Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 10 submissions in the queue.
posted by mrpg on Monday October 30 2017, @09:00AM   Printer-friendly
from the unsweetened-sugar dept.

Submitted via IRC for SoyCow1

Trump's Department of Justice is trying to get a do-over with its campaign to get backdoors onto iPhones and into secure messaging services. The policy rebrand even has its own made-up buzzword. They're calling it "responsible encryption."

After Deputy Attorney General Rod J. Rosenstein introduced the term in his speech to the U.S. Naval Academy, most everyone who read the transcript was doing spit-takes at their computer monitors. From hackers and infosec professionals to attorneys and tech journalists, "responsible encryption" sounded like a marketing plan to sell unsweetened sugar to diabetics.

Government officials -- not just in the U.S. but around the world -- have always been cranky that they can't access communications that use end-to-end encryption, whether that's Signal or the kind of encryption that protects an iPhone. The authorities are vexed, they say, because encryption without a backdoor impedes law-enforcement investigations, such as when terrorist acts occur.

[...] "Look, it's real simple. Encryption is good for our national security; it's good for our economy. We should be strengthening encryption, not weakening it. And it's technically impossible to have strong encryption with any kind of backdoor," said Rep. Will Hurd (R-Texas), when asked about Rosenstein's proposal for responsible encryption at The Atlantic's Cyber Frontier event in Washington, D.C.

Source: Great, now there's 'responsible encryption'


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by stormreaver on Monday October 30 2017, @01:03PM (6 children)

    by stormreaver (5101) on Monday October 30 2017, @01:03PM (#589419)

    The Department of Justice has said that they want to have an “adult conversation” about encryption.

    We tried having an adult conversation with the DoJ about encryption for 30 years, but they keep having a childish tantrum every time we try to engage what little adult brain matter they retain. They have proven over the decades that they are not adults, but rather are little children playing with big Government weapons that they want to level at the very people they are charged with protecting.

    If there are two agencies in the U.S. that cause more harm than good, they are the NSA and the TSA. We would all be better off with both of those agencies being immediately dismantled.

    Starting Score:    1  point
    Moderation   +4  
       Interesting=3, Informative=1, Total=4
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 3, Insightful) by bzipitidoo on Monday October 30 2017, @03:23PM (2 children)

    by bzipitidoo (4388) on Monday October 30 2017, @03:23PM (#589467) Journal

    It's not just the DoJ. The US military keeps asking for unbreakable security that they can break. Been doing that for at least 30 years. Takes them on the order of 5 to 10 years to approve computer hardware, by which time of course it is not manufactured any more because it is obsolete. Naturally the military has lots of money to throw around and can persuade manufacturers to crank out obsolete equipment, but that doesn't help much because not only has all the software also moved on, there are few people left who still know how to use the old stuff. Firefox 50 simply will not be usable on a 1990s era Pentium computer with only 64M RAM. Can't go back to Netscape 4, it doesn't understand HTML5, and won't work on most websites, plus there are, oh, thousands of security fixes.

    Children? More like, so adult, they're into their second childhood. These bureaucrats are like cranky, suspicious, senile old men demanding that all the cars have their carburettors serviced and points replaced, and think that explanations that in the 1970s and 1980s electronic ignition replaced points and fuel injection replaced carburettors, is just a bunch of made up bull to dodge work and evade responsibility.

    I recently learned that just trying to fax a document can be a major pain in the rear. And why would anyone want to fax? Because they don't believe email can be secure. They don't want to be bothered with public key encryption. But faxes, now, that's security, that's HIPAA compliant! If it's any security at all, it's security through obsolescence. Faxes can be sent over VoIP telephony but it's not easy, may have to slow it down, and try several times. Really need a genuine land line. I dug out some old equipment that could fax. I find that manufacturers are dropping fax functionality from newer all-in-ones. Tried an old HP all-in-one, and the damned thing threw a fit over the ink cartridges, as it is programmed to do of course. Forces the user to wait 10 minutes while it tries and tries to align the ink cartridges, won't let that step be skipped. When it finally gives up, it might consent to let you use the scanner and fax parts. To avoid that I turned to my old 56K US Robotics external faxmodem. To use it I had to find a computer with a serial port, which became uncommon in the last decade. I suppose there are USB to RS232 adapters, or external modems that connect via USB, but that would mean more time and expense. I finally managed to fax a few documents over a VoIP, using a circa 2001 Pentium 4 PC with a genuine serial port to operate the external faxmodem.

