The Washington Post reports that Adm. Michael S. Rogers is continuing to advocate for weakened encryption as the White House explores a number of possible schemes, as illustrated by this infographic.
For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?
Recently, the head of the National Security Agency provided a rare hint of what some U.S. officials think might be a technical solution. Why not, suggested Adm. Michael S. Rogers, require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it?
"I don't want a back door," Rogers, the director of the nation's top electronic spy agency, said during a speech at Princeton University, using a tech industry term for covert measures to bypass device security. "I want a front door. And I want the front door to have multiple locks. Big locks."
[...] The split-key approach is just one of the options being studied by the White House as senior policy officials weigh the needs of companies and consumers as well as law enforcement — and try to determine how imminent the latter's problem is. With input from the FBI, intelligence community and the departments of Justice, State, Commerce and Homeland Security, they are assessing regulatory and legislative approaches, among others.
The White House is also considering options that avoid having the company or a third party hold a key. One possibility, for example, might have a judge direct a company to set up a mirror account so that law enforcement conducting a criminal investigation is able to read text messages shortly after they have been sent. For encrypted photos, the judge might order the company to back up the suspect's data to a company server when the phone is on and the data is unencrypted. Technologists say there are still issues with these approaches, and companies probably would resist them.
Google, Apple, and others have been pretty badly burned by the NSA's crimes, so it's probably safe to say Mike Rogers should file that idea under Norfolk & Way.
(Score: 4, Insightful) by cwadge on Monday April 13 2015, @10:28PM
So wait, what if—now stay with me here—the NSA's interests are actually completely divergent from our own? What if they are out to spy for the benefit of American corporations [firstlook.org], Chinese government style [nydailynews.com]? ...Nah.
(Score: 2, Insightful) by Anonymous Coward on Monday April 13 2015, @10:38PM
I can see why since the NSA's been so effective...at stopping terrorism. Oh, wait. So the opposite of that is true then. Hmm.
And if they were effective? Would you support the unconstitutional mass surveillance then?
(Score: 5, Insightful) by cwadge on Monday April 13 2015, @10:53PM
And if they were effective? Would you support the unconstitutional mass surveillance then?
Nope, I certainly wouldn't. But I'm not above preemptively decimating an argument before it can even be leveled.
(Score: 4, Insightful) by TheRaven on Tuesday April 14 2015, @09:34AM
sudo mod me up
(Score: 0) by Anonymous Coward on Tuesday April 14 2015, @02:57PM
If they were effective, then I'd be willing to debate whether the benefits outweighed the costs.
Which should immediately be answered with "No!" because anything unconstitutional must be scrapped, and "the land of the free and the home of the brave" violating people's fundamental liberties for safety is simply intolerable and pathetic.
(Score: 0) by Anonymous Coward on Tuesday April 14 2015, @03:04PM
"The Land of the Free" ... LOL!
(Score: 4, Interesting) by MichaelDavidCrawford on Monday April 13 2015, @10:34PM
is those who work for legitimate political change. I have vivid memories of the watergate era, as well as some of the Vietnam War protests.
Also those who work for human rights.
Let's just for the sake of argument allow for the US to presently be in reality a democracy. Suppose it later becomes a police state, but the NSA has all our keys? How are we the people to restore the Constitution?
Yes I Have No Bananas. [gofundme.com]
(Score: 5, Insightful) by Mr Big in the Pants on Monday April 13 2015, @10:47PM
This is an unenforceable law outside of mainstream services. So all "you the people" (whatever the fuck that ever meant) have to do is use something not officially sanctioned by the government spooks like Tor et al.
It has not worked in China where they have even more control and no constitution and it wont work in the US.
Personally I see this as a GOOD THING. The more they act like abusive authoritarian dictators they are, the more it will give incentive to "you the people" to wake up and take this shit seriously.
I see this as *far better* than the last few decades where they have just done all this and nobody has known or cared and their respective countries have just continued spiralling towards police and/or surveillance states without mainstream commentary.
And this is not just a US thing.
China/Russia/North Korea/Saudi etc have always been this fucked up and are just upgrading their tech as it becomes available.
Australia, USA and the UK are examples I am aware of that have also been making MASSIVE leaps towards this goal in the last decade and it has been accelerating rapidly. There are many others.
But the problem is NOT with them. It is with "we the people" constantly voting in sociopaths to run our countries as if there are no alternatives in the millions of citizens out there.
