Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Monday April 13 2015, @10:15PM   Printer-friendly
from the both-doored dept.

The Washington Post reports that Adm. Michael S. Rogers is continuing to advocate for weakened encryption as the White House explores a number of possible schemes, as illustrated by this infographic.

For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?

Recently, the head of the National Security Agency provided a rare hint of what some U.S. officials think might be a technical solution. Why not, suggested Adm. Michael S. Rogers, require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it?

"I don't want a back door," Rogers, the director of the nation's top electronic spy agency, said during a speech at Princeton University, using a tech industry term for covert measures to bypass device security. "I want a front door. And I want the front door to have multiple locks. Big locks."

[...] The split-key approach is just one of the options being studied by the White House as senior policy officials weigh the needs of companies and consumers as well as law enforcement — and try to determine how imminent the latter's problem is. With input from the FBI, intelligence community and the departments of Justice, State, Commerce and Homeland Security, they are assessing regulatory and legislative approaches, among others.

The White House is also considering options that avoid having the company or a third party hold a key. One possibility, for example, might have a judge direct a company to set up a mirror account so that law enforcement conducting a criminal investigation is able to read text messages shortly after they have been sent. For encrypted photos, the judge might order the company to back up the suspect's data to a company server when the phone is on and the data is unencrypted. Technologists say there are still issues with these approaches, and companies probably would resist them.

Google, Apple, and others have been pretty badly burned by the NSA's crimes, so it's probably safe to say Mike Rogers should file that idea under Norfolk & Way.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by c0lo on Monday April 13 2015, @11:37PM

    by c0lo (156) Subscriber Badge on Monday April 13 2015, @11:37PM (#170082) Journal
    Not [jolla.com] necessarily [aliexpress.com]
    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by kaszz on Monday April 13 2015, @11:56PM

    by kaszz (4211) on Monday April 13 2015, @11:56PM (#170089) Journal

    Think they aren't compromised by someone else instead?

    • (Score: 2) by c0lo on Tuesday April 14 2015, @12:08AM

      by c0lo (156) Subscriber Badge on Tuesday April 14 2015, @12:08AM (#170094) Journal
      Pragmatic view: if your problem is with NSA, maybe using devices compromised by others doesn't matters that much in the first instance?
      (fear and take countermeasures for the immediate dangers, survive them and then deal with more remote ones later. Because if you wait for perfection, you may be "dead in the water" long before you obtain it).
      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
      • (Score: 3, Insightful) by kaszz on Tuesday April 14 2015, @12:43AM

        by kaszz (4211) on Tuesday April 14 2015, @12:43AM (#170107) Journal

        The problem is that these kind of devices is that they are wrongly designed from start. They are designed to keep the owner from controlling his own property. And designed in a way that makes remote compromise possible when it doesn't have to be so.

    • (Score: 5, Interesting) by frojack on Tuesday April 14 2015, @12:29AM

      by frojack (1554) on Tuesday April 14 2015, @12:29AM (#170100) Journal

      Think they aren't compromised by someone else instead?

      Sure they are. But those guys don't have subpoena power here.

      I use a Yandex email account. Not because I believe Russia is above reading every (boring) email I receive. I fully expect they do.
      Just that they have no interest in me, and are unlikely to honor any subpoena from anywhere where I live.

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 2) by snick on Tuesday April 14 2015, @01:21AM

        by snick (1408) on Tuesday April 14 2015, @01:21AM (#170138)

        Just that they have no interest in me, and are unlikely to honor any subpoena from anywhere where I live.

        Sure. But if the NSA offers them $0.05, they will roll on you in a heartbeat. Cheaper/easier than getting a subpoena.

      • (Score: 2) by linuxrocks123 on Tuesday April 14 2015, @03:37AM

        by linuxrocks123 (2557) on Tuesday April 14 2015, @03:37AM (#170194) Journal

        You should just run your own email server instead.

        If you run into trouble, I've heard a nice lady with the email address hdr22@clintonemail.com got a home email setup working really well a few years ago. She should be able to assist you.

  • (Score: 2) by frojack on Tuesday April 14 2015, @12:25AM

    by frojack (1554) on Tuesday April 14 2015, @12:25AM (#170098) Journal

    But if governments are leaning on those companies I don't see how being small or overseas helps them.
    They either play along or get an import ban.

    Sure they can claim Open Source (for most things anyway) but that doesn't help unless you (or someone) inspects every line of code, and builds their own version of the OS. Who is to say the installed version matches the code. Who's to say the next update pushed is really for "bug fixes".

    I've stopped buying carrier phones. I just get the international model I'm not under the delusion that it protects me, its just one less person that got to say what when into my phone.
     

    --
    No, you are mistaken. I've always had this sig.
    • (Score: 2) by c0lo on Tuesday April 14 2015, @12:41AM

      by c0lo (156) Subscriber Badge on Tuesday April 14 2015, @12:41AM (#170106) Journal

      But if governments are leaning on those companies I don't see how being small or overseas helps them.

      If you got to the point of being illegal for anyone to import a mobile phone from outside for personal use, then you are already fucked, properly fucked, full stop.
      Think '60-'70-ies and the control over personal typewriters in Soviet bloc countries [wikipedia.org].

      I've stopped buying carrier phones. I just get the international model I'm not under the delusion that it protects me,

      Good [soylentnews.org]. And I see you went a step further [soylentnews.org], congrats.

      The next step, get an international OS mobile phone and recompile everything using a cross-compiler you got with by Diverse Double Compiling [dwheeler.com].
      Or don't use smart-phones.
      Neither perfect anyway

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford