Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 13 submissions in the queue.

New Paper on The Risks of "Responsible Encryption"

posted by mrpg on Sunday February 18 2018, @11:06AM   Printer-friendly
from the double-speak dept.

canopic jug writes:

Riana Pfefferkorn, a Cryptography Fellow at the Center for Internet and Society at Stanford Law School, has published a whitepaper on the risks of so-called "responsible encryption". This refers to inclusion of a mechanism for exceptional access by law enforcement to the cleartext content of encrypted messages. It also goes by the names "back door", "key escrow", and "golden key".

Federal law enforcement officials in the United States have recently renewed their periodic demands for legislation to regulate encryption. While they offer few technical specifics, their general proposal—that vendors must retain the ability to decrypt for law enforcement the devices they manufacture or communications their services transmit—presents intractable problems that would-be regulators must not ignore.

However, with all that said, a lot more is said than done. Some others would make the case that active participation is needed in the democratic process by people knowledgeable in use of actual ICT. As RMS has many times pointed out much to the chagrin of more than a few geeks, "geeks like to think that they can ignore politics, you can leave politics alone, but politics won't leave you alone." Again, participation is needed rather than ceding the whole process, and thus its outcome, to the loonies.

Source : New Paper on The Risks of "Responsible Encryption"

Related:
EFF : New National Academy of Sciences Report on Encryption Asks the Wrong Questions
Great, Now There's "Responsible Encryption"

Original Submission

 
This discussion has been archived. No new comments can be posted.
New Paper on The Risks of "Responsible Encryption" | Log In/Create an Account | Top | 52 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by NotSanguine on Sunday February 18 2018, @05:19PM (5 children)

    by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Sunday February 18 2018, @05:19PM (#639744) Homepage Journal

    Secure communication has become an oxymoron.

    Really? Here's an encrypted reply (see below) to your assertion, encoded to base64 to ease its display here.

    Please do reply once you've been able to (trivially, if you're correct) decrypt it. Good luck with that!

    hQIMA+IW3S5wXNlHAQ/9GYV1Ud7g8fz4LP9MBB0UQxOj/BE6q00nbR4xo2GLoEzCVC3oqXVO9NbT
    Moi/c4hGkeScImF+eczPBkxlQfVp+WzUXsHjb87smWxScv6MNcT6nxJMZFbKSfhTP1xwFWqoU8Fp
    OvSkLrvkTMj4C0pdTRXs7ZoXcsrapGRTXCN5qZz7blAu+MS4gnk28zsGPZkbzgiV7MAAgiwQzvoQ
    S5ndpgCnxxO+jT63TZ+Psc6dQaK4lVDmQHzJYozzkcyzwJZl3On3MjAs6LL2ChRvtklOzKwoTRwL
    Qc9dR4EYKfFmh5DWpe6pSiQk4dQanU+yUiex4qp4Hypj10IoWvU+yNxqUETbMyfTyDDSXP1yIxrV
    pxQVUwA5xE/HzXAo4W5rxr1eTMMVKmbrYeIsq7y+xLSQUPUbfPoQUWimRfrTZo/KYT7S6gFfyNOG
    78mlg540xpgUDFljScI9FrIAB6gLGefhJBdDy2m7Cpm4di3FS1hYCrM39tPz1iXXsAoKkvaBuySl
    S2de/K1FY8zk/zVZL0FXeQVLNs7igflKobgo/bpbUnlr5O6h60g8UOv9D7l9RcSB/1ItE94f6EQP
    MVBpjiVqufm1NkvY7VephT0CiP05OMFdecth85/IOYxoeyzA6h5B4nkXUYFVhU75ntppoS9Id6rs
    iXhRuDliLK/+63vq0CbSwNUBC+rPQ8XrxgSHN/w6sUZN95923c52IGwd1SPRC47yRYdBzNKrPEKx
    uFcxlGk7PMnP24z+8OU/KXQcS+Cw8WTbehO+I8pNxNHxI78g3FFFdqwVknChAz4V/ax0gKpF+0fb
    y0rHJZ5NskEHs4Q8oc6uPv5DwnLARKr/zrK4sHua0V4A3uvHqzFP2gW6SqQtC8NuzMSwkKBi96JR
    fZOdhrs9TP9kXd01gK2Jxvw1TGgQ/R2oHuqENUZnw1eHKZhxJHL6lYfPVoFCzTj/z4vNa0BqetCI
    fEVzO+UMHIiANi/sKkre6YXeSjnUp953qI2zBycC3zbbuiOg1dDEv+vunRgSi2A/6037yxa3kbh5
    +sioVdREiVuha0Z2ZslxxgA0ZfqT4wPWvgdcm8JtSPeFOv1O39/L1JKhDCF6X6g59UTOaKwHzW5G
    2kHZ4OYqlme0MCg92D9dSd/KdzG7EJ+WcDi9dOGzmNETZMUo38XHnRsWhsc0N7kAJe5EXh0xRsTb
    BvcbnJGW/UY25odQ7z6SNyD16ulbA4U=

