Submitted via IRC for chromas
A coalition of dozens of the largest tech companies in the world is adamantly opposing any form of an official "backdoor" into encrypted devices.
The Information Technology Industry Council is a group of more than 60 major tech companies and organizations, including Google, Apple, Microsoft, Intel and Facebook.
"We deeply appreciate law enforcement's and the national security community's work to protect us," the council said in a statement issued Thursday, "but weakening encryption or creating backdoors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy."
(Score: 0) by Anonymous Coward on Friday November 27 2015, @07:08AM
If you outlaw encryption backdoors, only outlaws will have encryption backdoors!
(Score: 2, Disagree) by frojack on Friday November 27 2015, @07:14AM
When push comes to shove, I bet they will all knuckle under and add back doors as soon as someone threatens them with an import ban.
Much as I agree with their assertions, I doubt their resolve. The press is still claiming encryption was used by the Paris terrorists, and nobody seems to call them out on this.
One more incident in the US, with an encrypted phone anywhere in the same city and Congress will fall all over themselves rushing to pass backdoor legislation.
No, you are mistaken. I've always had this sig.
(Score: 2) by frojack on Friday November 27 2015, @07:30AM
This article explains how this is all like to come about
http://www.latimes.com/opinion/op-ed/la-oe-1126-greenwald-snowden-paris-encryption-20151126-story.html [latimes.com]
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Friday November 27 2015, @08:15AM
Many of the comments in that article make me want to shoot myself in the head. Example:
Suppose for one minute that he is actually pro US security and this is all a ruse. Hypothesis and scenarios:
A. Create a big fuss about privacy. Snoden plays the part.
B. Public are enraged
C. Silicon Valley create encryption apps
D. Majority of people are innocent and have nothing to hide so will never bother using encryption.
E. No need for a Backdoor. Just monitor who downloads encryption apps.
F. Now you can get a list of all the bad guys in one place.
G. Send your guys to work at the encryption apps HQ.
H. Constant steam of Intel provided about the bad guys.
I. Drone the SOBs.
J. Public are none the wiser. Nations and innocents kept safe
How can people be this cowardly, ignorant, and unprincipled? Are they truly devoid of knowledge about history, why we have checks and balances in government, how power corrupts, and why we have a constitution in the first place? If only all of these people were government shills or trolls. If only.
(Score: 2) by Runaway1956 on Friday November 27 2015, @10:41AM
"How can people be this cowardly, ignorant, and unprincipled? "
Most people are lazy. Most people are conformists. Most people find thinking strenuous. Many people are just plain stupid. Almost all people are out for number one. And, most people just don't give the smallest damn for any other people with whom they might disagree. And, virtually all people believe that they are the good people that government is protecting.
To summarize, people are comfortable, and they don't want to look around to find any reason to be uncomfortable. They may live in a prison, but they are comfortable within their prison cells, and they don't want to rock the boat. You might want to watch The Matrix and Mr. Robot again. Or, you might do some research into human psychology. I sometimes wish that I had formal education in psychology - unfortunately, I can't refer you to any good texts to study.
If you don't understand how weak-minded the American people are, just look at how weak they are physically. Huge percentages of our population are obese, and of those who are not obese, many of the rest are incapable of lifting their own body weight. We choose to eat shit, and we choose to sit on our couches, feeding shit to our minds by way of the boob tube.
The sad thing is, the American people aren't unique in those traits. We may be the worst, but we aren't unique.
(Score: 0) by Anonymous Coward on Friday November 27 2015, @07:43AM
The press is still claiming encryption was used by the Paris terrorists, and nobody seems to call them out on this.
And even if they did, that would still be no justification to trample on the rights of ordinary citizens. This is disgusting on all fronts.
One more incident in the US, with an encrypted phone anywhere in the same city and Congress will fall all over themselves rushing to pass backdoor legislation.
That's really the problem with these fakers: They say they are pro-freedom when all is well, but then they completely discard their principles when something goes wrong.
(Score: 2) by K_benzoate on Friday November 27 2015, @08:10AM
You might be right, but it's not going to work. USG would be essentially telling the companies to make math stop working, or make certain equations stop being known. Too late. The theory, the math, the software already exists. It's never going away and it will always be available. Forever.
It won't stop any terrorists. All they will be able to accomplish is to keep US citizens from being able to legally protect their own communications from the government. Oh...that might be the point.
