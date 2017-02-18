from the US-is-screwed dept.
The EFF addresses some shortcomings in the recent report to policy makers by the National Academies of Sciences (NAS) on encryption.
The National Academy of Sciences (NAS) released a much-anticipated report yesterday that attempts to influence the encryption debate by proposing a "framework for decisionmakers." At best, the report is unhelpful. At worst, its framing makes the task of defending encryption harder.
The report collapses the question of whether the government should mandate "exceptional access" to the contents of encrypted communications with how the government could accomplish this mandate. We wish the report gave as much weight to the benefits of encryption and risks that exceptional access poses to everyone's civil liberties as it does to the needs—real and professed—of law enforcement and the intelligence community.
The report via the link in the quote above is available free of charge but holds several hoops to hop through between you and the final PDF. The EFF recognizes that the NAS report was undertaken in good faith, but identifies two main points of contention with the final product. Specifically, the framing is problematic and the discussion of the possible risks to civil liberties is quite brief.
Source : New National Academy of Sciences Report on Encryption Asks the Wrong Questions
« ICANN Rejects .home, .corp, .mail for Internet Use | Embedding a Tweet Can be Copyright Infringement, Court Rules »
Related Stories
Riana Pfefferkorn, a Cryptography Fellow at the Center for Internet and Society at Stanford Law School, has published a whitepaper on the risks of so-called "responsible encryption". This refers to inclusion of a mechanism for exceptional access by law enforcement to the cleartext content of encrypted messages. It also goes by the names "back door", "key escrow", and "golden key".
Federal law enforcement officials in the United States have recently renewed their periodic demands for legislation to regulate encryption. While they offer few technical specifics, their general proposal—that vendors must retain the ability to decrypt for law enforcement the devices they manufacture or communications their services transmit—presents intractable problems that would-be regulators must not ignore.
However, with all that said, a lot more is said than done. Some others would make the case that active participation is needed in the democratic process by people knowledgeable in use of actual ICT. As RMS has many times pointed out much to the chagrin of more than a few geeks, "geeks like to think that they can ignore politics, you can leave politics alone, but politics won't leave you alone." Again, participation is needed rather than ceding the whole process, and thus its outcome, to the loonies.
Source : New Paper on The Risks of "Responsible Encryption"
Related:
EFF : New National Academy of Sciences Report on Encryption Asks the Wrong Questions
Great, Now There's "Responsible Encryption"
(Score: 2, Insightful) by Anonymous Coward on Sunday February 18, @04:27AM (4 children)
The only thing to "discuss" is how to get the best implementation to the public regardless of the state's opinion. They should be given no say in how people communicate. That's it. There's nothing to "discuss" on the matter. The singular objective is, or should be to provide secure and private communication to everybody where nobody can interfere. All the tyrants who say we have no right can go to hell! Let's use our technology to send them there post haste and be done with it. There is no such thing as extremism when it comes to defending personal rights.
(Score: 2, Informative) by tftp on Sunday February 18, @04:46AM (3 children)
(Score: 4, Insightful) by Runaway1956 on Sunday February 18, @05:53AM (2 children)
The problem lies in technology and weasel words.
In 1500, when two people communicated orally, NO ONE could hear them, except for people standing within a few feet of them. There were no recording devices, no telecommunications, words weren't etched into stone (unless someone was hired for that very purpose). Communications were "private", unless and until those persons present disclosed those communications to outsiders.
Today - your most casual conversations might be recorded. More, most communications outside of immediate family are electronic. Telephone, chat rooms, forums, email, and more. Everything is recordable - and spyable.
Weasel words? Law makers have forgotten what life was like in 1000 BC, 1000 AD, 1500 AD, and even 1900 AD. They only remember the past few decades, when government has had the ability to eavesdrop on telephones, telegraph, radio, television, and more recently, the internet. They can't conceive of a time when private communications were really PRIVATE. So, "The right of the people to be secure" only applies to personal, oral, face-to-face communications, in their opinion. Everything else MUST BE visible to government.
Or, phrased another way - if your communications are reduced to digital media, you have granted government permission to monitor it.
That is the mindset that we have to overcome. Inertia is working against us.
Except, of course, for one simple fact. It is impossible to build a secure communication, while at the same time giving government the "keys" to unlock that communication. It just isn't possible. The moment government has a key, criminals have that same key, and communications are no longer secure.
#cageAristarchus!!11!!11!!