(Score: 4, Interesting) by JNCF on Monday April 13 2015, @11:14PM
This is an unenforceable law outside of mainstream services. So all "you the people" (whatever the fuck that ever meant) have to do is use something not officially sanctioned by the government spooks like Tor et al.
I wouldn't say "unenforceable." We're talking about OpenBSD becoming contraband in the US (US citizens are already legally barred from contributing to the project's encryption due to export laws). They might not be able to stop everything, but if they catch you with encrypted data that they don't have a key to they might throw you in a concrete box with rapists. That would certainly have a chilling effect, the way it does with the War on Drugs. This is perhaps the most terrifying law I've seen discussed by the federal government in my lifetime. The War on Code, already well under-way in China Germany, now marches towards America.
We should amend the Constitution to make it clear that the First Amendment applies to any collection of 1s and 0s, intelligible or not.
(Score: 2) by frojack on Monday April 13 2015, @11:51PM
(US citizens are already legally barred from contributing to the project's encryption due to export laws)
Citation needed. As far as I can determine all such restrictions ended in 2000.
Not saying OpenBSD might be wise to be very selective about accepting US contributors,
No, you are mistaken. I've always had this sig.
(Score: 2) by kaszz on Tuesday April 14 2015, @12:06AM
In what way would US contributors be worse than anyone else?
(Score: 3, Insightful) by c0lo on Tuesday April 14 2015, @12:27AM
Influence and jurisdiction of FBI [cnet.com] and NSA [cryptome.org], I guess. Sorry, folks, not your (direct?) fault.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by Mr Big in the Pants on Tuesday April 14 2015, @01:05AM
As in spying on their source code?
It is open, how is that relevant?
As in arresting the coders contributing? Apart from the terrible PR OS projects are VERY tolerant of this and continue regardless. In fact you will probably be overwhelmed with non-US recruits wanting to sign up to help out.
You have too much faith in your authoritarian masters, my friend. The more they tighten their grip, the more it will slip through their fingers.
(Score: 3, Informative) by c0lo on Tuesday April 14 2015, @01:13AM
As in weakening their code in non-obvious ways.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by c0lo on Tuesday April 14 2015, @01:43AM
While the matter with slipping is true, what the quoted aphorism won't tell you is the state of those slipping through the fingers; most of them will be in the form of a bloody pulp.
If you like it better (may be so, if I'm correctly interpreting your "I see this as a GOOD THING"), good luck when your turn comes.
(BTW: I have no masters... yet; certainly, if it can be helped, I don't intend to get some)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by Mr Big in the Pants on Tuesday April 14 2015, @06:41AM
Feel free to be happy and comforted by a ever worsening status quo.
It sounds like you are reasoning based on fear more than anything else. Not point arguing with that.
(Score: 0) by Anonymous Coward on Tuesday April 14 2015, @11:10AM
And you sound like the glorious leader who's morals reduce to "If you want to make an omelet, you gotta break some eggs" - with the unspoken "as long as they are not mine".
(Score: 3, Funny) by TheRaven on Tuesday April 14 2015, @09:37AM
It is open, how is that relevant?
If you have a mechanism that allows malicious and non-malicious code to be trivially distinguished, then I know some VCs that would be very interested in throwing money at you (just to give you something to do for the couple of years before you claim your Turing Award).
sudo mod me up
(Score: 2) by kaszz on Tuesday April 14 2015, @01:07AM
That's not so much a legal liability as the ability to do the "$1 wrench breach".
(Score: 2) by c0lo on Tuesday April 14 2015, @01:34AM
The "$1 wrench breach" is included in the "influence" part.
The jurisdiction is not related with the legal liability of the "breached contributor", but with the possibility of acronym agencies to gag them afterwards. Those NSL [wikipedia.org]s? They are an as nasty tool as the $1 wrench.
...
(BTW: last time I checked, that wrench used to be 5 times [xkcd.com] more expensive.
Is the price drop a sign that the NSA's wrench volume purchases started to play significantly in US economy?)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by kaszz on Tuesday April 14 2015, @11:55AM
How would these organizations get to an individual using NSL etc if the person are physically outside of the jurisdiction?
Yeah, perhaps some organizations have a volume discount .... ;-)
(the price is 12$ with free shipping I saw now)
(Score: 3, Informative) by frojack on Tuesday April 14 2015, @12:55AM
http://www.pcworld.com/article/2454380/overreliance-on-the-nsa-led-to-weak-crypto-standard-nist-advisers-find.html [pcworld.com]
No, you are mistaken. I've always had this sig.