    • (Score: 2, Informative) by insanumingenium on Monday October 30 2017, @06:18PM (1 child)

      by insanumingenium (4824) on Monday October 30 2017, @06:18PM (#589572) Journal
      Let's get to the bottom of your fax problem. We have a legally recognized expectation of privacy on those outdated POTS lines. Legal fiction it may be, but it has stood the test of time.

      Why can't we just treat all telecom services (including Internet) as we do most common carriers and give a legally recognised expectation of privacy?

      P.S. If you run it over VoIP, you aren't HIPPA compliant anymore.

      P.P.S. Yes I realize that spreading that legal fiction to Internet services won't reduce the need for encryption. Having that expectation of privacy would be a nice first step though.
      • (Score: 4, Insightful) by bzipitidoo on Monday October 30 2017, @07:09PM

        by bzipitidoo (4388) on Monday October 30 2017, @07:09PM (#589605) Journal

        > If you run it over VoIP, you aren't HIPPA compliant anymore.

        Quite true. But that didn't matter in the least, not to me. What mattered was that the bureaucrats at the big health insurer would accept it, whereas they would not accept the exact same document via email. They didn't ask what kind of line I was on, and I sure didn't volunteer that info.

        One really funny thing in a sad way is that these were legal documents-- living will and physician directives kind of stuff-- that started with the quaint legalese: "know all men..." IOW, they were meant to be public.

        I've gotten to where I really loathe the HIPAA excuse. Been used too many times as a barrier to deny services and in general make things difficult for the patient. It's the medical community's goto excuse for why they can't modernize their record keeping and get away from the ridiculous paper forms they still ask patients to fill out, why they can't tell you the results of the tests they ran on you, why they can't talk to a pharmacy, why they can't explain their prices, or whatever it is they actually could do but don't feel like doing.

  • (Score: 0) by Anonymous Coward on Monday October 30 2017, @05:06PM (2 children)

    by Anonymous Coward on Monday October 30 2017, @05:06PM (#589534)

    If there are two agencies in the U.S. that cause more harm than good, they are the NSA and the TSA. We would all be better off with both of those agencies being immediately dismantled.

    I'm assuming you are an American. If not, then your opinion about US policy and doing harm doesn't mean much, as those agencies are supposed to cause harm to US enemies.

    I don't know all the stuff the NSA does, as most of them are US government secrets. However, think about two worlds:

    1) The US government has no organization which handles computer security and espionage. Everything is done piecemeal, through individual departments or outsourced contracts.
    2) The US government has an organization which handles computer security and espionage.

    The first world seems a lot more dangerous to the US people than the second one does. So overall, I imagine the NSA has been at least neutral, despite the bad things they have undoubtedly done.

    (Extending it onward, when I personally do the same exercise for the TSA, I think the first world is better so the TSA should be abolished...)

    • (Score: 3, Interesting) by HiThere on Monday October 30 2017, @05:55PM

      by HiThere (866) on Monday October 30 2017, @05:55PM (#589556) Journal

      There is very little evidence that the NSA has done anything to improve security in the last decade. The amount they have done in the last three decades is dubious. They appear to have concentrated so much on espionage that they've either ignored or intentionally weakened security with every decision they have made or policy they have promoted.

      I'm not really of the opinion that the NSA should be totally abandoned, but I think it should be split into two agencies, one for security and the other for espionage, and that the security should get between three and seven times the budget of the espionage agency. And that they should have entirely separate reporting and management chains of command. The spooks have proven too willing to use subterfuge to be trusted with even an indirect say in the policies of the security agency.

      --
      Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
    • (Score: 3, Informative) by Anal Pumpernickel on Tuesday October 31 2017, @12:29AM

      by Anal Pumpernickel (776) on Tuesday October 31 2017, @12:29AM (#589785)

      I'm assuming you are an American. If not, then your opinion about US policy and doing harm doesn't mean much, as those agencies are supposed to cause harm to US enemies.

      They cause harm to to the US itself by violating the highest law of the land. The people in these organizations who violate the Constitution and the ones who are responsible for their treacherous actions should be in prison, or they would be if our system made sense at all. Mass surveillance should be completely banned in all circumstances, as not only is it a violation of people's freedoms (whether foreign or not), but it makes it impossible to avoid collecting the data of actual citizens given the global nature of the Internet.

      The problem of the government violating the Constitution inherently does far more damage than any amount of terrorists or foreign powers could ever do, so the mere fact that the NSA is violating the Constitution makes it evil to me.