Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday July 01 2016, @08:27AM   Printer-friendly
from the security-vs-security dept.

From a story in The Guardian titled "US efforts to regulate encryption have been flawed, government report finds -- Weighing in on the encryption debate, a new government report says that lawmakers need to to learn more about technology before trying to regulate it." The "House Homeland Security Committee Majority Staff Report" Going Dark, Going Forward -- A Primer On The Encryption Debate (pdf) runs 25 pages. Its executive summary states:

Public engagement on encryption issues surged following the 2015 terrorist attacks in Paris and San Bernardino, particularly when it became clear that the attackers used encrypted communications to evade detection—a phenomenon known as "going dark." While encryption provides important benefits to society and the individual, it also makes it more difficult for law enforcement and intelligence professionals to keep us safe.

Some have framed the debate surrounding encryption as a battle between privacy and security. Our extensive discussions with stakeholders, however, have led us to conclude that the issue is really about security versus security: encryption protects critical infrastructure, trade secrets, financial transactions, and personal communications and information. Yet encryption also limits law enforcement's ability to track criminals, collect evidence, prevent attacks, and ensure public safety. Initially, lawmakers and some among law enforcement personnel believed the solution was simple: statutorily authorize law enforcement access to obtain encrypted data with a court order. Unfortunately, this proposal was riddled with unintended consequences, particularly if redesigning encryption tools to incorporate vulnerabilities—creating what some refer to as "backdoors"—actually weakened data security. Indeed those vulnerabilities would naturally be exploited by the bad guys—and not just benefit the good guys.

The global technology industry is undergoing rapid change. Consumers now demand that companies incorporate encryption into their products and services as a matter of routine practice. We are just beginning to understand the implications of this transformation. If the U.S. placed burdensome restrictions on encryption, American technology companies could lose their competitive edge in the global marketplace. Moreover, studies suggest that two-thirds of the entities selling or providing encrypted products are outside of the United States. Thus, bad actors could still obtain the technology from foreign vendors irrespective of U.S. legislative action.

Over the course of the past 12 months, Members and staff of the House Committee on Homeland Security have held more than 100 meetings and briefings, both classified and unclassified, with key stakeholders impacted by the use of encryption. As a result of our robust investigation, the Committee staff has come to understand that there is no silver bullet regarding encryption and "going dark." While we benefited tremendously from our engagement with stakeholders, we did not discover any simple solutions. No matter what path emerged, there were always troublesome trade-offs. Thus, in our estimation, the best way for Congress and the nation to proceed at this juncture is to formally convene a commission of experts to thoughtfully examine not just the matter of encryption and law enforcement, but law enforcement's future in a world of rapidly evolving digital technology.

[What say you Soylentils? Too little, too late? Finally on the right track? If you were to make a presentation to Congress, what would you recommend? --Ed.]


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Friday July 01 2016, @08:31AM

    by Anonymous Coward on Friday July 01 2016, @08:31AM (#368330)

    Government Report Finds

  • (Score: 0) by Anonymous Coward on Friday July 01 2016, @08:55AM

    by Anonymous Coward on Friday July 01 2016, @08:55AM (#368337)

    I think exactly what is needed. It feels almost "grown up"...

    • (Score: 4, Insightful) by takyon on Friday July 01 2016, @09:31AM

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Friday July 01 2016, @09:31AM (#368346) Journal

      Almost, but not quite. The Obama Administration and all subsequent administrations will reserve the privilege of weaponizing vulnerabilities rather than disclosing or fixing them. The recommendations of whatever "Digital Security Commission" that inevitably gets formed will either tend towards surveillance and against freedom or will be acknowledged then ignored.

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
      • (Score: 2) by DeathMonkey on Friday July 01 2016, @05:52PM

        by DeathMonkey (1380) on Friday July 01 2016, @05:52PM (#368514) Journal

        ...reserve the privilege of weaponizing vulnerabilities rather than disclosing or fixing them.
         
        And therefore, even if you are using an encrypted means of communications, specifically designed for privacy you should have no expectation of privacy. Meanwhile, the completely un-encrypted POTS line attached to your house does have the expectation of privacy.
         
        Man, it must be hard to be a Judge.

  • (Score: 4, Informative) by RamiK on Friday July 01 2016, @09:24AM

    by RamiK (1813) on Friday July 01 2016, @09:24AM (#368343)

    http://arstechnica.com/tech-policy/2016/03/paris-terrorist-attacks-burner-phones-not-encryption/ [arstechnica.com]

    Over 100 meetings on the subject, and they still can't issue an informed press release.

    --
    compiling...
    • (Score: 0) by Anonymous Coward on Friday July 01 2016, @02:59PM

      by Anonymous Coward on Friday July 01 2016, @02:59PM (#368425)

      But, think of the children!!

