The Intercept reports on an email obtained by The Washington Post: Top [Intelligence] Lawyer Says Terror Attack Would Help Push for Anti-Encryption Legislation:
The intelligence community's top lawyer, Robert S. Litt, told colleagues in an August email obtained by the Washington Post that Congressional support for anti-encryption legislation "could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement." So he advised "keeping our options open for such a situation."
[...] A senior official granted anonymity by the Post acknowledged that the law enforcement argument is "just not carrying the day." He told the Post reporters: "People are still not persuaded this is a problem. People think we have not made the case. We do not have the perfect example where you have the dead child or a terrorist act to point to, and that's what people seem to claim you have to have."
On Tuesday, Amy Hess, a top FBI official, told reporters that the bureau has "done a really bad job collecting empirical data" on the encryption problem. FBI Director James Comey has attempted to provide examples of how law enforcement is "going dark," but none have checked out. Only Manhattan District Attorney Cyrus Vance has been able to provide an example of encrypted technology maybe blocking one possible lead in a murder investigation.
Litt was commenting on a draft options paper from the National Security Council that includes three proposals for the Obama Administration: oppose compulsory backdoor legislation and come out in favor of encryption, defer any decisions until after an open consultation, or do nothing. No option calling for backdoors was included.
In other news, the EFF has issued its first certificate as part of the Let's Encrypt initiative. Microsoft researchers have published a paper and code (MIT license) for FourQ, a new and faster elliptic curve cryptography implementation. Cryptome's John Young has announced that some of his public PGP keys have been compromised.
Related:
June 7: FBI Official: "Build Technological Solutions to Prevent Encryption Above All Else"
July 30: Ex-Intelligence Officials Support Encryption in Editorial
September 10: Justice Department Considered Suing Apple Over iMessage Encryption
(Score: 0) by Anonymous Coward on Friday September 18 2015, @06:16AM
Ooops, sorry about the clear-text links:
Legal Hacks [xkcd.com]
Squirrelphone [xkcd.com]
(Score: 2) by tangomargarine on Friday September 18 2015, @08:37PM
Why should I care whether my connection to XKCD is encrypted?
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by Anal Pumpernickel on Friday September 18 2015, @08:42PM
The more mundane things are encrypted, the more cover will be provided for activities that are more private in nature. We need to encrypt as much 'useless' stuff as possible.
(Score: 2) by Justin Case on Saturday September 19 2015, @11:43AM
So that you get the actual XKCD content and not injected ads and malware.
(Score: 2) by tangomargarine on Sunday September 20 2015, @09:35PM
Is that a common problem with XKCD?
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by Justin Case on Sunday September 20 2015, @09:53PM
Yes, if in your part of the world XKCD is something that's delivered via the Internet.
Perhaps you haven't been paying attention. ISPs are injecting ads. China is injecting malware. Who knows what other asshats are corrupting things. They don't care what page you're viewing, they just want control of your machine and/or eyeballs.
(Score: 2) by tangomargarine on Sunday September 20 2015, @10:04PM
I'm already running NoScript and AdBlock, so whatever.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by Justin Case on Sunday September 20 2015, @10:25PM
Good for you. No, seriously. Now if we can get a few hundred million people to do the same, we wouldn't need https everywhere. Well, not as much.