US, International Intelligence Fight Against Encryption

[Guest]

The Fire Eyes international intelligence alliance has again criticized encryption providers for impeding law enforcement investigations and mass spying.

US, International Intelligence Fight Against Encryption : Read more

 

[milkod2001]

hhhh

 

[milkod2001]

Just testing if i can comment again. Thanks Toms.

 

[SkyBill40]

"The result is a massive surveillance network that encompasses most of the world and lets these countries assist each other with law enforcement investigations and matters of national security."

SPECTRE much?

 

[mwryder55]

They can't even protect their own computers from unlawful access and they want to make it even easier for others to get into our computers and our data? A lot of data has to be encrypted to give some protection to it. I don't think anyone wants their credit card data open to the world to make it easier for some overpaid government employee to go fishing for some justification for his job.

 

[caustin582]

The alliance explained in the Statement of Principles on Access to Evidence and Encryption this week that the same encryption used to protect "personal, commercial and government information" is also used by "criminals, including child sex offenders, terrorists and organized crime groups to frustrate investigations and avoid detection and prosecution." They effectively argue that defending the former group enables the latter.

Those latter groups also breathe oxygen. Maybe we should we get rid of that too?

 

[koga73]

Encryption is a privacy tool. Governments don't believe their citizens should have privacy. They aim to compromise the privacy provided by encryption in the name of stopping bad actors. There are numerous tools that can be used for good or bad, that doesn't mean the tool is inherently bad. Take security software for example, vulnerability scanners can be used by companies to identify vulnerabilities to patch, however they can also be used by hackers to identify vulnerabilities to exploit, does that mean we should ban vulnerability scanners? If governments want access to encrypted information then they should have to work for it and crack the encryption rather than asking for a backdoor or key escrow.

 

[compprob237]

Mass spying already violates the 4th amendment, at least for the US constitution, and they want to make it easier to violate the constitution? I have one word in mind for them: No. If it comes to it then the same saying used to defend the 2nd amendment applies: From my cold, dead hands. The government doesn't need more power and control over it's people. It needs less.

 

[shrapnel_indie]

In the same vein as compprob237's statements. Here is another one.. but first, of course the gov'ts involved won't back down on their encryption one iota.

Do they really think the bad guys will say "Oh, it's illegal to encrypt now... oh well... I'll just click send anyway." or "Oh, it's illegal to encrypt now. we better stop being bad guys."

Just like firearms, the bad guys won't care whether it's illegal to obtain, own, or use. They'll use it anyway. Meanwhile law abiding citizens/subjects/[insert your fav term for someone who has zero rights under their gov't] will suffer because of it.

Reality is the bad guys just make an excellent and handy excuse to strip the rest of us of rights that are supposed to be natural/inalienable or unalienable (at least in the eyes of the founding fathers of The United States.) Remember the Bill of Rights was put in place to restrict government from infringing on what was and are inalienable rights... or as they felt... God Given rights. (Yes. many were theists, not atheists or agnostics.)

 

[caustin582]

In the same vein as compprob237's statements. Here is another one.. but first, of course the gov'ts involved won't back down on their encryption one iota.

Do they really think the bad guys will say "Oh, it's illegal to encrypt now... oh well... I'll just click send anyway." or "Oh, it's illegal to encrypt now. we better stop being bad guys."

Just like firearms, the bad guys won't care whether it's illegal to obtain, own, or use. They'll use it anyway. Meanwhile law abiding citizens/subjects/[insert your fav term for someone who has zero rights under their gov't] will suffer because of it.

Reality is the bad guys just make an excellent and handy excuse to strip the rest of us of rights that are supposed to be natural/inalienable or unalienable (at least in the eyes of the founding fathers of The United States.) Remember the Bill of Rights was put in place to restrict government from infringing on what was and are inalienable rights... or as they felt... God Given rights. (Yes. many were theists, not atheists or agnostics.)

I don't think that's a good comparison. The authorities here aren't saying it should be illegal for individuals to use encryption, but rather that companies should implement back doors in their hardware and software that allow them to easily get past the encryption. If implemented on the hardware level, this would in fact have a profound effect on everyone's ability to encrypt their information, regardless of how much they care about obeying the law. The only way to get around it would be to build your own CPUs, which is obviously not an easy task.

 

[mwryder55]

In the same vein as compprob237's statements. Here is another one.. but first, of course the gov'ts involved won't back down on their encryption one iota.

Do they really think the bad guys will say "Oh, it's illegal to encrypt now... oh well... I'll just click send anyway." or "Oh, it's illegal to encrypt now. we better stop being bad guys."

Just like firearms, the bad guys won't care whether it's illegal to obtain, own, or use. They'll use it anyway. Meanwhile law abiding citizens/subjects/[insert your fav term for someone who has zero rights under their gov't] will suffer because of it.

Reality is the bad guys just make an excellent and handy excuse to strip the rest of us of rights that are supposed to be natural/inalienable or unalienable (at least in the eyes of the founding fathers of The United States.) Remember the Bill of Rights was put in place to restrict government from infringing on what was and are inalienable rights... or as they felt... God Given rights. (Yes. many were theists, not atheists or agnostics.)

I don't think that's a good comparison. The authorities here aren't saying it should be illegal for individuals to use encryption, but rather that companies should implement back doors in their hardware and software that allow them to easily get past the encryption. If implemented on the hardware level, this would in fact have a profound effect on everyone's ability to encrypt their information, regardless of how much they care about obeying the law. The only way to get around it would be to build your own CPUs, which is obviously not an easy task.

