Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 11 submissions in the queue.
posted by mrpg on Monday October 30 2017, @09:00AM   Printer-friendly
from the unsweetened-sugar dept.

Submitted via IRC for SoyCow1

Trump's Department of Justice is trying to get a do-over with its campaign to get backdoors onto iPhones and into secure messaging services. The policy rebrand even has its own made-up buzzword. They're calling it "responsible encryption."

After Deputy Attorney General Rod J. Rosenstein introduced the term in his speech to the U.S. Naval Academy, most everyone who read the transcript was doing spit-takes at their computer monitors. From hackers and infosec professionals to attorneys and tech journalists, "responsible encryption" sounded like a marketing plan to sell unsweetened sugar to diabetics.

Government officials -- not just in the U.S. but around the world -- have always been cranky that they can't access communications that use end-to-end encryption, whether that's Signal or the kind of encryption that protects an iPhone. The authorities are vexed, they say, because encryption without a backdoor impedes law-enforcement investigations, such as when terrorist acts occur.

[...] "Look, it's real simple. Encryption is good for our national security; it's good for our economy. We should be strengthening encryption, not weakening it. And it's technically impossible to have strong encryption with any kind of backdoor," said Rep. Will Hurd (R-Texas), when asked about Rosenstein's proposal for responsible encryption at The Atlantic's Cyber Frontier event in Washington, D.C.

Source: Great, now there's 'responsible encryption'


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by bzipitidoo on Monday October 30 2017, @03:23PM (2 children)

    by bzipitidoo (4388) on Monday October 30 2017, @03:23PM (#589467) Journal

    It's not just the DoJ. The US military keeps asking for unbreakable security that they can break. Been doing that for at least 30 years. Takes them on the order of 5 to 10 years to approve computer hardware, by which time of course it is not manufactured any more because it is obsolete. Naturally the military has lots of money to throw around and can persuade manufacturers to crank out obsolete equipment, but that doesn't help much because not only has all the software also moved on, there are few people left who still know how to use the old stuff. Firefox 50 simply will not be usable on a 1990s era Pentium computer with only 64M RAM. Can't go back to Netscape 4, it doesn't understand HTML5, and won't work on most websites, plus there are, oh, thousands of security fixes.

    Children? More like, so adult, they're into their second childhood. These bureaucrats are like cranky, suspicious, senile old men demanding that all the cars have their carburettors serviced and points replaced, and think that explanations that in the 1970s and 1980s electronic ignition replaced points and fuel injection replaced carburettors, is just a bunch of made up bull to dodge work and evade responsibility.

    I recently learned that just trying to fax a document can be a major pain in the rear. And why would anyone want to fax? Because they don't believe email can be secure. They don't want to be bothered with public key encryption. But faxes, now, that's security, that's HIPAA compliant! If it's any security at all, it's security through obsolescence. Faxes can be sent over VoIP telephony but it's not easy, may have to slow it down, and try several times. Really need a genuine land line. I dug out some old equipment that could fax. I find that manufacturers are dropping fax functionality from newer all-in-ones. Tried an old HP all-in-one, and the damned thing threw a fit over the ink cartridges, as it is programmed to do of course. Forces the user to wait 10 minutes while it tries and tries to align the ink cartridges, won't let that step be skipped. When it finally gives up, it might consent to let you use the scanner and fax parts. To avoid that I turned to my old 56K US Robotics external faxmodem. To use it I had to find a computer with a serial port, which became uncommon in the last decade. I suppose there are USB to RS232 adapters, or external modems that connect via USB, but that would mean more time and expense. I finally managed to fax a few documents over a VoIP, using a circa 2001 Pentium 4 PC with a genuine serial port to operate the external faxmodem.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2, Informative) by insanumingenium on Monday October 30 2017, @06:18PM (1 child)

    by insanumingenium (4824) on Monday October 30 2017, @06:18PM (#589572) Journal
    Let's get to the bottom of your fax problem. We have a legally recognized expectation of privacy on those outdated POTS lines. Legal fiction it may be, but it has stood the test of time.

    Why can't we just treat all telecom services (including Internet) as we do most common carriers and give a legally recognised expectation of privacy?

    P.S. If you run it over VoIP, you aren't HIPPA compliant anymore.

    P.P.S. Yes I realize that spreading that legal fiction to Internet services won't reduce the need for encryption. Having that expectation of privacy would be a nice first step though.
    • (Score: 4, Insightful) by bzipitidoo on Monday October 30 2017, @07:09PM

      by bzipitidoo (4388) on Monday October 30 2017, @07:09PM (#589605) Journal

      > If you run it over VoIP, you aren't HIPPA compliant anymore.

      Quite true. But that didn't matter in the least, not to me. What mattered was that the bureaucrats at the big health insurer would accept it, whereas they would not accept the exact same document via email. They didn't ask what kind of line I was on, and I sure didn't volunteer that info.

      One really funny thing in a sad way is that these were legal documents-- living will and physician directives kind of stuff-- that started with the quaint legalese: "know all men..." IOW, they were meant to be public.

      I've gotten to where I really loathe the HIPAA excuse. Been used too many times as a barrier to deny services and in general make things difficult for the patient. It's the medical community's goto excuse for why they can't modernize their record keeping and get away from the ridiculous paper forms they still ask patients to fill out, why they can't tell you the results of the tests they ran on you, why they can't talk to a pharmacy, why they can't explain their prices, or whatever it is they actually could do but don't feel like doing.