SoylentNews is people
SoylentNews
Like other politicians and government officials, President Trump's nominee for the position of Attorney General, Jeff Sessions, wants to have it both ways when it comes to encryption:
At his confirmation hearing, Sessions was largely non-committal. But in his written responses to questions posed by Sen. Patrick Leahy, however, he took a much clearer position:
Question: Do you agree with NSA Director Rogers, Secretary of Defense Carter, and other national security experts that strong encryption helps protect this country from cyberattack and is beneficial to the American people's' digital security?
Response: Encryption serves many valuable and important purposes. It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national-security and criminal investigations.
Despite Sessions' "on the one hand, on the other" phrasing, this answer is a clear endorsement of backdooring the security we all rely on. It's simply not feasible for encryption to serve what Sessions concedes are its "many valuable and important purposes" and still be "overcome" when the government wants access to plaintext. As we saw last year with Sens. Burr and Feinstein's draft Compliance with Court Orders Act, the only way to give the government this kind of access is to break the Internet and outlaw industry best practices, and even then it would only reach the minority of encryption products made in the USA.
Related: Presidential Candidates' Tech Stances: Not Great
(Score: 2) by LoRdTAW on Wednesday January 25 2017, @01:54PM
I'd say it's more akin to allowing johnny law to have a skeleton key to every lock "just in case". Once that key is discovered and copied, it's all over and there is no going back. A free for all will ensue.
(Score: 3, Informative) by darnkitten on Wednesday January 25 2017, @05:41PM
Already have 'em... [knoxbox.com]
They're intended for fire departments, but...
(Score: 2) by urza9814 on Friday January 27 2017, @12:53AM
1) They're not on every lock. They're on apartments and office buildings which voluntarily decided to grant that access. I have no problem with the government having a program where I can voluntarily submit my encryption key. I wouldn't, but they're free to provide a drop box for 'em.
2) It's not a single master key, it's a different key for every local fire department. Much less risk. But of course, you can't really do that with crypto as it isn't tied to a physical location.
3) I believe most building codes specify that your front door has to be weak enough that the fire department can break it down. In the commercial buildings where these things are installed, the doors are often glass. So if they didn't have these keys they'd just use "brute force" and break through the door, which would probably be *faster* than using the key anyway. So unlike crypto keys, physical keys don't actually offer much protection to begin with.
4) Those boxes should be installed so they trip the building alarms when opened. In a fire, it doesn't matter, because the alarm is already going off. If you open one to try to break in when there ISN'T a fire, you're going to have the whole damn building coming towards you wondering what the hell is going on.
(Score: 2) by tibman on Wednesday January 25 2017, @07:00PM
Here, you can 3d print TSA master keys: https://github.com/Xyl2k/TSA-Travel-Sentry-master-keys [github.com]
SN won't survive on lurkers alone. Write comments.