Climate change is real and primarily caused by human activity.
(Score: 2) by Runaway1956 on Friday November 27 2015, @10:58AM
I think that you are a little bit to optimistic.
First, witness the "dumbing down of America". We simply do not have the number of people in STEM fields of research that we should have. Everyone is getting "educated" but the education is in soft sciences, like psychology and psychiatry, economics, etc ad nauseum. That is, if they aren't opting for "liberal arts" = whatever the fuck that is. Basket weaving?
Second, witness the hiring of STEM educated people by the government and it's agencies. If you're a math whiz, NSA has a place for you.
It is pretty easy to extrapolate that the government, with it's vast resources, will (if it hasn't already) dwarf the capabilities of the civilian sector to create and to crack encryption.
I find fault with those who believe that there can ever be an "unbreakable" encryption scheme. State of the art may be state of the art today, but given virtually unlimited computing power, what will the state of the art be in ten years?
I've read a number of anecdotes about warehouses filled with hard drives, awaiting the day that the FBI might be able to restore and/or decrypt them. Those anecdotes may or may not be true - maybe 90% of them are pure bullshit. Maybe 90% of the remainder are partly true, and the rest bullshit. But, we all know that "law enforcement" is very very patient, and they hate to give up on a case. I'm certain that the FBI and other agencies are holding onto hard drives that they can't read, hoping that new technology will "solve" their cold cases.
That drive I encrypted in 1999? Can you decrypt it today? In some cases, yes you can. It all depends on which encryption scheme I used, now doesn't it? And, it depends on the resources you have to throw at it. That computer I was using in 1999 was a Super Socket 7, running at 350 mhz, running a 32 bit operating system, and using 1999 encryption.
The computer I'm running today has 12 cores (dual hex-core Opterons), running at 2 Ghz. My video card alone has far more computing power than that old Socket Seven had. I dare say that anything encrypted on that old AMD chip in 1999 could probably be decrypted today within weeks, if I were to make the attempt. It likely wouldn't take weeks, but I'm being generous.
With all of that in mind, where will the NSA be in another twenty years? Where will Joe Average Consumer be in twenty years? The future looks bleak, to me.
(Score: 4, Insightful) by nyder on Friday November 27 2015, @07:20AM
The problem is America has no long term goals. We have nothing we are really proud about, no big national thing we can get behind, and our politicians have sold us out to rich. We have a government that spends so much time fighting each other that they decided to spend 1.5 years on next years election. A government that can barely get it's shit together to do it's budget and has no problem holding the poor hostage because of it.
What we need to do is stop spending trillions of dollars in military and not only build up our nation (education needs some work), but maybe work on getting a man mission to Mars sometime in the future. Why not spend billions of those trillions helping third world countries join the rest of the world in comfort and modern plumbing.
Seriously, let's stop being dicks and start doing something useful with our nation.
(Score: 3, Insightful) by frojack on Friday November 27 2015, @07:41AM
What you see is a country pretty much in a permanent peace time mode of operation. Other than a brief few months right after 9/11, the country hasn't been mobilized on anything like a war-time basis since the Korean War.
You seem to be asking for a wsr time mobilization.
And quite frankly I'd rather not see that happen, and I suspect you would be the first one in line to bitch if a national goal was suddenly established and a concerted effort launched to achieve it. No matter what goal was chosen it would be the wrong goal, at the wrong time foisted on the wrong people.
No, you are mistaken. I've always had this sig.
(Score: 5, Insightful) by NotSanguine on Friday November 27 2015, @08:27AM
What you see is a country pretty much in a permanent peace time mode of operation. Other than a brief few months right after 9/11, the country hasn't been mobilized on anything like a war-time basis since the Korean War.
You seem to be asking for a wsr time mobilization.
I don't think that's what OP was suggesting. Rather, I think he/she would like to see two things:
1. Redirect some of the resources we're currently expending on enriching the Military/Intelligence/Industrial complex and "protecting" us with mass surveillance, a bloated military and the latest killing machines, and spend some of that money on creative activities, whether here, abroad, or in space.
2. Change the mission statement of Congress, Inc. from lining the pockets of their owners to serving the interests of the population they purport to represent.
Neither of those two things require any sort of "war time mobilization," unless that means arming and training folks to murder 535 folks who are engaged in undermining our nation.