(Score: 3, Informative) by anubi on Tuesday April 14 2015, @11:01AM
They already have it.
Its been in every Windows distribution since WIN95OSR2. [google.com]
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Informative) by JNCF on Tuesday April 14 2015, @01:26AM
Citation needed.
Wikipedia's summary of current encryption export laws in the US [wikipedia.org] (I just fixed a broken citation link to a government document with relevant information, so please don't tell me that Wikipedia isn't a good enough source).
There are still restrictions on what cryptography you can export from the US. Not as many as there used to be, but still some on the books. I don't know enough about OpenBSD's encryption tools to say that they definitely include software that is still illegal to export from the US, but given that there is encryption software that is still illegal to export from the US, and that OpenBSD won't allow US programmers to contribute to their cryptography, I don't see what other conclusion can be drawn. Your suggestion that they are scared of three-letter-agencies doesn't make sense to me; three-letter-agencies obviously have agents living in foreign countries, and cryptography isn't the only part of the system vulnerable to back-doors.
(Score: 2) by frojack on Tuesday April 14 2015, @04:21AM
Nope. Only military encryption, and only embedded in devices. Opensource is not restricted.
Source code, they just want to see it, probably to make sure its not theirs. And even that is not for approval, they just want a heads up.
I went looking for the BIS page that addresses the specifics and its a 404. They pulled the page, because its not illegal.
And OpenBSD is not illegal to export from the US. In fact Canadian export regs are vertically identical to US export when it comes to Encryption.
One subsidy of Intel was fined, but not for selling Openbsd, but rather selling embedded OpenBSD in security products to banned countries:
In April 2012, Wind River Systems voluntarily disclosed to BIS that between 2008 and 2011 the company made 55 exports of operating software valued at $2.9 million to governments and various end users in China, Hong Kong, Russia, Israel, South Africa, and South Korea. The operating software is controlled under Export Administration Regulations for national security reasons, and some of the export recipients in China are on the BIS Entity List.
http://www.theregister.co.uk/2014/10/17/intel_subsidiary_crypto_export_fine/ [theregister.co.uk]
So again, overhyping of events.
No, you are mistaken. I've always had this sig.
(Score: 2) by JNCF on Wednesday April 15 2015, @03:05PM
My previous link indicates that there are still mass market applications that are restricted, not just military, and your link actually seems to support this. Note that not all of the recipients were governments. It seems like they were selling devices for general security purposes and got fined $750,000 for exporting to the wrong countries (none of which have general sanctions against them). The BIS wanted them to apply for a license, not simply give them a notification. Do you see how this could deter OpenBSD from accepting cryptography-related-code from the US? It's possible that it wouldn't even be strictly illegal, but that OpenBSD is trying to make sure that they stay away from complicated US regulations that could potentially make them in violation of US law. I still think a legal explanation for OpenBSD's refusal to accept US cryptography makes the most sense, but if you have some reason to think they have an unrelated motive I'm all ears. I can't find an official OpenBSD site that directly claims the ban on American cryptographers is due to legality, but this newsletter [cuug.ab.ca] from the Calgary Unix Users Group seems to indicate that this is the case:
-One of the major reasons that OpenBSD is able to be more secure is that it can use cryptography freely. The project is hosted in Canada by Theo, so it is permitted to export free, non-United-States cryptography software to the world at large. Some of the software includes KERBEROS IV, and IPSEC, all written by 12 non-American programmers from around the world. (At one point, Theo started counting off some of the team: "Four Canadians, 6 Swedes, 3 Germans, 2 Argentineans, and a Greek..." Me, I seem to recall a Milton Berle joke that starts where these people all walk into a bar.)
But that was from 1998. Perhaps OpenBSD is working off of an understanding of outdated American laws? The OpenBSD page on cryptography links to a summary of Canadian cryptographic export laws that includes a section [www.efc.ca] on exporting cryptography of American origin, but it seems potentially outdated as well. It's possible that the specifics are outdated, but the general case of cryptography coming from the US having extra strings attached is not.
Again, if you have good reason to believe that OpenBSD's refusal to accept American cryptography is not related to American export laws I'd love to see it.
(Score: 0) by Anonymous Coward on Tuesday April 14 2015, @03:29AM
It did. I looked this up in 2010 when someone I worked with insisted on stripping all the crypto code out of a hosted repository based on this misunderstanding. I couldn't convince him this was stupid, and he's still doing it as far as I know.
