SoylentNews is people
SoylentNews
from the trust-us-we're-the-government dept.
The Washington Post has a story which says:
FBI Director Christopher A. Wray on Tuesday renewed a call for tech companies to help law enforcement officials gain access to encrypted smartphones, describing it as a "major public safety issue."
Wray said the bureau was unable to gain access to the content of 7,775 devices in fiscal 2017 — more than half of all the smartphones it tried to crack in that time period — despite having a warrant from a judge.
"Being unable to access nearly 7,800 devices in a single year is a major public safety issue," he said, taking up a theme that was a signature issue of his predecessor, James B. Comey.
Wray was then quoted as saying:
"We're not interested in the millions of devices of everyday citizens," he said in New York at Fordham University's International Conference on Cyber Security. "We're interested in those devices that have been used to plan or execute terrorist or criminal activities."
He then went on to promote the long-disparaged idea of key escrow:
As an example of a possible compromise, Wray cited a case from New York several years ago. Four major banks, he said, were using a chat messaging platform called Symphony, which was marketed as offering "guaranteed data deletion." State financial regulators became concerned that the chat platform would hamper investigations of Wall Street.
"In response," Wray said, "the four banks reached an agreement with the regulators to ensure responsible use" of Symphony. They agreed to keep a copy of their communications sent through the app for seven years and to store duplicate copies of their encryption keys with independent custodians not controlled by the banks, he said.
To me this is more of the utter nonsense the government has spouted. When will they understand that key escrow only works when one trusts the government and the keeper of the keys?
Previously:
(Score: 0) by Anonymous Coward on Wednesday January 10 2018, @01:19PM (1 child)
I don't where this logic could go, but I don't get to choose my own facts.
To implement an unlocking scheme Apple would have to have a 'master key' to unlock a phone.
With PKI, unlocking a phone should not disclose the key.
There is risk that the key will get stolen and then anybody could unlock it.
The risk is greater if they only have one master key for all phones, but that is fixable in the implementation.
I would rather this did not happen, but doesn't Apple already effectively have this in their ability to update phones?
Or hopefully the update is enabled only after the user logs onto the phone?
In which case, they would only have the ability during the update process.
(Score: 2) by jmorris on Wednesday January 10 2018, @05:09PM
While we are checking in with reality, here are a few more.
They already have one. That is my big problem in the current crypto wars. It IS NOT the big companies like Apple, Google, Samsung, etc. fighting to protect us. They fight to keep an exclusive hold on us and assert that they, not the State, is our primary owner. WE get screwed both ways. Apple, etc. can unlock any phone it wants, any time it wants so long as it can either get physical possession or it is connected to the network. He who can control a thing, he who can destroy a thing, owns that thing. The Feds know this and are demanding they unlock one when, as the owner in fact of the device, they are served with a valid warrant.
The article summary / commentary is also wrong:
Nope. Escrow works if A trusts B and C trusts B, A does not have to trust C, C does not need to trust A and B need not trust A or C. That is the whole point of escrow in general. In our current decaying society though, trusting anybody or anything is a bad idea.
I want an option where I own and control my shit. Nobody in power is talking about that and seems terrified of the idea so IDGAF.