SoylentNews is people
SoylentNews
Previously on SoylentNews: Apple Ordered by Judge to Help Decrypt San Bernadino Shooter's phone
Former NSA Director Claims Many Top Gov't Officials Side With Apple
Choice quotes from an interview with Gen. Michael Hayden (archive.is) on Wednesday:
"The issue here is end-to-end, unbreakable encryption—should American firms be allowed to create such a thing?" he told the Wall Street Journal editor John Bussey. "You've got [FBI director] Jim Comey on one side saying, I am really going to suffer if I can't read Tony Soprano's email. Or, if I've got to ask Tony for the PIN number before I get to read Tony's emails. Jim Comey makes that complaint, and I get it. That is right. There is an unarguable downside to unbreakable encryption."
"I think Jim Comey is wrong...Jim's logic is based on the belief that he remains the main body. That you should accommodate your movements to him, which is the main body. And I'm telling you, with regard to the cyber domain, he's not. You are."
And by the way? If I were in Jim Comey's job, I'd have Jim Comey's point of view. I understand. But I've never been in Jim Comey's job...my view on encryption is the same as [former Secretary of Homeland Security] Mike Chertoff's, it's the same as [former Deputy Secretary of Defense] Bill Lynn's, and it's the same as [former NSA director] Mike McConnell, who is one of my predecessors."
It's interesting for this opinion to be coming from this source.
[Continues.]
Another Take on FBI vs. Apple
There's a plenty of reason to believe that Apple complying with the FBI order is bad policy, it's legally shaky, and at least one of the people who makes the strongest arguments in this direction is now voting on a secret government board? What the heck is going on here?
What's going on is Justice Antonin Scalia is dead.
Had Justice Scalia not died unexpectedly a few days ago (notably before the Apple/FBI dustup) and had the FBI pursued the case with it landing finally in the Supreme Court, well the FBI would have probably won the case 5-4. Maybe not, but probably.
With Justice Scalia dead and any possible replacement locked in a Republican-induced coma, the now eight-member Supreme Court has nominally four liberal and four conservative justices but at least 1.5 of those conservatives (Justice Kennedy and sometimes Chief Justice Roberts) have been known to turn moderate on certain decisions. This smaller court, which will apparently judge all cases for the next couple years, is likely to be more moderate than the Scalia Court ever was.
So if you are a President who is a lawyer and former teacher of constitutional law and you've come over time to see that this idea of secret backdoors into encrypted devices is not really a good idea, but one that's going to come up again and again pushed by nearly everyone from the other political party (and even a few from your own) wouldn't right now be the best of all possible times to kinda-sorta fight this fight all the way to the Supreme Court and lose?
If it doesn't go all the way to the Supremes, there's no chance to set a strong legal precedent and this issue will come back again and again and again. That's what I am pretty sure is happening.
takyon: Apple's deadline to respond to the court's order has been extended from Tuesday to Friday. Twitter, Facebook, and Steve Wozniak have expressed support for Apple's position. Here's a blog post describing how Apple could potentially comply with the FBI's request.
(Score: 5, Insightful) by gman003 on Saturday February 20 2016, @01:05AM
"The issue here is end-to-end, unbreakable encryption—should American firms be allowed to create such a thing?"
General Hayden implies several very crucial facts:
1) This is an artificial limitation. It is not a question of "can it be done?", but a question of "should we allow ourselves to do it?"
2) This limit only applies to Americans. It doesn't matter what laws Congress passes - any other country can have unbreakable encryption, should their government not forbid it.
This leads to several questions:
A) Will the law forbid Americans from buying foreign-made encryption?
B) Why would foreigners use American encryption, when it is known to be broken?
C) What stops someone from breaking that law?
(A) is interesting, because encryption is used in so many products that you would essentially have to ban foreign software, which I'm pretty sure would break some trade agreements. And if allowed, it would put Americans in a very weird position where buying foreign software is actually a more safe bet than buying American. Even if it may be broken, by another government, it is still only a chance vs. an absolute certainty. It may be 99% likely that a given Chinese-made browser is backdoored by the PRC, but that's still 1% better than the American-made one. And in turn, that means that foreign intelligence agencies may end up with easier access to American data, while our own intelligence agencies don't have a usable legal means of doing so.
