Washington Post's Clueless Editorial On Phone Encryption: No Backdoors, But How About A Magical 'Golden Key'?

from the golden-key-cryptography dept

The Washington Post editorial board has weighed in on the recent "controversy" over Apple and Google's smart decision to start encrypting mobile devices by default. The "controversy" itself seems pretty hyped up by law enforcement types who are either lying or clueless about the technology. Throwing a bunch of technically ignorant newspaper editors into the mix probably wasn't the wisest of decisions.

Much of the editorial engages in hand-wringing about what law enforcement is going to do when they need the info on your phone (answer: same thing they did for years before smartphones, and most of the time with smartphones as well, which is regular detective work). It even repeats the bogus use of the phrase "above the law" that FBI director James Comey bizarrely keeps repeating (hint: putting a lock on your stuff isn't making you above the law). But the real kicker is the final paragraph:
How to resolve this? A police “back door” for all smartphones is undesirable — a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant. Ultimately, Congress could act and force the issue, but we’d rather see it resolved in law enforcement collaboration with the manufacturers and in a way that protects all three of the forces at work: technology, privacy and rule of law.
Did you get that? No "back door," but rather a "golden key." Now, I'm not sure which members of the Washington Post editorial board is engaged in mythical "golden key" cryptography studies, but to most folks who have even the slightest understanding of technology, they ought to have recognized that what they basically said is: "a back door is a bad idea, so how about creating a magic back door?" A "golden key" is a backdoor and a "backdoor" is a "golden key." The two are indistinguishable and the Post's first point is the only accurate one: it "can and will be exploited by bad guys, too." That's why Apple and Google are doing this. To protect users from bad guys.

In the meantime, just watch, and we'll start to see ignorant politicians and law enforcement start to echo this proposal as well, talking down "backdoors" and talking up "golden keys." The fact that we already had this debate in the 1990s, when the "golden key" was called "key escrow" and when having the government lose that was was fairly important in allowing the internet to become so useful, will apparently be lost on the talking heads.

Still, a small request for the Washington Post Editorial Board: before weighing in on a subject like this, where it's fairly clear that none of you have the slightest clue, perhaps try asking a security expert first?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, editorial board, encryption, golden key, mobile encryption, privacy, security
Companies: washington post


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. This comment has been flagged by the community. Click here to show it
    icon
    antidirt (profile), 6 Oct 2014 @ 7:36am

    Still, a small request for the Washington Post Editorial Board: before weighing in on a subject like this, where it's fairly clear that none of you have the slightest clue, perhaps try asking a security expert first?

    I love how you hold others to such a high standard when you yourself don't meet that standard. Recent example: your silly post about how a design patent is invalid even though you demonstrated no such thing: https://www.techdirt.com/articles/20141003/06500028716/design-patent-granted-toothpick.shtml Do as you say, not as you do, right?

    link to this | view in thread ]

  2. icon
    Ninja (profile), 6 Oct 2014 @ 8:14am

    Re:

    I love how you do exactly the same you criticize.

    I'll leave this to your entertainment (please follow the link in that comment, it might make you slightly less dumb):

    https://www.techdirt.com/articles/20141003/06500028716/design-patent-granted-toothpick.shtml#c 485

    link to this | view in thread ]

  3. icon
    Ninja (profile), 6 Oct 2014 @ 8:18am

    However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant.

    Really, why are we reading some ignorant piece of crap like WP when not happy with being clueless they display said lack of clue in all its glory by treating science as wizardry?

    Perhaps they could actually study what they call wizardry and notice it's highly complex science and that they just proposed exactly what they said it's not desirable?

    link to this | view in thread ]

  4. This comment has been flagged by the community. Click here to show it
    icon
    antidirt (profile), 6 Oct 2014 @ 8:29am

    Re: Re:

    I love how you do exactly the same you criticize.

    How is that linked-to comment an example of me doing the same thing? At least that person acknowledged that it's the "ordinary observer" test--something Mike didn't even do. Mike didn't give us any legal analysis before reaching his legal conclusion. He just posted a picture of toothpicks that had three grooves with the implication that they're substantially similar to ones that have two painted-on stripes. My point is that the IP reporting on Techdirt is often laughable--such as that post. It's not just Mike. His flunkies are guilty of shoddy IP reporting even more so than he is. It's just funny that he criticizes others so much when his own house isn't in order.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 6 Oct 2014 @ 9:22am

    When law enforcement and government become the bad guys worried about their precious being taken away it tells you why such is needed.

    link to this | view in thread ]

  6. icon
    RadioactiveSmurf (profile), 6 Oct 2014 @ 9:22am

    Re:

    That's what struck me too. Whoever wrote this sees technology as nothing more than modern day magic. They don't understand it but somehow it works. POOF Magic!

    link to this | view in thread ]

  7. identicon
    Baron von Robber, 6 Oct 2014 @ 9:24am

    The Golden Key will be provided by the Golden Sheep with a Golden Ticket (warrent). After a time, everybody will realize it's just a Golden Goose Egg.

    link to this | view in thread ]

  8. identicon
    Edward Teach, 6 Oct 2014 @ 9:24am

    This is Magical Golden Journalism

    Personally, this kind of crap is why I read the papers.