You are maybe supposed to notify the BIS although I've never heard of anyone getting in trouble for not doing this: https://www.bis.doc.gov/index.php/policy-guidance/encryption/registration [doc.gov]
(Score: 2) by gnuman on Tuesday April 14 2015, @10:41PM
Citation needed. As far as I can determine all such restrictions ended in 2000.
If you write crypto code, even if open source, you have to register it with US government.
http://www.cryptolaw.org/cls2.htm [cryptolaw.org]
On 7 January 2011, a minor amendment was made to the EAR (Federal Register Vol. 76, No. 5, p. 1059). Publicly available mass-market encryption object code software (with symmetric key length exceeding 64 bits), and publicly available encryption object code of which the corresponding source code falls under License Exception TSU (i.e., when the source code is publicly available), are no longer subject to the EAR. The amendment includes some minor specific revisions.
Export case law
In August 2001, two men were arrested and accused of attempting to illegally export encryption devices to China (news report).
In February 2002, the Commerce Department fined a San Diego firm $95,000 for illegally exporting 128-bit encryption software to South Korea (news report).
http://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States#Current_status [wikipedia.org]
Some restrictions still exist, even for mass market products, particularly with regard to export to "rogue states" and terrorist organizations. Militarized encryption equipment, TEMPEST-approved electronics, custom cryptographic software, and even cryptographic consulting services still require an export license[9](pp. 6–7). Furthermore, encryption registration with the BIS is required for the export of "mass market encryption commodities, software and components with encryption exceeding 64 bits" (75 FR 36494). In addition, other items require a one-time review by or notification to BIS prior to export to most countries.[9] For instance, the BIS must be notified before open-source cryptographic software is made publicly available on the Internet, though no review is required.[10] Export regulations have been relaxed from pre-1996 standards, but are still complex.[9] Other countries, notably those participating in the Wassenaar Arrangement,[11] have similar restrictions.[12
(Score: 2) by kaszz on Monday April 13 2015, @11:53PM
This war on code what is the outline of that? And is Germany really that bad?
What hinders any US resident from contributing to that project as long as they don't store anything locally?
(Score: 2) by JNCF on Tuesday April 14 2015, @12:34AM
This war on code what is the outline of that? And is Germany really that bad?
Germany has outlawed "hacker tools," which are defined vaguely. At least one security researcher has already had his door kicked down by law enforcement.
What hinders any US resident from contributing to that project as long as they don't store anything locally?
Export laws, [wikipedia.org] as previously stated.
(Score: 2) by frojack on Tuesday April 14 2015, @01:00AM
You should maybe read your own links.
For instance, the BIS must be notified before open-source cryptographic software is made publicly available on the Internet, though no review is required. They don't have to even approve it, but they still want an heads up. However a "contributor" to OpenBSD wouldn't even be the one making it publicly available. OpenBSD would be.
No, you are mistaken. I've always had this sig.
(Score: 3, Informative) by JNCF on Tuesday April 14 2015, @01:57AM
For some things you only need to notify them (which seems like a pretty complicated process), but that isn't the case with everything. From the Wikipedia page we're discussing:
Some restrictions still exist, even for mass market products, particularly with regard to export to "rogue states" and terrorist organizations. Militarized encryption equipment, TEMPEST-approved electronics, custom cryptographic software, and even cryptographic consulting services still require an export license[9](pp. 6–7). Furthermore, encryption registration with the BIS is required for the export of "mass market encryption commodities, software and components with encryption exceeding 64 bits" (75 FR 36494).
Check out this document, [doc.gov] which is the Wiki citation ([9]) I mentioned in response to your other post. An excerpt:
License Requirement Note:
When a person performs or provides technical assistance that incorporates, or otherwise draws upon, “technology” that was either obtained in the United States or is of US-origin, then a release of the “technology” takes place. Such technical Commerce Control List assistance, when rendered with the intent to aid in the “development” or “production” of encryption commodities or software that would be controlled for “EI” reasons under ECCN 5A002 or 5D002, may require authorization under the EAR even if the underlying encryption algorithm to be implemented is from the public domain or is not of U.S. origin.
Once again, I don't actually know enough about OpenBSD's encryption tools to say with 100% certainty that they fall under the umbrella of encryption software that is still illegal to export from the US, but there definitely is such software. If you continue to deny that my links contain say what they say I'm simply not going to reply to you anymore. You're allowed your own opinions, but not your own facts.
(Score: 2) by kaszz on Tuesday April 14 2015, @01:10AM
Is there any other countries that has outlawed "hacker tools" ?
