tuesday May 19 2020, @08:00PM

      by Anonymous Coward on Tuesday May 19 2020, @08:00PM (#996501)

      The earth rotates around its axis, it orbits around the sun.

    • (Score: 0) by Anonymous Coward on Tuesday May 19 2020, @08:32PM

      by Anonymous Coward on Tuesday May 19 2020, @08:32PM (#996522)

      I just LOVE seeing these genius posts :D

  • (Score: 2, Insightful) by fustakrakich on Tuesday May 19 2020, @08:19PM (1 child)

    by fustakrakich (6150) on Tuesday May 19 2020, @08:19PM (#996511) Journal

    It's not really so complex. There is nothing special about the man. Just your regular sociopath doing what he is told to do, just like that guy in the FCC, and various other bureaucracies. Far beyond the quaint concepts of "morality" and legality is their primal authoritarianism that people apparently find appealing, considering the lack of resistance.

    --
    La politica e i criminali sono la stessa cosa..
    • (Score: 4, Interesting) by Thexalon on Wednesday May 20 2020, @03:54PM

      by Thexalon (636) on Wednesday May 20 2020, @03:54PM (#996941)

      According to Stanley Milgrim's experiments anyways, it's more specifically that about 2/3 of people find authoritarianism appealing enough that they'll participate in killing a friendly innocent-seeming person just because somebody else told them to without any threats or coercion whatsoever. Apparently, our brains don't like spending the time and energy on moral calculations, so we are perfectly fine letting somebody else do it for us.

      And yes, this manifests in other ways, e.g. having your religious leader tell you what you're supposed to think is good behavior rather than figuring it out for yourself.

      --
      The only thing that stops a bad guy with a compiler is a good guy with a compiler.
  • (Score: 2) by JoeMerchant on Tuesday May 19 2020, @08:57PM (2 children)

    by JoeMerchant (3937) on Tuesday May 19 2020, @08:57PM (#996541)

    This statement is true:

    refusals to cooperate hinder investigations and put lives at risk.

    However, cooperation makes devices inherently insecure, investigative fishing expeditions (particularly trawl nets) all too easy, and the resulting insult to liberty affects us all, all the time, not just a tiny minority on rare occasions, potentially resulting in a much larger overall loss not only in quantity of life but also quality of life. These are the questions the lady with the blindfold and scales is supposed to answer.

    When strong crypto is outlawed, only outlaws will use strong crypto... which in some ways makes it easier to profile them...

    Barr doesn't understand the tech, he just knows what he wants. It's like the definition of pornography: you know when you see it, right? (IME that's a really blurry line ranging from exposed ankles all the way up the scale.)

    Using the simple logic of private key encryption: all devices from a given manufacturer could be assigned (different) public keys that are periodically updated (like App software) to mitigate any potential uncontrolled losses of keys. The manufacturer, or their agent, then keeps the private keys and when a proper warrant is issued from a proper judge the keeper of the keys releases the private key matching the public key provided on the warrant. The keeper of the keys (company or government, same order of magnitude of cost either way) is the arbiter of when a real judge has signed a real warrant. It's a complex, costly, and breach prone system that puts trust in the keeper of the keys (but really no more trust than we put in today's software and hardware manufacturers), it's today's technical solution to Barr's dreams. I believe in the past this has been referred to as a key escrow system.

    If I had anything to hide, first I'd be using steganography rather than straight up cryptography to hide it, multi-layer steganography that reveals a low value secret upon "reveal" of "the" decryption key.

    Reminds me, I'm overdue to rotate the banking passwords.

    --
    🌻🌻 [google.com]
    • (Score: 1, Informative) by Anonymous Coward on Tuesday May 19 2020, @09:27PM (1 child)

      by Anonymous Coward on Tuesday May 19 2020, @09:27PM (#996552)

      Cooperating puts lives at risk, so the true statement that not cooperating puts lives at risk isn't persuasive by itself. Making weak security increases the number of dissidents murdered by authoritarian regimes. Including dissidents working to further US national security interests by leaking information that is useful to American interests about things like the abuses of Uighurs in China, or the regime in Iran. It also endangers women who have stalkers, and countless other categories. See, the "think of the children" game is easy to play, and I can play it just as well as Barr.