(Score: 1, Interesting) by Anonymous Coward on Sunday February 18, @06:51AM
You're making my point. You waste time talking about government, when we should be getting the privacy tools out. Who gives a shit what the government thinks on these matters? Our private communications are simply none of their business. That simple. The government is supposed to be serving its people (you know, building roads, proving national defense, social security, AND healthcare!), and it would be if people actually demanded it. So, fuck 'em all and let's get on with the business at hand, please. Let's hear some good news on circumventing the state for a change, and let's ignore their whining about it. And of course we could vote for a privacy respecting congress, but that is unlikely, so let's take the technical route.
(Score: 2) by bzipitidoo on Sunday February 18, @07:32AM
> It is impossible to build a secure communication, while at the same time giving government the "keys" to unlock that communication.
True. Either secure communication is possible, or it is not possible. Seems highly likely that it's possible. Problem is, they (the military brass and high level bureaucrats at spy agencies) seem to think they can have it both ways-- secure communication for themselves, and back doors for everyone else. If you pin them to the wall, they will admit it doesn't make sense, and profess that they understand that and so you are insulting their intelligence.
But as soon as they're off the hot seat, they go right back to demanding exactly that. They want the happy situation the Allies had in WWII-- both German and Japanese communication broken, and Allied communication secure from the Axis. It's like they feel that state of affairs is the status quo, rather than the result of the good fortune of the Germans having the arrogance to believe the Enigma machine was unbreakable, or if not unbreakable, having too much contempt for Allied science, thought the Allies were such bad scientists they couldn't break it anyway.
(Score: -1, Flamebait) by Anonymous Coward on Sunday February 18, @04:27AM
EFF are a bunch of fucking failures who couldn't get real jobs as lawyers. Fuck the noise that bleats out of those EFFing losers who should be sucking the dicks of paralegals who are better than them.
(Score: 2) by DrkShadow on Sunday February 18, @04:45AM (2 children)
Recently, as yet another example, there was an article about an ex CIA officer arrested with suspicion of compromising informants. If the government retains a backdoor key into all encryption on American soil, the major governments of the world will have ready access to _ALL_ encrypted data of Americans.
The US government can simply not maintain secrecy of vital information -- not with CIA informants, not with Equation group, not with diplomatic cables. If the government demands a backdoor, then the world will have that backdoor and Americans will have nothing. There is information that can not be recovered once lost, and must be protected absolutely -- something the US government has shown that, with lives on the line, it cannot do.
This is the only necessary argument against broken encryption schemes.
(Score: 1, Insightful) by Anonymous Coward on Sunday February 18, @04:54AM
That's one of the consequences of money being the sole basis of society. Corruption is inevitable.
(Score: 2) by krishnoid on Sunday February 18, @05:05AM
Which is fine, because our privacy has already been compromised like nobody's business. Ready access to encrypted data of Europeans, though ... different story.
(Score: 2) by frojack on Sunday February 18, @04:57AM (3 children)
free of charge but holds several hoops to hop through between you and the final PDF.
So why not short circuit that nonsense and publisf the PDF directly? I was under the impression it was a EFF document?
They aren't partaking of their own dogfood?
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Sunday February 18, @05:49AM (2 children)
It's referring to NAS report, not EFF's.
(Score: 2) by frojack on Sunday February 18, @07:48AM (1 child)
So something produced with my tax dollars then?
No, you are mistaken. I've always had this sig.
(Score: 2) by janrinok on Sunday February 18, @08:59AM
Well if you want to take that argument to its extreme - all the intelligence gathered by your agencies is also funded by your tax dollars. Do you think that you should give free access to all Americans to that data? How secure would that be?
Now, I'm not arguing against the need for good encryption for everybody, but it would be easy for the high and mighty that you dislike so much to discount your argument simply because there is a need to secure information and keep it on a very limited distribution. It affects your national security and safety. The true argument is that it does not apply to your "private" data. You have a right to secure communications just as much as they have. You need secure comms to do your banking, to purchase items over the internet, to submit you tax forms etc. And as a result, you can also use secure comms on your phones. That is what they don't like.
But they should ask themselves a simple question. When, during the WW2 they didn't have the ability to break enemy codes, did they simply stop fighting and go home? No, they continued to fight. And that is what they should be doing to combat terrorism. Not crying themselves to sleep because Joe Public doesn't want to hand over all the details of his private life. And there is no way that they can enforce such a law on the entire world, so how do they expect to stop encryption simply within your own borders?
If you sent random data by phone to another person in the US, would you be guilty of breaking a law simply because the NSA didn't know what the data meant? It is not encrypted, but they do not know that. There is no key for them to find, none for them to try to force you to give up, and you have paid for your phone bill so you can send any text that you like. Or are they suggesting that it has to be in English. Why not Navajo, or some strange dialect used by a group of pygmies somewhere. What they ask for is entirely unreasonable and I don't believe that any such law would stand up in court to a logical and well-reasoned defence. They know it too...
