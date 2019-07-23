from the Seckret-Codez dept.
Bruce Schneier has written a short piece over at Lawfare in response to ongoing calls to weaken encryption. Unlike during the cold war there is no longer a distinction between consumer grade encryption and military encryption. This is because customized encryption is both more expensive and less secure, because it is unique, non-standard, and untested.
In his keynote address at the International Conference on Cybersecurity, Attorney General William Barr argued that companies should weaken encryption systems to gain access to consumer devices for criminal investigations. Barr repeated a common fallacy about a difference between military-grade encryption and consumer encryption: "After all, we are not talking about protecting the nation's nuclear launch codes. Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications."
The thing is, that distinction between military and consumer products largely doesn't exist. All of those "consumer products" Barr wants access to are used by government officials—heads of state, legislators, judges, military commanders and everyone else—worldwide. They're used by election officials, police at all levels, nuclear power plant operators, CEOs and human rights activists. They're critical to national security as well as personal security.
In the constant battle to keep information secure, consumers have a powerful weapon on their side: strong encryption, which locks their data into unbreakably coded form, allowing people to transfer account information, personal data and messages without fear of being hacked. It also lets them store it safely—for example, on smartphones, which are effectively becoming wallets for our most sensitive information and thoughts.
But it's not just law-abiding citizens who take advantage of newly ubiquitous encryption. It's also criminals, who need to communicate without being overheard. Government agencies call it the "going dark" problem: An encrypted message essentially vanishes from their view. Law enforcement wants a federally mandated "back door," a way to lawfully break encryption and read messages.
There lies one of the biggest emerging conflicts in the cyber realm. The shorthand is the "Crypto Wars," and it drives much of the debate over cybersecurity policy. Should tech companies and the public be encouraged to encode their information as securely as possible to guard against theft? Or should the government be given tools to snoop, even if it severely weakens the protections of encryption?
The story goes on to point out that developing complex systems is difficult and error prone to the extent that we cannot 100% rely on them to transmit information securely. The alternative is to assume transmission is error-prone and to encrypt our messages so that, even if they are intercepted, no information is lost. To provide a backdoor would require a key escrow that would become a tantalizing target — one that could not be guaranteed to be kept secure. And, the introduction of a backdoor weakens security by exposing a larger attack surface thereby putting the information at risk. The entire article is well worth reading.
Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General
If the cops and Feds can't read people's encrypted messages, you will install backdoors for us, regardless of the security hit, US Attorney General William Barr has told the technology world.
While speaking today in New York, Barr demanded eavesdropping mechanisms be added to consumer-level software and devices, mechanisms that can be used by investigators to forcibly decrypt and pry into strongly end-to-end encrypted chats, emails, files, and calls. No ifs, no buts.
And while this will likely weaken secure data storage and communications – by introducing backdoors that hackers and spies, as well as the cops and FBI, can potentially leverage to snoop on folks – it will be a price worth paying. And, after all, what do you really need that encryption for? Your email and selfies?
"We are not talking about protecting the nation's nuclear launch codes," Barr told the International Conference on Cyber Security at Fordham University. "Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, email, and voice and data applications. There have been enough dogmatic pronouncements that lawful access simply cannot be done. It can be, and it must be."
(Score: 2) by jmichaelhudsondotnet on Sunday September 01, @08:22AM
As an american hanging on to my patriotism by a very thin and thinning thread, I cannot express enough shame that this huge global issue which effects every actual thing on the planet, is being presented to us by this utterly corrupt, unintelligent stooge and as if this is a serious policy he has thought over like he's some sort of philosopher.
There is no way you could better explain to me that you not only don't want the country to be free, but that you think I am as dumb as you, than to assert that all of my communications and computer use must be transparent to the government and all of the Barr-like stooges who infest it and sell out our information to other countries, companies and whoever has the connection to parties with underage girls should be able to freely access it. (or with utterly bullshit 'constitutional safeguards)
Or whoever's dad works at a school with job openings so he can help a young desparate-to-be-rich israeli-first pimp break into fashion industry as a modelling talent scout.
This Barr guy is maybe the worst gaslighting in the history of the planet, the most corrupt president hires the most corrupt 'attorney general' to preside over the most egregious prison break and corrupt 'investigation' maybe in human history while preaching to us how he is the one who understands security.
I was reading yesterday about the literally dozens of israel-first people in the trump administration and campaign, this is exactly the type of thing I would do if I were trying to take over a country or disintegrate it from the inside. If any american or european is unwilling even at this point to question the alliance with israel, you might want to get a checkup to make sure you don't have a brainslug...with a doctor that has no ties to israel of course.
Or you could just tell me you are outright intidimidated and scared to say what you think because of the possible repercussions. Someone come here and tell me William Barr and Israel can be trusted, I dare you.
(Score: 4, Interesting) by bradley13 on Sunday September 01, @08:35AM
If you look at people like Barr as positively as possible:
- He's in his own personal bubble, surrounded by people who think like he does. He sees only the problems that law enforcement has.
- He's like pointy-haired bosses everywhere. He has authority over things he does not understand: he, personally, doesn't know a damned thing about encryption, and has no clue what the effects of weakened encryption would be.
- He's so high up in the food chain, and the people who understand the issues are so many layers below him, that he will never hear a contradictory opinion.
The only possible solution is external pressure. Big-tech can actually be useful here (if they care to be), by
bribing Congresssupporting relevant members of Congress, who can then reign in people like Barr.
(Score: 2) by stretch611 on Sunday September 01, @08:40AM