(B) is the flip side to A. Who will buy Windows, once it's known to have a back door? (It's worth bearing in mind the origin of the phrase - the back door is left unlocked, the only thing protecting it is it's non-obviousness. Even if you don't care about the CIA reading your files, the back door could be used by anyone once it's found, and if it's publicly announced to exist, it will quickly be found). Or Oracle? Or from Apple? The tech industry is one of America's strongest industries, and hobbling our crypto would in turn trash our economy.
(C) is the real dealbreaker. We are discussing an artificial limitation. Encryption is merely math. The knowledge is there, and even if you hide it, it can still be derived from whatever math you allow. Someone who really wants to keep a secret can simply write their own software, even if you completely ban domestic production or importing of it. It isn't even that hard, in the grand scheme of things. Writing a crypto system from the ground-up is far easier (to me, at least) than executing a terrorist attack.
So mandating backdoors a) can't be done without breaking major trade agreements, b) will trash one of the best sectors in our economy, and c) is mathematically impossible.
Sounds like a bad idea to me, but what do I know?
(Score: 3, Interesting) by gman003 on Saturday February 20 2016, @01:49AM
Addendum:
I think the government has taken the exact wrong stance on encryption. We should be promoting it wherever possible.
We should have, completely separate from any intel-gathering agencies, a Cyber-Security department. Have them produce encryption software - with no backdoors. Make it open-source to prove it. Make it free for anyone to use. Americans using it will be protected from opposing nation's spy agencies, and (since crypto is part of general security) it will defend our vulnerable infrastructure from cyber-attack. Foreigners in allied nations will benefit from easier secure communications with Americans. Foreigners in enemy nations can use it to resist their freedom-hating secret police (think about what would happen to China if the Great Firewall were even more easily breached). After all, America is supposed to be the Good Guys, right? And if we're truly the good guys, spreading access to the truth can only garner more support.
Will our enemies use it? Perhaps. If I were a terrorist, I'm not sure I would trust American-made crypto, no matter how many audits were done. Will they benefit from it? Probably some of them. Counting network effects, definitely - non-American crypto vendors will have to step up their game to keep up.
I might even go so far as to have the Department of Cyber Security act as a sort of socialized auditing group. If your company is based in America (and pays American taxes as such), you get free checking of your security-sensitive code. Microsoft and Apple and Google probably don't need it, but all the tiny code shops would benefit. (I'm not 100% sure this is a good idea, I'd have to consider side-effects further, but it at least passes initial sanity checks for a good idea)
And if the NSA or CIA or FBI or DOD come begging for a backdoor... the DCS needs to tell them to fuck right off. Codify it in law that deliberately weakening American encryption is illegal. Even for one-off cases. Maybe put them under an agency with no desire to do otherwise - the Department of the Treasury, maybe? The Secret Service was moved to DHS a while back, so I think they're both unlikely to want broken crypto, and have the clout to defy the spy orgs.
(Score: 4, Interesting) by physicsmajor on Saturday February 20 2016, @05:29PM
Completely agree. What's more, we even have the perfect agency for this job already in place... and they need a new purpose.
The US Postal Service.
They are trusted with our physical correspondence. They have the highest trust ratings by far of any government agency. Who better to have manage a centralized, open, secure system of communication? Would you pay 1-3 cents to have an electronic message verifiably delivered securely?
(Score: 3, Informative) by jelizondo on Saturday February 20 2016, @03:35AM
Way back when, it was actually a crime to export cryptographic software or devices made in the U.S., they were classified as munitions [wikipedia.org], i.e. weapons of war...
Phil Zimmermann [wikipedia.org], the creator of PGP, was the subject of a criminal investigation because of his contributions to safe email.
So, there is nothing new. It has been tried and it failed, what makes them think this time it will work?
Terrorists, criminals and others will find plenty to choose from [theintercept.com] and breaking the U.S. law is not going to stop them, they already are criminals!
Damn idiots with short memories!
(Score: 0) by Anonymous Coward on Saturday February 20 2016, @09:02AM
Not a problem. Windows is now free. You get what you pay for.