It's always my fault...
(Score: 2, Informative) by Anonymous Coward on Sunday February 18, @05:20AM (7 children)
What gets me, is even if they do come out with an encryption standard that has "exceptional access", it won't make a bit of difference. The encryption cat is out of the bag, and we have multiple encryption specs to choose from.
(Score: 2) by Runaway1956 on Sunday February 18, @06:01AM (1 child)
Bingo. You, the individual end user, need not even adhere to any standard. If you are really worried about privacy/secrecy, you may take any standard at all, and use it, or modify it, for your purposes. It isn't necessary that your new "standard" works for anyone else, aside from the person you are communicating with. You agree with him/her that $standard with $modifications using $key is your private channel - and no one is likely to break in. If/when you feel the need to include third/fourth parties in your communications, then you offer those people your new standards, and your key or key generator.
Of course, Gubbermint will probably declare you to be a de facto criminal for using your private encryption scheme.
#cageAristarchus!!11!!11!!
(Score: 2) by Dr Spin on Sunday February 18, @09:09AM
Good luck with agreeing a private encryption protocol with your bank (or Amazon).
It looks like the main purpose of this is to give criminals access to your bank accounts and enable them to buy and sell things using your name.
However, look on the bright side: it will expose every politician's dirty secrets to the entire world. There must be some merit in that?
Putting your data in the cloud is like sending your teenage daughter backpacking in a 3rd world country with a pimp
(Score: 0) by Anonymous Coward on Sunday February 18, @06:06AM (4 children)
The cat may be out of the bag, but there's an ICBM headed towards it. After government-backdoored "encryption" is introduced, the next step is outlawing non-backdoored encryption. It doesn't matter if you're hiding porn or state secrets, if they can prosecute you for the "hiding" part (cf. civil forfeiture).
(Score: 4, Funny) by janrinok on Sunday February 18, @09:21AM (3 children)
It's always my fault...
(Score: 1) by redneckmother on Sunday February 18, @01:52PM
I like this idea.
Are there any "blind drop" sites on the 'net? I have a hardware RNG, and would love to raise the background noise for the TLAs.
Pitchforks? Check. Torches? Check. Lampposts? Check. Rope? Oh crap, Colorado smoked all the Hemp!
(Score: 2) by canopic jug on Sunday February 18, @02:16PM (1 child)
They'd just throw your ass in jail until you cough up the key. However, since there is no key, you'd just stay there indefinitely.
In a much dodgier case [arstechnica.com], that has already happened.
It's a clever idea otherwise and could be tried. I suspect though that if there were enough suspicion to warrant closer attention and a larger budget, they'd just work toward an end-point compromise and eventually figure out that it was just noise.
Money is not free speech. Elections should not be auctions.
(Score: 1) by redneckmother on Sunday February 18, @02:39PM
As others have noted, it's all about money.
If there were a "blind drop", and enough individuals would send (and read) gibberish posts, the TLAs could chase their tails until they decided to abandon such nonsensical efforts.
Who knows, perhaps one could put a little wheat in with the chaff? That possibility would give them nightmares.
I wish the gubmitt would spend more resources on improving life and respecting individual (as in living, breathing people) rights.
Pitchforks? Check. Torches? Check. Lampposts? Check. Rope? Oh crap, Colorado smoked all the Hemp!
(Score: 2) by Bot on Sunday February 18, @05:54AM (3 children)
they have one thing in common, when done according to fundamentals, titles are just labels.
it does not matter how high you rank in christianity (and the high ranking means you serve more), it's following the rules that counts. (Matthew 7:21 12:46 and others)
it does not matter how many awards and titles and curriculum in science, it's following the scientific method that counts.
Now the question is, where is the experimental data that shaped the conclusion of this academy of sciences report, and how do i reproduce it?
Else it is not science, it is politics. You know, the discipline whose output must be decoded through cui bono filters.
(Score: 3, Interesting) by Azuma Hazuki on Sunday February 18, @06:00AM (2 children)
I realize, from previous interaction with you, that you know so little philosophy that this sort of "nicht einmal falsch" statement is to be expected from you but...wow. Stop trying to work in shilling for the flying Canaanite genocide fairy into every other post, will you? You're not even doing a good job of it if that's your idea of a good sales pitch.
I am "that girl" your mother warned you about...
(Score: 2) by Bot on Sunday February 18, @12:27PM (1 child)
hello there
so what have i done wrong this time other than being me?
(Score: 0) by Anonymous Coward on Sunday February 18, @02:45PM
PEBKAC
[grin]