Oh and those export laws seems quite ridiculous. But the pain they result in is still real.
(Score: 0) by Anonymous Coward on Tuesday April 14 2015, @01:11AM
"Germany has outlawed "hacker tools," which are defined vaguely. At least one security researcher has already had his door kicked down by law enforcement."
Why didn't he shoot them when they kicked in his door and burn any survivors alive while filming it?
(Score: 2) by Mr Big in the Pants on Tuesday April 14 2015, @12:57AM
Well I beg to differ.
The US is NOT the be all and end all of all things computing. And the world is much larger place with its own data centers don't ya know.
Oh, let me guess, next you will be telling me the US will create a "great firewall" to stop it all? I refer you to my original post...
And Europe is looking like the last (super power) hope for civilization - or at least a civilization worthy of the term. (no, I don't live there...)
I would be all for such projects being exported to better countries. Or even being, say, open sourced...as in the source of their effort can come from anywhere...oh wait...they are already like that.
(Score: 4, Insightful) by c0lo on Monday April 13 2015, @11:26PM
Incorrigible optimist, aren't you?
Do you think dictatorships and other oppressive regimes were "spontaneously generated" or "given by an act of God"?
They took hold gradually, with a revolution (act of force under whatever name) towards at the end of it: the people weren't watching, didn't understand or they were powerless to do something even when they were watching/understanding.
My point? Watch out what you wish for, there's always possible for the things to go worse. There is a point of no return, after which the populace can do and will do nothing to stop an oppressive regime taking hold.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Insightful) by kaszz on Monday April 13 2015, @11:59PM
Complacent people is the problem.
(Score: 2) by c0lo on Tuesday April 14 2015, @12:13AM
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1, Offtopic) by Mr Big in the Pants on Tuesday April 14 2015, @01:01AM
False opinions are like false money, struck first of all by guilty men and thereafter circulated by honest people who perpetuate the crime without knowing what they are doing
Joseph-Marie, Les soirées de Saint-Pétersbourg, Ch. I
Also just as relevant and part of the problem? :)
(Score: 0) by Anonymous Coward on Tuesday April 14 2015, @01:16AM
You wish.
(Score: 0, Insightful) by Anonymous Coward on Tuesday April 14 2015, @05:02AM
The problem, like always, is racism. Racism is what created the drug laws, which have single-handedly shredded the constitution and eroded the US into a police state. Racism also has half of congress committing treason and sedition solely because the president isn't a WASP. [wikipedia.org] Racism is why at least half of the country is all for oppressive, unjust laws, because they're currently only being used exclusively on non-whites or other demonized people like drug users.
(Score: 2) by Mr Big in the Pants on Tuesday April 14 2015, @12:52AM
You could not be more wrong about my opinions or history.
I am a realist, not an optimist. An optimist or pessimist skews reality to align to their beliefs. While nobody can avoid a good skewing (haw haw) some of us at least try to avoid it as much as we are able. The worst trait of most optimists is how PROUD they are of it.
Many of the major dictators (including the worst) became thus through "popular" appointment and had mass appeal - at least were it counted. (or at least by using popular sentiment) It was not till AFTER the big "evil reveal" that they were "hated".
Like George Bush 2 for example. Won by popular vote, worst approval rating by the end.
(Score: 0) by Anonymous Coward on Tuesday April 14 2015, @01:09AM
Intel Active Management Technology (also called VT and vpro) says otherwise.
VNC server on chip.
Don't know what the AMD and ARM versions are called.
(Score: 2) by K_benzoate on Tuesday April 14 2015, @03:18AM
But the problem is NOT with them. It is with "we the people" constantly voting in sociopaths to run our countries as if there are no alternatives in the millions of citizens out there.
Here's why those millions of good people are unelectable. [youtube.com] Now add the NSA on top of that, actively trying to dig up dirt on any would-be reformers.
Climate change is real and primarily caused by human activity.
(Score: 3, Insightful) by Mr Big in the Pants on Tuesday April 14 2015, @06:44AM
You are now forming a circular argument of sorts.
I am saying the current selection process is deeply flawed and needs to change by voters changing how and why they vote.
You are saying they are unelectable due to the current way people vote.
This is all nonesense. I don't pretend to have a *workable* solution, but the solution is not that hard - people stop acting like cattle.
(Score: 2) by K_benzoate on Tuesday April 14 2015, @07:13PM
So any possible solution would require Americans, in large numbers, to stop being petty, puerile, puritanical, spiteful, gossipy, moralizing, busybodies? I don't think that'll work. You don't get cattle to improve their situation by forcing them to become something else, you figure out how to heard them away from danger.