And quite frankly I'd rather not see that happen, and I suspect you would be the first one in line to bitch if a national goal was suddenly established and a concerted effort launched to achieve it. No matter what goal was chosen it would be the wrong goal, at the wrong time foisted on the wrong people.
Given that our corporate masters have pitted us against each other pretty successfully, it does seem rather unlikely that we, as a country, can find enough agreement to set some achievable goals which might serve to bring us together in common cause. That's kind of sad, IMHO.
But just because it's unlikely, that doesn't mean it's impossible -- just that it's difficult. As a life-long optimist, I'd like to see something like that. I'd like to see that a lot.
In fact, I'd like to invoke the memory of one of the greatest of us [imdb.com] when I say:
More seriously, I think the point is that we're not just producing/consuming economic animals. We're humans. We thrive on challenge and the chance to be something more. Hiding behind our military and handing over our liberties in a futile effort to be safe is the coward's way. Creating a better world for *everyone* makes us all better and stronger. Sitting in your house and thinking, "fuck all the rest of you, I had to work hard for what I've got!" won't help you. It just creates a harsher world and empowers those who want to be the boot that would stomp on all of our faces, forever.
Feel free to disagree, but I really believe that we are stronger together. E Pluribus Unum used to mean something. I'd like it if it did again.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 3, Insightful) by takyon on Friday November 27 2015, @08:48AM
http://www.opensecrets.org/industries/ [opensecrets.org]
Mountaire Corp (involved with poultry) will always care about "ag gag" laws more than the average citizen. American Crystal Sugar will always care about the farm bills more than the average citizen. Lockheed Martin will always care more about the U.S. defense budget more than the average citizen. The list goes on.
Even a well-rounded citizen can't pay attention to every political issue and decision. That's where the lobby groups come in. In some rare cases the rich might battle it out on opposite sides (Silicon Valley lobbyists vs. Hollywood lobbyists). In others, like the defense industry, it's just more money piled onto the winning horse. The public's horses have been shot in the legs and are struggling to keep up.
Imagine a near ban on lobbying (institutionalized bribery) complete with campaign finance reform. The money will then change hands less obviously, and sites like Open Secrets will be unable to track it.
Optimism is out. Managing your pessimism is in.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by NotSanguine on Friday November 27 2015, @09:13AM
Optimism is out. Managing your pessimism is in.
Manage my pessimism? So I should get fitted for a comfy face pad [rackcdn.com] then, eh?
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by takyon on Friday November 27 2015, @04:47PM
Well you're not dead from trying to overthrow the government(s), so you are either doing something behind the scenes or nothing at all.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by NotSanguine on Friday November 27 2015, @09:48PM
Well you're not dead from trying to overthrow the government(s), so you are either doing something behind the scenes or nothing at all.
If you google the quotation (which is not mine), I think you'll find that you have no sense of humor. At all.
If you want to pick on something else in my post, why not this:
E Pluribus Unum used to mean something. I'd like it if it did again.
As your tone implies that you're not so into that either.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by nyder on Friday November 27 2015, @06:19PM
Except you are wrong about your assumptions of me. And I'm guessing wrong about other things. The USA hasn't been in peace time since 9/11. We've been invading other countries and killing people in the middle east. Maybe you call it peace, but ask all those people who aren't terrorist that we have killed in the middle east.
Actually, this is funny. You are trying to change what I'm saying by saying I'm just bitching and nothing would be stop my bitching. So, in your mind, not changing anything and putting down those who want change is the way to go. Ya, well, fuck you and your bullshit. You are the problem, Mr. Status Quo.
(Score: 2) by frojack on Saturday November 28 2015, @02:35AM
The USA hasn't been in peace time since 9/11. We've been invading other countries and killing people in the middle east.
Son, you are just too young to remember what wartime mobilization is. I suggest you go as your grandpa.
You've never seen it, because you think just because we are fighting a war we are mobilized for war, focusing the nation's resources on that war.
In short life goes on as normal back home while wars are fought with smart bombs and stand-off missiles, and drones, and the world's most invincible tanks.
You should probably take some time to learn reading comprehension while you are talking to your elders about what a real war is.
No, you are mistaken. I've always had this sig.
