SoylentNews is people
SoylentNews
The Washington Post reports that Adm. Michael S. Rogers is continuing to advocate for weakened encryption as the White House explores a number of possible schemes, as illustrated by this infographic.
For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?
Recently, the head of the National Security Agency provided a rare hint of what some U.S. officials think might be a technical solution. Why not, suggested Adm. Michael S. Rogers, require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it?
"I don't want a back door," Rogers, the director of the nation's top electronic spy agency, said during a speech at Princeton University, using a tech industry term for covert measures to bypass device security. "I want a front door. And I want the front door to have multiple locks. Big locks."
[...] The split-key approach is just one of the options being studied by the White House as senior policy officials weigh the needs of companies and consumers as well as law enforcement — and try to determine how imminent the latter's problem is. With input from the FBI, intelligence community and the departments of Justice, State, Commerce and Homeland Security, they are assessing regulatory and legislative approaches, among others.
The White House is also considering options that avoid having the company or a third party hold a key. One possibility, for example, might have a judge direct a company to set up a mirror account so that law enforcement conducting a criminal investigation is able to read text messages shortly after they have been sent. For encrypted photos, the judge might order the company to back up the suspect's data to a company server when the phone is on and the data is unencrypted. Technologists say there are still issues with these approaches, and companies probably would resist them.
Google, Apple, and others have been pretty badly burned by the NSA's crimes, so it's probably safe to say Mike Rogers should file that idea under Norfolk & Way.
(Score: 2) by JNCF on Tuesday April 14 2015, @12:34AM
This war on code what is the outline of that? And is Germany really that bad?
Germany has outlawed "hacker tools," which are defined vaguely. At least one security researcher has already had his door kicked down by law enforcement.
What hinders any US resident from contributing to that project as long as they don't store anything locally?
Export laws, [wikipedia.org] as previously stated.
(Score: 2) by frojack on Tuesday April 14 2015, @01:00AM
You should maybe read your own links.
For instance, the BIS must be notified before open-source cryptographic software is made publicly available on the Internet, though no review is required. They don't have to even approve it, but they still want an heads up. However a "contributor" to OpenBSD wouldn't even be the one making it publicly available. OpenBSD would be.
No, you are mistaken. I've always had this sig.
(Score: 3, Informative) by JNCF on Tuesday April 14 2015, @01:57AM
For some things you only need to notify them (which seems like a pretty complicated process), but that isn't the case with everything. From the Wikipedia page we're discussing:
Some restrictions still exist, even for mass market products, particularly with regard to export to "rogue states" and terrorist organizations. Militarized encryption equipment, TEMPEST-approved electronics, custom cryptographic software, and even cryptographic consulting services still require an export license[9](pp. 6–7). Furthermore, encryption registration with the BIS is required for the export of "mass market encryption commodities, software and components with encryption exceeding 64 bits" (75 FR 36494).
Check out this document, [doc.gov] which is the Wiki citation ([9]) I mentioned in response to your other post. An excerpt:
License Requirement Note:
When a person performs or provides technical assistance that incorporates, or otherwise draws upon, “technology” that was either obtained in the United States or is of US-origin, then a release of the “technology” takes place. Such technical Commerce Control List assistance, when rendered with the intent to aid in the “development” or “production” of encryption commodities or software that would be controlled for “EI” reasons under ECCN 5A002 or 5D002, may require authorization under the EAR even if the underlying encryption algorithm to be implemented is from the public domain or is not of U.S. origin.
Once again, I don't actually know enough about OpenBSD's encryption tools to say with 100% certainty that they fall under the umbrella of encryption software that is still illegal to export from the US, but there definitely is such software. If you continue to deny that my links contain say what they say I'm simply not going to reply to you anymore. You're allowed your own opinions, but not your own facts.
(Score: 2) by kaszz on Tuesday April 14 2015, @01:10AM
Is there any other countries that has outlawed "hacker tools" ?
Oh and those export laws seems quite ridiculous. But the pain they result in is still real.
(Score: 0) by Anonymous Coward on Tuesday April 14 2015, @01:11AM
"Germany has outlawed "hacker tools," which are defined vaguely. At least one security researcher has already had his door kicked down by law enforcement."
Why didn't he shoot them when they kicked in his door and burn any survivors alive while filming it?