SoylentNews is people
SoylentNews
Like other politicians and government officials, President Trump's nominee for the position of Attorney General, Jeff Sessions, wants to have it both ways when it comes to encryption:
At his confirmation hearing, Sessions was largely non-committal. But in his written responses to questions posed by Sen. Patrick Leahy, however, he took a much clearer position:
Question: Do you agree with NSA Director Rogers, Secretary of Defense Carter, and other national security experts that strong encryption helps protect this country from cyberattack and is beneficial to the American people's' digital security?
Response: Encryption serves many valuable and important purposes. It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national-security and criminal investigations.
Despite Sessions' "on the one hand, on the other" phrasing, this answer is a clear endorsement of backdooring the security we all rely on. It's simply not feasible for encryption to serve what Sessions concedes are its "many valuable and important purposes" and still be "overcome" when the government wants access to plaintext. As we saw last year with Sens. Burr and Feinstein's draft Compliance with Court Orders Act, the only way to give the government this kind of access is to break the Internet and outlaw industry best practices, and even then it would only reach the minority of encryption products made in the USA.
Related: Presidential Candidates' Tech Stances: Not Great
(Score: 3, Interesting) by TheRaven on Wednesday January 25 2017, @01:13PM
It's not quite the same. The problem with encryption for DRM is that encryption assumes two cooperating parties and one or more adversaries, but in DRM one of the cooperating parties is also the adversary. They have to be in the state of both having the key (to access the content) and not having the key (for the DRM to be secure). The only way that this can be made to work is if the user doesn't control their own playback device and is not able / allowed to reverse engineer it.
With encryption, if you want the government to be able to break it, then you must either make it weak enough that government-owned computers can break it (difficult to do if you don't also want to be able to let other people break it, especially for something that has a lifetime of years) or you have to use a more complicated cryptosystem where there are two decryption keys, one used by the intended recipient and one held by the company. Or you can make the system insecure, but not the crypto by allowing remote logins that can access the plaintext, again secured by a key held by the author of the software.
The first problem with all of these approaches is that they rely on the organisation that controls the master key being able to store it securely in such a way that no one is able to infiltrate the company and exfiltrate the key, externally compromise the systems that store the key, or simply work out what the key is based on flaws in the crypto implementation.
The other flaw with this approach is that it assumes that all communication systems come from big companies and are black boxes. Even with traditional mail, there's nothing that you can do to stop two people exchanging a one-time pad in person and then sending completely secure letters to each other through the post. With encryption systems, there are thousands of off-the-shelf open source solutions and even books that contain source code listings for implementing algorithms that, with a sensible key length, are well beyond the ability of any government agency to crack. Gun advocates like to claim that if guns are outlawed then only outlaws will have guns. The analogy would be equivalent for encryption, if there were gun stalls on every street that would hand out free guns to anyone who walked past and most businesses depended on armed guards.
sudo mod me up
(Score: 3, Interesting) by Grishnakh on Wednesday January 25 2017, @05:34PM
Well one thing I think you're missing is that, just like with DRM where reverse-engineering can be simply banned, with mandated backdoored encryption, the use of unapproved encryption can be banned. Sure, you can say that "only criminals" will use it, but with ubiquitous surveillance, it wouldn't be that hard for the government to monitor communications and make sure they're using one of the approved encryption services. It wouldn't be perfect; someone could of course resort to steganography or something and send people big JPEGs with short, simple messages hidden in them, or the like, but if you want to exchange serious amounts of data, it's going to be hard to hide that from the enforcers using automated systems.
(Score: 2) by MostCynical on Wednesday January 25 2017, @10:38PM
USB drives, SD cards, or something custom-built, hidden in a toy (something with electronics), sent by mail.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 2) by TheRaven on Thursday January 26 2017, @09:54AM
The only way to tell if encrypted traffic is government-approved encrypted traffic is to decrypt a large enough sample that you can tell. Even then, there are cryptosystems that give two different real-seeming plaintexts depending on the key that you use, so it probably wouldn't be too hard to put together something that produced a plausible looking stream of words for the NSA but the real message for the intended recipient. It wouldn't stand up to human inspection, but by the time that they've focused on you as a target then you're past the point where having them know that you're using encryption is a problem.
Even then, you're ignoring how effective modern steganography is. For example, linguistic steganography works by taking a known passage and permuting typos and punctuation to encode a message. You can take, for example, the GN?? troll, and post minor variations of it on Slashdot. Each one encodes a message, but unless you know the meaning of the permutations you have no way of distinguishing it from various mechanisms for trying to get past spam filters. Or you can take a generic spam and send it to a million people, including the intended recipient. Traffic analysis won't help the adversary identify the recipient because, in both cases, it goes to a load of people who aren't the intended recipient, and they all ignore it as spam. If you're serious about evading the government, this is quite easy to do, so all this kind of law would do is make legitimate financial transactions less secure.
Amusingly, the original version of this post did not redact GN?? and so triggered the spam filter here.
sudo mod me up