    • (Score: 3, Insightful) by DeathMonkey on Friday July 01 2016, @05:48PM

      by DeathMonkey (1380) on Friday July 01 2016, @05:48PM (#368511) Journal

      Yeah, it's hard to take a report seriously when the very first sentence is provably wrong.

  • (Score: 2, Funny) by Anonymous Coward on Friday July 01 2016, @09:37AM

    by Anonymous Coward on Friday July 01 2016, @09:37AM (#368347)

    There's too much transport encryption nowadays. The bad news is we can't get rid of it. The good news is we can still spy on the endpoints. Now the endpoints are the eyes and hands which malcontents use to interact with their devices, and this most basic point of interaction cannot be encrypted. So what we need to do is quietly arrange for basement dwelling antisocial young men, who are always terrorists, to get girlfriends. These girlfriends will work for us and spy on everything their boyfriends are doing and report back on who's planning to blow up what. We'll need to secure funding to pay our spies, but luckily basement dwellers are lonely and desperate so we can hire a bunch of dirty whores for the job. Apply now to Whore for America.

  • (Score: 0) by Anonymous Coward on Friday July 01 2016, @09:44AM

    by Anonymous Coward on Friday July 01 2016, @09:44AM (#368351)

    I remember reading about the terrorists involved in the Paris bombing were -not- using encryption. Did I miss a credible story saying otherwise? (Keeping in mind that Politicians and most government institutions in this case would not be credible as they were saying "oh yeah it was encrypted" from day 1 even when people had evidence to the contrary. (ie: they were saying it was encrypted purely to push their new laws.)

    • (Score: 1) by kurenai.tsubasa on Friday July 01 2016, @03:08PM

      by kurenai.tsubasa (5227) on Friday July 01 2016, @03:08PM (#368431) Journal

      Don't think we missed anything. I'm having trouble coming up with a more blatant example of government using a tragedy to push draconian laws.

      We live in a world where the vast majority of people interpreted The Lawnmower Man as a documentary about information systems instead of Sai King's take on Flowers for Algernon.

  • (Score: 3, Insightful) by MostCynical on Friday July 01 2016, @10:06AM

    by MostCynical (2589) on Friday July 01 2016, @10:06AM (#368357) Journal

    basically, they need to know more to regulate better, and by "regulate", they mean "control and prevent others from having", and by "better", they mean "no one but us"

    --
    "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
    • (Score: 2) by edIII on Friday July 01 2016, @06:48PM

      by edIII (791) on Friday July 01 2016, @06:48PM (#368553)

      Which is why No Encryption = Civil War.

      They can take my encryption algorithms and keys out of my cold dead hands.

      --
      Technically, lunchtime is at any moment. It's just a wave function.
    • (Score: 2) by frojack on Friday July 01 2016, @06:51PM

      by frojack (1554) on Friday July 01 2016, @06:51PM (#368554) Journal

      Yeah, but that's not going to happen, because that horse has bolted. Encryption is in the wild.
      .

      What is needed is to rid the world of the idea that government has a right or even a need to read everyone's mail.

      Just where did that idea come from?

      As a method of defense, its an intellectual Maginot Line.
      A lazy and unreliable waste of effort.
      Easily end-ran by communicating in plain language via pre-arranged innocuous messages, postings on SoylentNews or social media. In serious cases one-time-pads are never likely to be broken.

      Betting the farm on looking over everybody's shoulder is a fools errand. It has only come about because it is increasingly possible to handle the load, even if they remain as clueless as ever about the actual content.

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 0) by Anonymous Coward on Saturday July 02 2016, @10:02AM

        by Anonymous Coward on Saturday July 02 2016, @10:02AM (#368842)

        The rabbit has eaten the Broccoli. I say again, the rabbit has eaten the broccoli.
        Suggest you put on your hat and left shoe and visit the bookstore immediately.

        • (Score: 2) by frojack on Saturday July 02 2016, @07:47PM

          by frojack (1554) on Saturday July 02 2016, @07:47PM (#368963) Journal

          The rabbit has eaten the Broccoli. I say again, the rabbit has eaten the broccoli.
          Suggest you put on your hat and left shoe and visit the bookstore immediately.

          Cute, but nothing at all like what is to be expected.

          What about:

          Hi Bill. I got a letter from my mom, and she needs some money for car repairs.
          Can I hit you up for a couple hundred Euros for a week till I get paid on the 18th?

          Any part of that could be pre-arranged to mean something different than it looks.

          --
          No, you are mistaken. I've always had this sig.
  • (Score: 3, Insightful) by MadTinfoilHatter on Friday July 01 2016, @11:19AM

    by MadTinfoilHatter (4635) on Friday July 01 2016, @11:19AM (#368366)

    Indeed those vulnerabilities would naturally be exploited by the bad guys—and not just benefit the good guys.