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
    Starting Score:    1  point
    Moderation   +1  
       Troll=1, Insightful=1, Interesting=1, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 0) by Anonymous Coward on Sunday February 18 2018, @05:25PM

    by Anonymous Coward on Sunday February 18 2018, @05:25PM (#639745)

    mlm

  • (Score: 0) by Anonymous Coward on Sunday February 18 2018, @06:04PM (3 children)

    by Anonymous Coward on Sunday February 18 2018, @06:04PM (#639762)

    Here's an encrypted reply (see below) to your assertion, encoded to base64 to ease its display here.
    Please do reply once you've been able to (trivially, if you're correct) decrypt it. Good luck with that!

    Here you go: "Be Sure To Drink Your Ovaltine."

    • (Score: 3, Interesting) by NotSanguine on Sunday February 18 2018, @06:24PM (2 children)

      by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Sunday February 18 2018, @06:24PM (#639767) Homepage Journal

      Thanks! You made my point for me.

      Secure communication requires that those for whom such communications are intended have access to the means of encryption/decryption.

      As long as those folks are the *only* ones with those means, communication *can* be secure.

      Despite what others may think or blather on about, secure communications are not only possible, but actually happen all the time.

      What's more, even having the *decrypted* version of such a message doesn't necessarily compromise those means.

      --
      No, no, you're not thinking; you're just being logical. --Niels Bohr

      • (Score: 4, Interesting) by frojack on Sunday February 18 2018, @09:06PM (1 child)

        by frojack (1554) on Sunday February 18 2018, @09:06PM (#639811) Journal

        Despite what others may think or blather on about, secure communications are not only possible, but actually happen all the time.

        Sure, even SoylentNews uses TLS as a default. Technically it meets your definition of encryption. Is it secure? Chuckle.....

        My email mua is set up to use opportunistic encryption when ever it can. For mMaybe 5 people I know, this works all the time, every time. For the others, they ask me to resent every once in a while because they can't figure out how to get GPG/PGP working on their iPhone or their tablet. or some new toy, and they are away from their main computer.

        Every secure texting platform has been cracked. Some directly by decrypting the transmission, others by compromising the servers or device it runs on.

        So, NO secure communications do NOT happen all the time. The illusion of secure communication is alive and well, at least among some.

        --
        No, you are mistaken. I've always had this sig.

        • (Score: 3, Insightful) by NotSanguine on Sunday February 18 2018, @11:08PM

          by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Sunday February 18 2018, @11:08PM (#639842) Homepage Journal

          Despite what others may think or blather on about, secure communications are not only possible, but actually happen all the time.

          Sure, even SoylentNews uses TLS as a default. Technically it meets your definition of encryption. Is it secure? Chuckle.....

          My email mua is set up to use opportunistic encryption when ever it can. For mMaybe 5 people I know, this works all the time, every time. For the others, they ask me to resent every once in a while because they can't figure out how to get GPG/PGP working on their iPhone or their tablet. or some new toy, and they are away from their main computer.

          Every secure texting platform has been cracked. Some directly by decrypting the transmission, others by compromising the servers or device it runs on.

          So, NO secure communications do NOT happen all the time. The illusion of secure communication is alive and well, at least among some.

          Your points are certainly valid ones. I do however, disagree with your conclusion.

          What is secure communication [wikipedia.org]?

          Secure communication is when two entities are communicating and do not want a third party to listen in. For that they need to communicate in a way not susceptible to eavesdropping or interception.[1][2] Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what was said. Other than spoken face-to-face communication with no possible eavesdropper, it is probably safe to say that no communication is guaranteed secure in this sense, although practical obstacles such as legislation, resources, technical issues (interception and encryption), and the sheer volume of communication serve to limit surveillance.

          So yes, the idea that communication can be compromised in most circumstances is absolutely correct. As to the practicality of compromising communication that uses tools that make confidentiality (whispering, hand signals, encryption -- both of content and communications channels, etc., etc.) and/or integrity (face-to-face meetings, recognition signals, handwriting, digital signatures, etc.), that's pretty varied, depending on the methods and mechanisms of such "secure" communication.

          However, the likelihood of a compromise in inversely proportional to the quality of the security mechanisms *and* the effort used to apply them. Given the state of current knowledge and technology, I'm very comfortable saying that communications that *aren't* compromised (hence secure) happen all the time. Perhaps that's splitting hairs, but if so, that's a pretty important hair to split IMHO.

          --
          No, no, you're not thinking; you're just being logical. --Niels Bohr