Climate change is real and primarily caused by human activity.
(Score: 4, Insightful) by Phoenix666 on Tuesday April 14 2015, @01:06AM
Short answer: With guns. That is why we have them. Longer answer: With guns, with our wits, and with our courage. That is why we have them.
Washington DC delenda est.
(Score: 2) by kaszz on Tuesday April 14 2015, @01:19AM
What's the point of guns if someone has a list where they live and is capable to act on it? Besides it's not like in the old days. So a determined state can still keep power regardless.
(Score: 0) by Anonymous Coward on Tuesday April 14 2015, @07:43AM
That's cute... Even with your AR-15, I'd like to see you take on the military (or even the police given that they bought/received so much military stuff). Your guns are a peace offering to leave you in the illusion that 'your militia' can take back your nation!
(Score: 0) by Anonymous Coward on Wednesday April 15 2015, @07:18AM
(Score: 5, Insightful) by stormwyrm on Tuesday April 14 2015, @01:28AM
One word: COINTELPRO [wikipedia.org]. What they are doing today makes what they did to Martin Luther King back in the sixties look like a Sunday school picnic.
Sound like the present? Well, that's a quote from the Church Committee report from 1975. Senator Frank Church who chaired that committee had this to say way back then:
That was nearly 40 years ago. It seems that today the good Senator's fears have been fully realised.
Numquam ponenda est pluralitas sine necessitate.
(Score: 2, Insightful) by Anonymous Coward on Monday April 13 2015, @10:45PM
Force companies to implement broken encryption so we can violate everyone's privacy. That's the free market for you, and just what you'd expect from "the land of the free and the home of the brave." Privacy is for terrorists, and obviously free & brave people would sacrifice their freedoms for security.
(Score: 2) by c0lo on Monday April 13 2015, @11:27PM
More like "Land of the home (bubble), free of the brave".
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by Hartree on Tuesday April 14 2015, @03:45AM
"That's the free market for you"
Uh, I think that's nearly a specimen case of government intervention preempting the free market. Due to regulation no one would be able to offer non-broken encryption at any price. How is that laissez-faire in any sense of the word?
(Score: 0) by Anonymous Coward on Tuesday April 14 2015, @05:09AM
This is only happening after the government in its entirety has been bought. The government, now solely owned by private interests seeking to ensure future profits, ensures their continued monopoly by repealing anti-corruption/anti-cronyism regulations, keeping the bar of entry insanely high, and otherwise ensuring their product is effectively the only choice. So yes, that's the free market for you.
Crony Capitalism is the natural and only state of capitalism in the real world.
(Score: 2) by Hartree on Tuesday April 14 2015, @02:45PM
You keep using that phrase "free market". I do not think it means what you think it means. ;)
I thought you were trying for actual meaning, and not just using it as a label for something you dislike. It's a bit like a right winger calling Nature Conservancy's strategy of buying up land to keep it from being developed by using their right of ownership "communist". In both cases the word has been redefined to just be a label for something and no longer has the original meaning.
(Score: 0) by Anonymous Coward on Tuesday April 14 2015, @03:02PM
Dude, my comment was sarcastic. I just find it funny when Small Government conservatives reveal they're liars when it comes to supporting the free market by supporting nonsense like this. Hypocritical democrats who pretend to care about the constitution are hypocrites in other ways.
(Score: 0) by Anonymous Coward on Monday April 13 2015, @10:47PM
Why not never buy another device until all the current tech companies go tits up and are replaced with vendors who won't spy on their customers and will have the balls to tell the government to fuck off?
That's my plan. You're invited to join me.
(Score: 2) by pnkwarhall on Monday April 13 2015, @11:22PM
It's a "tech hunger strike".
Lift Yr Skinny Fists Like Antennas to Heaven
(Score: 2) by c0lo on Monday April 13 2015, @11:37PM
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by kaszz on Monday April 13 2015, @11:56PM
Think they aren't compromised by someone else instead?
(Score: 2) by c0lo on Tuesday April 14 2015, @12:08AM
(fear and take countermeasures for the immediate dangers, survive them and then deal with more remote ones later. Because if you wait for perfection, you may be "dead in the water" long before you obtain it).
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Insightful) by kaszz on Tuesday April 14 2015, @12:43AM
The problem is that these kind of devices is that they are wrongly designed from start. They are designed to keep the owner from controlling his own property. And designed in a way that makes remote compromise possible when it doesn't have to be so.