If the backdoor exists, whether known or not, they will be found and exploited. Would you want your credit card information on a server that is open to the world?
The other thing to remember is that people have been encrypting messages for millenia without the use of computers. The use of a simple one-time pad is fairly simple and there is no backdoor to be exploited by someone trying to read your messages.

 

[caustin582]

If the backdoor exists, whether known or not, they will be found and exploited. Would you want your credit card information on a server that is open to the world?
The other thing to remember is that people have been encrypting messages for millenia without the use of computers. The use of a simple one-time pad is fairly simple and there is no backdoor to be exploited by someone trying to read your messages.

I don't think I implied in my post that I would want this to happen. I think it would be horrible. My point is just that convincing chip makers to implement backdoors or keyloggers would actually hamper everyone's ability to use computers to send and receive encrypted information. We'd all be screwed. The fact that the "bad guys" get screwed along with the "good guys" doesn't make it a good thing.

Sure you could avoid technology altogether by writing something on piece of paper and throwing it in the fire when you're done. Hell, you could just whisper into the other person's ear when no one's around. Obviously there are drawbacks in practicality when it comes to giving up computers entirely, though.

 

[shrapnel_indie]

In the same vein as compprob237's statements. Here is another one.. but first, of course the gov'ts involved won't back down on their encryption one iota.

Do they really think the bad guys will say "Oh, it's illegal to encrypt now... oh well... I'll just click send anyway." or "Oh, it's illegal to encrypt now. we better stop being bad guys."

Just like firearms, the bad guys won't care whether it's illegal to obtain, own, or use. They'll use it anyway. Meanwhile law abiding citizens/subjects/[insert your fav term for someone who has zero rights under their gov't] will suffer because of it.

Reality is the bad guys just make an excellent and handy excuse to strip the rest of us of rights that are supposed to be natural/inalienable or unalienable (at least in the eyes of the founding fathers of The United States.) Remember the Bill of Rights was put in place to restrict government from infringing on what was and are inalienable rights... or as they felt... God Given rights. (Yes. many were theists, not atheists or agnostics.)

I don't think that's a good comparison. The authorities here aren't saying it should be illegal for individuals to use encryption, but rather that companies should implement back doors in their hardware and software that allow them to easily get past the encryption. If implemented on the hardware level, this would in fact have a profound effect on everyone's ability to encrypt their information, regardless of how much they care about obeying the law. The only way to get around it would be to build your own CPUs, which is obviously not an easy task.

Maybe I did get a little carried away with the analogy... but I wouldn't doubt if they tried it, at least at this point in time, there would be outrage about it.... in the future, who knows...

Also if it was done on the hardware level.... with back doors, which means the encryption might as well not exist when it comes to corrupted/evil governments/corporations/people... There's nothing to stop someone from using old hardware to create the encrypted data and then send it on its way anyway. Do some research and you'll find cryptographic libraries for programming languages and encryption/decryption apps are plentiful right now. There's even laws, although not necessarily as strict as in the past, about what encryption strengths can and cannot be used and under what circumstances.

 

[caustin582]

Maybe I did get a little carried away with the analogy... but I wouldn't doubt if they tried it, at least at this point in time, there would be outrage about it.... in the future, who knows...

Also if it was done on the hardware level.... with back doors, which means the encryption might as well not exist when it comes to corrupted/evil governments/corporations/people... There's nothing to stop someone from using old hardware to create the encrypted data and then send it on its way anyway. Do some research and you'll find cryptographic libraries for programming languages and encryption/decryption apps are plentiful right now. There's even laws, although not necessarily as strict as in the past, about what encryption strengths can and cannot be used and under what circumstances.

Using old hardware would be a loophole, but also a major inconvenience. Hardware doesn't last forever, and safe devices would become increasingly scarce as time goes on. Also, just encrypting it on safe hardware wouldn't be enough--if the recipient decrypts the information on a compromised device then it could be exposed there too.

I'm well aware of how plentiful and available encryption software is. As a hobby I run a Freenet node on a VM within hidden encrypted partition, just as a sort of proof of concept for a completely "untouchable" system. Literally nothing any 3rd party could do to even prove that it exists, unless I want them to know that it does. That of course would all go out the window if it were running on a CPU with a backdoor that the government had access to.

Not sure what you mean when you say there are laws governing the levels of encryption that can be used. Government and financial organizations are required to encrypt sensitive data, but the way you worded that statement made it sound like you're saying there are laws restricting people from using encryption beyond a certain level. Some forms of strong encryption do require an export license if you're including them as a feature of your software that you're making available internationally (particularly to rogue/terrorist states), but there are no laws restricting individuals from encrypting their own data any way they choose.

 

[Christopher1]

Why would they be fighting against encryption? They should be fighting against criminals misusing encryption, not encryption itself.

 

[shrapnel_indie]

Why would they be fighting against encryption? They should be fighting against criminals misusing encryption, not encryption itself.

That's their excuse to fight it: getting the bad guys who use it by denying them its use or use of stronger encryption. Meanwhile the side effect is they get to pry into everyone else's business, which is their real goal. After all, they want any hint of sedition or dislike of a political figure from even the average guy who may just vent to be known.

 

[mwryder55]

Why would they be fighting against encryption? They should be fighting against criminals misusing encryption, not encryption itself.

Just like their battle against people using guns to commit crimes it is easier to say that the tool is the problem rather than the person "misusing" the tool. Rather than admit that they cannot do their job they distract everyone by saying that the use of encryption, or guns, is the problem, not them.

 

[capkdk]

The best way of putting it. If the people who want back doors for police access on the web. Should leave the back door of the house unlocked for the police to use if needed and hope a criminal never uses it. Open Back doors are dangerous on the web or in the physical word period.