(Score: 2) by dyingtolive on Friday November 27 2015, @08:41AM
I recently dreamed up the notion of a python based webmail portal enabling end-to-end encryption that any user could download and run their own copy of. It would allow smtp/pop to the mail server, https, and allow for encryption of the message with 2048 bit RSA. Far as I can tell, each person running their own instance and an established user base (sidestepping for now public key distribution. Still working on that) would limit the amount of snooping that vague but menacing agencies would allow. The way to encourage adoption of the software was to make it so simple your grandmother could use it. That's daunting, but I think it's possible.
The problem I'm having is that I'm still struggling with whether people deserve this. Is this something that should exist? Why has no one done something like this?
Don't blame me, I voted for moose wang!
(Score: 2) by linkdude64 on Friday November 27 2015, @08:52AM
"Why has no one done something like this?"
http://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email [theguardian.com]
(Score: 2) by dyingtolive on Friday November 27 2015, @09:03AM
Oh yeah, totally. I remember when that story broke, and that's why I was thinking a distributed client anyone could run, rather than a centralized service. The dangerous, terrifying, and enticing thing is that I dump this project on github with an intuitive installer, and the proverbial genie is out of the bottle. I couldn't be threatened into stopping at that point, because I couldn't stop it if I wanted to. At the same time, that's what gives me the most fear about actually doing it.
Don't blame me, I voted for moose wang!
(Score: 2) by NotSanguine on Friday November 27 2015, @09:21AM
I recently dreamed up the notion of a python based webmail portal enabling end-to-end encryption that any user could download and run their own copy of.
It's called Enigmail [enigmail.net]
And keep working on that whole key distribution thing. You might want to look at this site [sks-keyservers.net] for ideas.
The problem isn't that the technology is so hard to use, or even that there aren't any pretty seamless solutions. The problem is that most people don't know and wouldn't care if they did know.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by dyingtolive on Saturday November 28 2015, @12:09AM
I haven't seen that, though looking at it, I think I've seen something similar for Outlook some years back.
Based upon a very unscientific and brief study of how most people use email nowadays, most people just go to a webmail (gmail, ymail, outlook.com) portal if they're using a computer, and use their phone app otherwise. I always viewed that workflow as the largest barrier to entry, and not just general indifference. If I can abstract the extra crypto to something as simple as gmail is to use, bill it as something that "lets you use your existing email and keeps everyone out of your business", and is actually functional for users as well as non-users, then I can't see it not taking off. I mean, even non-technical people use ad-blockers nowadays. This can't be that far off.
Breaking into the mobile world is the most terrifying thing. The webmail paradigm doesn't really translate well in that case, and depending on paranoid you are about a mobile device, you have pretty good reason to treat absolutely everything being done on it as compromised anyway.
My way of handling public key repositories as of this time was to have a webserver acting as a directory listing of all keys with as much or as little personal information as you want to provide to help identify yourself as the public key, and then after you have done this, your webmail instance sends a one-time pad (encrypted with the server's key, of course) that can be used to update the public key if you ever choose to change your key for whatever reason. This provides a backup measure to prove you are who you claim to be, even with a new key, so long as you have access to the hardware you set all this up on. Recipients would be emailed notices that you changed your key, along with the updated key, from you. OTP might be utilized there too. Not sure yet. This means that if someone compromised the public key repo with a tainted public key, the people you've been communicating with already would still at least be safe.
Then the trick is making this so straightforward that Grandma can use it.
I'm not looking to make money off of something like this. I think, for it to actually be useful and trustworthy, it's basically impossible to generate revenue from it. I wonder, if I do actually functionally complete it, if I would even want to attach my name to it. The last thing I would want to be my legacy is aiding dogmatic assholes in their wholesale killing of infidels, which goes back to my previous contemplation of whether people actually deserve this kind of thing existing.
Don't blame me, I voted for moose wang!
(Score: 3, Insightful) by NotSanguine on Saturday November 28 2015, @12:49AM
I'm not looking to make money off of something like this. I think, for it to actually be useful and trustworthy, it's basically impossible to generate revenue from it. I wonder, if I do actually functionally complete it, if I would even want to attach my name to it. The last thing I would want to be my legacy is aiding dogmatic assholes in their wholesale killing of infidels, which goes back to my previous contemplation of whether people actually deserve this kind of thing existing. [emphasis added]
I'd point out that conservative (meaning high) estimates put the number of those involved in terrorist activities at about 200,000. Sound like a lot, doesn't it? Given the global population, those guys make up .0000285% of us.