(Score: 5, Interesting) by frojack on Tuesday April 14 2015, @12:29AM
Think they aren't compromised by someone else instead?
Sure they are. But those guys don't have subpoena power here.
I use a Yandex email account. Not because I believe Russia is above reading every (boring) email I receive. I fully expect they do.
Just that they have no interest in me, and are unlikely to honor any subpoena from anywhere where I live.
No, you are mistaken. I've always had this sig.
(Score: 2) by snick on Tuesday April 14 2015, @01:21AM
Sure. But if the NSA offers them $0.05, they will roll on you in a heartbeat. Cheaper/easier than getting a subpoena.
(Score: 2) by linuxrocks123 on Tuesday April 14 2015, @03:37AM
You should just run your own email server instead.
If you run into trouble, I've heard a nice lady with the email address hdr22@clintonemail.com got a home email setup working really well a few years ago. She should be able to assist you.
(Score: 2) by frojack on Tuesday April 14 2015, @12:25AM
But if governments are leaning on those companies I don't see how being small or overseas helps them.
They either play along or get an import ban.
Sure they can claim Open Source (for most things anyway) but that doesn't help unless you (or someone) inspects every line of code, and builds their own version of the OS. Who is to say the installed version matches the code. Who's to say the next update pushed is really for "bug fixes".
I've stopped buying carrier phones. I just get the international model I'm not under the delusion that it protects me, its just one less person that got to say what when into my phone.
No, you are mistaken. I've always had this sig.
(Score: 2) by c0lo on Tuesday April 14 2015, @12:41AM
If you got to the point of being illegal for anyone to import a mobile phone from outside for personal use, then you are already fucked, properly fucked, full stop.
Think '60-'70-ies and the control over personal typewriters in Soviet bloc countries [wikipedia.org].
Good [soylentnews.org]. And I see you went a step further [soylentnews.org], congrats.
The next step, get an international OS mobile phone and recompile everything using a cross-compiler you got with by Diverse Double Compiling [dwheeler.com].
Or don't use smart-phones.
Neither perfect anyway
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by rev_irreverence on Monday April 13 2015, @10:59PM
Would buying a phone overseas and importing it to the U.S. then become illegal? I foresee a thriving black market in foreign branded phones.
(Score: 2) by Nerdfest on Monday April 13 2015, @11:00PM
If I ran these companies I would start moving large portions of my business to free countries (although the number of them seem to be dropping every day). Tech service companies are one of the few things the US still does to any great degree and the loss of the majority of Google and a few other would hurt a lot. Sadly, of the big ones, I think Google is the only one that could really do it easily. Microsoft bends over at a whim for the NSA so it can keep getting lucrative government contracts for shitty software, and I really can't see Apple making a stand like that.
I'm actually a little surprised Google didn't start doing it when the NSA was tapping their inter-data center connections. I'd treat that as an act very hostile to my business.
(Score: 0) by Anonymous Coward on Tuesday April 14 2015, @02:07PM
i'm guessing that whole story, complete with legitimately pissed off google engineers was just a smoke screen for the fact that google was a cooperating member of prism. keep in mind the whole time google is "fighting the evil NSA" they are strong arming the whole web into allowing tlsv1.0 by way of googlebot's lack of support for tlsv1.2. remember the nsa slides released somewhat recently containing vague statements about ssl being exploitable? maybe that's just the broken CA system but tlsv1.2 has been avail for many years but if you want your site to be indexed by google you better keep tlsv1 allowed for the NSA to exploit...
why thousands of webmasters aren't demanding action from google on tlsv1.2 support for googlebot is beyond me.
(Score: 2) by gman003 on Monday April 13 2015, @11:14PM
So instead of just forcing companies to put in a backdoor, they force companies to put in a split-key "front door", then force them to release their half of the key.
This doesn't change anything, it just dresses it up in the guise of patriotism and adds an extra step.
(Score: 2) by c0lo on Monday April 13 2015, @11:31PM
FTFY
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Insightful) by kaszz on Tuesday April 14 2015, @12:03AM
These keys are supposedly being stored secure and not being abused. And you will have no recourse to ensure they actually obey the rules so it all boils down to "Trust us" which is ludicrous to do.
(Score: 3, Insightful) by frojack on Tuesday April 14 2015, @12:37AM
Exactly.
Who would store them, and would they be device ID unique, or unique to a particular model? (my bet is the latter: Crack it once and done).
How long (realistically) till the whole key fell into the hands of the NSA.? One week? Two weeks?
