Stories
Slash Boxes
Comments

SoylentNews is people

Attorney General Nominee Jeff Sessions Backs Crypto Backdoors

posted by on Wednesday January 25 2017, @11:22AM   Printer-friendly
from the ROT-13-is-too-secure dept.

takyon writes:

Like other politicians and government officials, President Trump's nominee for the position of Attorney General, Jeff Sessions, wants to have it both ways when it comes to encryption:

At his confirmation hearing, Sessions was largely non-committal. But in his written responses to questions posed by Sen. Patrick Leahy, however, he took a much clearer position:

Question: Do you agree with NSA Director Rogers, Secretary of Defense Carter, and other national security experts that strong encryption helps protect this country from cyberattack and is beneficial to the American people's' digital security?

Response: Encryption serves many valuable and important purposes. It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national-security and criminal investigations.

Despite Sessions' "on the one hand, on the other" phrasing, this answer is a clear endorsement of backdooring the security we all rely on. It's simply not feasible for encryption to serve what Sessions concedes are its "many valuable and important purposes" and still be "overcome" when the government wants access to plaintext. As we saw last year with Sens. Burr and Feinstein's draft Compliance with Court Orders Act, the only way to give the government this kind of access is to break the Internet and outlaw industry best practices, and even then it would only reach the minority of encryption products made in the USA.

Related: Presidential Candidates' Tech Stances: Not Great

Original Submission

 
This discussion has been archived. No new comments can be posted.
Attorney General Nominee Jeff Sessions Backs Crypto Backdoors | Log In/Create an Account | Top | 45 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by urza9814 on Friday January 27 2017, @01:22AM

    by urza9814 (3954) on Friday January 27 2017, @01:22AM (#459244) Journal

    Let's say you have a cryptographic system where there is an algorithm that uses a publicly available constant in the process. This algorithm would be framed so that a private constant can be used to reduce the complexity of cracking a key to something that could be accomplished with a very large supercomputer. Maybe new constants are published at regular intervals to reduce issues with leaks of the private constant and maybe encryption users could regularly decrypt and re-encrypt using the newer constant to prevent older encrypted data from becoming less secure over time.

    You've already got a problem. You can't re-encrypt to make the data more secure, because someone may already have a copy of the data that used the old encryption keys. Or you might just forget to re-encrypt an old copy that's sitting on your backup server. You can't assume that the criminal is only trying to break into live data. They'll take the data and sit on it for a few months or even years, and until they crack it, you may not even know it's been stolen (and even then you still might not know). In fact, *they already do this*. Thankfully, most encryption schemes are designed to last quite a few years, and hopefully the data they protect is useless by the time they can be cracked...but yeah, that's another scheme that just makes things easier for the criminals.

    Any encryption scheme designed to be broken is, well, broken.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2