      The only thing that matters is the net tradeoffs and weighing cost/benefit. Privacy is vital to functioning democracy and basic liberties. It always has been. We've always had the ability to speak privately to our friends and colleagues without the government listening in and getting a transcript of every conversation. And that hasn't changed just because my conversations are more likely to happen over a chat app than over a pint at the tavern these days. Having private conversations isn't some new menace -- it's the way things have always been, and it needs to be preserved. Barr is an authoritarian asshole who is offended by the people not having to fall in line with his ideology, and we have to fight men like him tooth and nail.

      Posting as anonymous coward, because I can.

      • (Score: 2) by JoeMerchant on Tuesday May 19 2020, @10:39PM

        by JoeMerchant (3937) on Tuesday May 19 2020, @10:39PM (#996600)

        And that hasn't changed just because my conversations are more likely to happen over a chat app than over a pint at the tavern these days. Having private conversations isn't some new menace -- it's the way things have always been

        But there is a fundamental shift... In the days of the Founding Fathers, a conversation over a pint at a tavern included, at most, a half dozen or so friends (unless you're shouting loud enough for the whole pub to hear, defeating the idea of privacy), and these people geographically intersected at the time of the conversation. The metadata: who was sitting at your table, was relatively public record, and the information exchanged in that conversation could only travel away from the meeting at a limited speed. Something as large as blueprints for a battleship couldn't be covertly carried or exchanged. Over the last 150 years, technology has been boiling that frog of limited information diffusion to the point that today I can post messages in a widely read public forum (NOT SN!) where thousands of people a minute read it. That message may have a cryptographic component that instantly, secretly, reaches thousands of interested people all over the globe (Jedi Order 66, or whatever...) This is fundamentally different than a guy on a horse looking at lamps in a tower then riding through town after town shouting "The British are Coming!"

        Yes, we should have privacy. There are vetted, open source apps you can install on your phone if you feel the need to have private conversations - I wholeheartedly encourage EVERYONE to do this, because if only a few do it, then the very act of having that private conversation is going to make certain people think you are up to something. Expecting that your phone, as delivered, does anything to protect your privacy is naive and delusional.

        As is any trust you place in the AC feature of SN - it's better than nothing, but are you accessing via TOR? If so, you're probably on a watchlist already...

        --
        🌻🌻 [google.com]
  • (Score: 4, Insightful) by All Your Lawn Are Belong To Us on Tuesday May 19 2020, @09:15PM

    by All Your Lawn Are Belong To Us (6553) on Tuesday May 19 2020, @09:15PM (#996547) Journal

    It would be if the world was one-dimensional.

    Is your device secure from you? If so you'd probably buy another device. Is your device secure from me? How can your device be open to you and not to me and you still call it secure???

    It is likely possible to build a truly secure device. "Likely" because usually in security it is always safe to assume there are no absolutes - security is relative. For security is merely an expression of the degree of confidence that one has mitigated risks one is concerned about. How much will you invest to mitigate the potential risks? On a non-walled garden system you almost certainly have more options to encrypt things in ways that cannot be broken, no matter what the manufacturer has installed.

    For example, as in the other story today about the phone being cracked by the FBI. The FBI did crack the phone. And the story also noted that Apple is willing to turn over unencrypted iCloud backups when proper warrants are issued.

    The obvious slippery way out (for Apple devices) is for Apple to either voluntarily through negotiation or by legislative action have it mandated that iCloud backups must be always enabled. (And then Apple might retaliate as they threatened to originally in proceeding to encrypt iCloud backups).

    At any rate the government might indeed compel what Barr is seeking. Your phones would be insecure. From the Government. (and then any hacker who figures out the scheme or the encryption engineers sell the keys to China or whomever...)

    --
    This sig for rent.
  • (Score: 2) by krishnoid on Tuesday May 19 2020, @09:56PM

    by krishnoid (1156) on Tuesday May 19 2020, @09:56PM (#996574)

    Request with case number signed with digital certificate?