You're wondering if the entire human race deserves to be secure in their communications because one in every 35,000 people might use it for nefarious purposes? I see you've been buying in to the "OMG! OMG! the terrists are everywhere! Quick! Cavity search me immediately so I know they aren't harvesting the methane in my farts!" bullshit way too much.
Perhaps a change of perspective might be in order.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by dyingtolive on Saturday November 28 2015, @01:18AM
Well, the funny thing was that I would have never had any doubt about a project like this, even after the WTC. For some reason, Paris happened, and I had a hard time wanting to continue work. As a US citizen, I don't know why Paris was a bigger deal for me than the WTC was. Maybe it was because it was more recent. Maybe it's because I didn't expect to see France get hit, of all the places. Who knows? There's no rationalizing emotion, or if there is, I've never been great at it.
I do agree with your final point though, however condescending your message was. I do think I need to change my perspective. I think perhaps I need to walk away from everything. Sort of a bit of a purge, and then come back and see what things look like then.
Don't blame me, I voted for moose wang!
(Score: 2) by NotSanguine on Saturday November 28 2015, @01:28AM
I do agree with your final point though, however condescending your message was. I do think I need to change my perspective. I think perhaps I need to walk away from everything. Sort of a bit of a purge, and then come back and see what things look like then.
I'm glad you're open minded enough to seek a change of perspective. My intent was not to be condescending. Rather, it was to point up the absurdity of the message that our government and the media are pushing, and pushing hard.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by dyingtolive on Saturday November 28 2015, @01:32AM
That's fair. I didn't take it personally. I think I've always been more angry and fearful of our government than I have been of terrorists. I'm not sure why it changed lately.
I think I'll walk away for the weekend and see if I can make myself rational in a few days.
Don't blame me, I voted for moose wang!
(Score: 0) by Anonymous Coward on Saturday November 28 2015, @12:59AM
http://pdfernhout.net/why-encryption-use-is-problematical-when-advocating-for-social-change.html [pdfernhout.net]
"I believe decentralized knowledge sharing is important, especially for disaster preparedness. I also believe encryption is important in practice, the same way as many people have locks on their doors. Such things do affect a balance between state power and individual power, which is important in a democracy, and they also make it harder for vandals and criminals to operate. So, a project like Briar that supports decentralized communications and encryption is important for those and other reasons. Still, as my father (a machinist among other things) used to say, "Locks only keep honest people honest." Here is a partial list of all the ways a tool like Briar can fail when being used by activists engaged in controversial political actions. ..."
(Score: 2) by MichaelDavidCrawford on Friday November 27 2015, @09:51AM
Dad had a Top Secret security clearance, I strongly suspect he did Signals Intelligence so it's not like Mom doesn't know what encryption is or why she needs to use it. She's quite diligent about shredding her paper documents.
All on her own she figured out that deleting a file on her Mac only marks the space as unused, it doesn't actually erase the document itself.
"You're right mom. But there's a way you can shred your documents on your Mac as well." One does this with Disk Utility, or with bcwipe from MacPorts.
"Would you like me to teach you how to do it?"
"No."
So she's got identify theft data all over her Mac and I can't even convince her to permit me to teach her how to Erase Free Space with Disk Utility.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by Runaway1956 on Friday November 27 2015, @11:20AM
Uhhhh, "top secret" doesn't really mean much. I was handed a "confidential" clearance at my first duty station. I thought "wow". Not long after, came a "secret". Again, I thought "Wow, this is awesome". Eventually, I reported to my first sea-going command, where I was a much more important part of things. "Top secret". That clearance meant jack-shit when it came to walking through the door into CIC until it was deemed that I had a "need to know". It never did get me inside the rocket magazine or the launcher. Nor did it ever allow me to read the manuals on the rockets.
Once you possess a "top secret", you begin to realize how labyrinthine the secrecy structure really is. Without further details, I might ASSume that your dad was just another plebe like myself.
(Score: 2) by MichaelDavidCrawford on Friday November 27 2015, @09:58PM
A little bird lit on my windowsill as I was having my morning coffee, to let me know that my father once had a bit to much Scotch in that little bird's direct presence.
I'd give you more details but the Navy would exhume my father's battleship grey steel casket then inter it for all eternity at Leavenworth.
Let's just say that while I don't know what was inside those black boxes that are aboard submarines, I do have a pretty good idea of what those quiet men hoped to accomplish by tending to them.
Yes I Have No Bananas. [gofundme.com]