Microsoft has had an NSA key in windows for years that they refuse to talk about. (Labeled it as such in the source that somehow got stolen).
No, you are mistaken. I've always had this sig.
(Score: 3, Insightful) by frojack on Tuesday April 14 2015, @12:54AM
Come to think of it, given how successful the MPAA was at keeping DVD and Bluetooth keys secret, I suspect ALL the keys would be in everyone's sig lines in no time at all.
No, you are mistaken. I've always had this sig.
(Score: 5, Insightful) by gallondr00nk on Tuesday April 14 2015, @12:18AM
But if it wasn't for Snowden, all their present and past transgressions would still be completely secret. This isn't a formerly shady agency turning over a new leaf and embracing transparency, it's a still shady agency being thrust forcefully into the limelight.
What possible guarantee is there that any new powers won't be secretly abused? The last ones sure as hell were. It's impossible to have a functional democratic process when pledges are so routinely broken and lawful protections are circumvented or ignored. What use is there engaging at all? Is there any point even discussing it, since it seems so certain that the outcome will be entirely different to the proposal?
This is the sort of shit that completely breaks representative democracy. All we can hope for is voting between a couple of barely distinguishable asshats every few years.
The best defense seems to still be that for all their funding and secrecy and invasive intent, intelligence agencies are still completely inept. I still feel that the a segment of the tech community (incited by The Intercept etc.) , have completely overstated just how capable these three letter agencies are. Remember that they couldn't stop a third party contractor from escaping with all these reams of documents in the first place.
(Score: 0) by Anonymous Coward on Tuesday April 14 2015, @05:18AM
That would be a problem if it weren't already broken. A government available for purchase is not a democracy and never can be. Even if all the other problems like this get fixed, it still won't change the fact that money is the only speech that your representatives will listen to.
(Score: 0) by Anonymous Coward on Tuesday April 14 2015, @01:06AM
violently
(Score: 4, Interesting) by Hartree on Tuesday April 14 2015, @03:40AM
Didn't we fight against this key escrow idea back in the Clinton administration with the Clipper Chip and Skipjack?
These things rise like zombies from the grave and stink just as bad as then.
(Score: 3, Interesting) by mendax on Tuesday April 14 2015, @04:13AM
Yep, that's just what I was thinking. Key escrow is an idea that is Dead on Arrival. Even if the key is split into several parts, it's still key escrow. Besides, as someone once told me years ago, "Locks only keep honest people out." In other words, the bad guys can pick the locks. And if you have an unpickable lock and you want security, for heaven's sake don't share the key with anyone!
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 3, Insightful) by darkfeline on Tuesday April 14 2015, @07:35AM
So what happens when the key is leaked or cracked? Suddenly every single device is free lunch for any and every malicious entity. I'm even giving the NSA/government the benefit of the doubt and assuming that they are pure-hearted angels, and it's still a royally retarded idea. Even the door analogy is stupid, a robber or thief would just kick down the door.
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Tuesday April 14 2015, @06:29PM
I am well aware that it is very taboo to mention this, but the phrase "NSA crimes" should be scrubbed from the tabloid summary unless one can elucidate what these crimes are. I do want to point out proactively that copy-and-pasting the 4th Amendment scores you negative points unless you can explain it within the context of judicial decisions over the last 50 years (in other words, demonstrating your lack of understanding of the law does not make something is illegal).
(Score: 3, Insightful) by Anal Pumpernickel on Wednesday April 15 2015, @12:19AM
Judges can't change the constitution, and their interpretations are often wrong. I know it's popular to believe that courts are always right, but that sort of thinking is paradoxical (How could courts overrule past court decisions, then? Did reality magically change in that amount of time?) and indicates that one cannot distinguish reality from legal fictions. When the courts mess it up, as they often do, it's up to The People to somehow fix the situation.
Anyone who bothers to read the fourth amendment and understand its spirit will see that the NSA's mass surveillance is unconstitutional. Authoritarians find this inconvenient, however, so they ignore it.
(Score: 1) by Fauxlosopher on Wednesday April 15 2015, @12:52AM
Funny, your viewpoint on this matter seems to use the exact logic as mine, but our views are opposed. Perhaps the difference is that I am aware that people acting under authority of government yet without the provision of delegated authority of the governed via law are literal criminals?
Governments' Authority [soylentnews.org]
Authority's Limits [soylentnews.org]
If action is taken without delegated authority, then government agents' mere actions are outside the law, aka criminal.