    The real source of the problem is revealed by the phrase above: they assume that there are "good guys" involved here, rather than just different flavours of bad. Personally I vastly prefer "terrorist, pedophile or boogeyman-of-the-day" bad flavour over "draconian hellbent-on-mass-surveillance government" bad flavour.

  • (Score: 2) by bradley13 on Friday July 01 2016, @12:45PM

    by bradley13 (3053) on Friday July 01 2016, @12:45PM (#368377) Homepage Journal

    "...lawmakers need to to learn more about technology before trying to regulate it"

    Wow, what a concept! In fact, if the lawmakers understood encryption, they would realize that no regulation is needed. That's a concept lawmakers don't like, though, because it doesn't let them collect money for passing legislation friendly to one side or the other.

    For too many lawmakers, all they need to know is who writes the bigger checks.

    --
    Everyone is somebody else's weirdo.
    • (Score: 2) by Runaway1956 on Friday July 01 2016, @01:55PM

      by Runaway1956 (2926) Subscriber Badge on Friday July 01 2016, @01:55PM (#368397) Journal

      That's my answer.

      To stop all encryption, they'll have to stop teaching mathematics in school. High school grads know nothing more complicated than making change for a dollar - and that's done by the computerized cash register anyway. Just stop teaching math.

      Only a very select few will be permitted to study any math in college. All will be recruited to work for the government, or face possible droning for being "terrists".

      So, any encryption, no matter how poor it might be, requires some math skills. Good encryption requires better than average math skills. Great encryption requires several minds working together, all of whom have very good or great mathe skills.

      If we aren't going to outlaw math, then there is simply no sense in trying to outlaw or control encryption. SOMEONE is going to create the software. Open source cooperative efforts, closed source, or, (OH MY GOD, HACKERS!) just rogue hackers.

      Someone has to have their heads all the way up their asses to imagine that they are going to prevent all the "terrists" in the world from having encryption. They've gotta be batshit insane to imagine that they can accomplish that goal. So - the only reasonable alternative, IMHO, is not to regulate encryption at all.

      • (Score: 0) by Anonymous Coward on Friday July 01 2016, @02:54PM

        by Anonymous Coward on Friday July 01 2016, @02:54PM (#368422)

        To stop all encryption, they'll have to stop teaching mathematics in school.

        Isn't that already the case? What passes for teaching mathematics in schools is really little more than a game of Jeopardy! where students memorize facts and spew it all back on tests and homework. Very rarely are students expected to actually understand the math.

        So we've already had this covered for over a hundred years, unintentionally or not. The problem is, smart people tend to educate themselves far beyond what schools expect from them, and it would be difficult to stop that from happening.

        • (Score: 2) by Runaway1956 on Friday July 01 2016, @03:56PM

          by Runaway1956 (2926) Subscriber Badge on Friday July 01 2016, @03:56PM (#368454) Journal

          You're only about 80% right. They teach enough math, right now, today, that children who take an interest, can teach themselves adequately to get into college. Once in college, the sky is the limit. Texas A&M awarded a math degree (bachelor's) to my youngest son last month. Of course, his brothers took no interest in math, the eldest has merely an adequate understanding of algebra, geometry, and calc. The middle son can't recite the times table up to twelve.

          The kids are more or less encouraged to be lazy and ignorant, but those who want to be educated have enough tools to get the education.

          • (Score: 0) by Anonymous Coward on Friday July 01 2016, @04:27PM

            by Anonymous Coward on Friday July 01 2016, @04:27PM (#368469)

            They teach enough math, right now, today, that children who take an interest, can teach themselves adequately to get into college.

            No thanks to the schools, though. And unfortunately, most colleges really aren't any better.

  • (Score: 2) by timbim on Friday July 01 2016, @04:38PM

    by timbim (907) on Friday July 01 2016, @04:38PM (#368474)

    Anyone cam make up their own encryption cyper and use that for keeping files secure. They're saying we cant use encryption or they want the keys? whatever it may be they still wont be able to dycrypt everything.

  • (Score: 0) by Anonymous Coward on Friday July 01 2016, @04:50PM

    by Anonymous Coward on Friday July 01 2016, @04:50PM (#368480)

    If you were to make a presentation to Congress, what would you recommend?

    an RPG?

    • (Score: 2) by Celestial on Friday July 01 2016, @05:23PM

      by Celestial (4891) on Friday July 01 2016, @05:23PM (#368499) Journal

      Dungeons & Dragons, or Traveller?

      Actually, it should probably be Paranoia.

      • (Score: 0) by Anonymous Coward on Friday July 01 2016, @06:32PM

        by Anonymous Coward on Friday July 01 2016, @06:32PM (#368542)

        The OTHER RPG!