Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 19 submissions in the queue.

DOJ: Strong Encryption That We Don't Have Access to is “Unreasonable”

posted by mrpg on Saturday November 11 2017, @10:46PM   Printer-friendly
from the fight-the-bad-fight dept.

MrPlow writes:

Submitted via IRC for SoyCow1984

"We have an ongoing dialogue with a lot of tech companies in a variety of different areas," he [Rod Rosenstein] told Politico Pro. "There's some areas where they are cooperative with us. But on this particular issue of encryption, the tech companies are moving in the opposite direction. They're moving in favor of more and more warrant-proof encryption."

[...] In the interview, Rosenstein also said he "favors strong encryption."

"I favor strong encryption, because the stronger the encryption, the more secure data is against criminals who are trying to commit fraud," he explained. "And I'm in favor of that, because that means less business for us prosecuting cases of people who have stolen data and hacked into computer networks and done all sorts of damage. So I'm in favor of strong encryption."

[...] He later added that the claim that the "absolutist position" that strong encryption should be by definition, unbreakable, is "unreasonable."

[...] Rosenstein closed his interview by noting that he understands re-engineering encryption to accommodate government may make it weaker.

"And I think that's a legitimate issue that we can debate—how much risk are we willing to take in return for the reward?" he said.

Source: https://arstechnica.com/tech-policy/2017/11/doj-strong-encryption-that-we-dont-have-access-to-is-unreasonable/

Original Submission

 
This discussion has been archived. No new comments can be posted.
DOJ: Strong Encryption That We Don't Have Access to is “Unreasonable” | Log In/Create an Account | Top | 68 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Interesting) by Anonymous Coward on Sunday November 12 2017, @01:05AM (2 children)

    by Anonymous Coward on Sunday November 12 2017, @01:05AM (#595805)

    There's things they could do that would result in "strong encryption" from anybody who doesn't have access to the device, that would severely weaken it if somebody could take it apart. Nobody does that because we don't really want phones and devices that can just be stolen and cracked in a few minutes. Ideally, it would take so long to break into the device that the data would no longer be of any value.

    Having a second private key that's hardwired into a section of the phone that's not accessible would allow people in easily if they have the phone, but barely reduce the strength of the encryption to people who don't have the phone in their possession.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Total Score:   1  

  • (Score: 3, Insightful) by MostCynical on Sunday November 12 2017, @02:15AM (1 child)

    by MostCynical (2589) on Sunday November 12 2017, @02:15AM (#595823) Journal

    Does this mean you have your passwords written on your monitor? Having a key ON the device seems to be the same thing...

    --
    "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex

    • (Score: 0) by Anonymous Coward on Sunday November 12 2017, @03:38PM

      by Anonymous Coward on Sunday November 12 2017, @03:38PM (#595912)

      It doesn't imply that. It would imply having the password stuffed inside of the monitor.

      The second point is really a question of what you're trying to protect against. If it's just casual theft, it would be fine, if it's law enforcement it's a huge problem.

      And there's no need for it to be in cleartext, it could be a certificate.