    I mean, "David Brooks"? C'mon, he's no better than that Krauthammer moron, or Thomas Sowell. They're just low blood pressure medicine.

    I live for the inane mistakes, like when the text of an article includes the literals "START ITAL" and "END ITAL". Or some half-drunk city desk guy gets to opine about Magic Golden Keys. It's priceless, i tell you. You give a sinus-clearing snort, and resign yourself once again to a newspaper written and edited by posturing pieces of wood, and you laugh and get on with life.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 6 Oct 2014 @ 9:34am

    Response to: Baron von Robber on Oct 6th, 2014 @ 9:24am

    At which point everyone gets a Golden Shower. Yes, I went THERE.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 6 Oct 2014 @ 9:44am

    newspeak

    It's not torture, it's "enhanced interrogation" :-)

    link to this | view in thread ]

  11. icon
    DannyB (profile), 6 Oct 2014 @ 9:50am

    OK, so we don't want any magical Golden Keys

    How about a special master key cut from pure Unicorn horn?

    We would only need one such key, so creating one such key would not put the population of unicorns in any danger.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 6 Oct 2014 @ 9:58am

    Re: Re:

    Any sufficiently advanced technology is indistinguishable from magic.

    http://en.wikipedia.org/wiki/Clarke%27s_three_laws

    link to this | view in thread ]

  13. identicon
    Dan T., 6 Oct 2014 @ 9:59am

    Gold Key

    Perhaps this was all written up in comic book form in Gold Key Comics back in the '70s?

    link to this | view in thread ]

  14. identicon
    Anonymous Hero, 6 Oct 2014 @ 10:00am

    I'm going for funniest techdirt comment of the week

    "However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant."

    link to this | view in thread ]

  15. icon
    sehlat (profile), 6 Oct 2014 @ 10:01am

    Singalong Time

    [Tune: "I Got a Brand New Pair of Roller Skates"]

    I got a safe encrypted telephone.
    I hacked its golden key!
    Wonder what other uses that master key might have for me?

    Is this megalomania?
    Can I rule the world?

    'Cause I got a safe encrypted telephone
    I hacked its golden key!

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 6 Oct 2014 @ 10:05am

    Perhaps is it wise to allow them a `golden key'... As long as we make sure there is no backdoor that can be opened by it.
    (Yes, I know, but playing wordgames is all the rage at the moment.)

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 6 Oct 2014 @ 10:09am

    Re: OK, so we don't want any magical Golden Keys

    Au contraire mon ami - to cut a key from unicorn horn would require the demise of every unicorn in existence - and then some! How could this NOT cause the extinction of the species?

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 6 Oct 2014 @ 10:22am

    anyone able to explain to me how the hell these people ever get employed in the first place, let alone have the go-ahead to write and print something like this?

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 6 Oct 2014 @ 10:23am

    The most insidious idea in all of this is the notion that a manufacturer should maintain control of something after it's been sold.

    Does this apply to components? If a Chinese supplier of say, wifi chips doesn't like what Apple is doing, can they just brick every device with their chip in it?

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 6 Oct 2014 @ 10:23am

    Re: Re: Re:

    The sad thing is we're already kind of at that point, but not so much because technology is so wondrous, but because so many people are willfully ignorant, if not outright stupid.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 6 Oct 2014 @ 10:25am

    Yes old people tell us more about backdoors that don't have backdoors.

    #popcorn

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 6 Oct 2014 @ 10:43am

    Playing devil's advocate

    A "golden key" is a backdoor, but a backdoor might not necessarily be a "golden key".

    A "golden key" implies a key, contrasting with other kinds of backdoor which do not use a key.

    For instance, a backdoor where turning on the phone while shorting a couple of test points in its main board were enough to bypass the phone encryption would not be a "golden key".

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 6 Oct 2014 @ 10:44am

    You do realize that what is proposed is actually supported in both Microsoft BitLocker and Apple FileVault. It just simply storing your private key with the company or on your own server. Replace "Magic" with "Private" and you don't have unicorns and rainbows anymore, but irl they should give the end-user's the choice as they do currently.

    Apple File Vault 2: http://support.apple.com/kb/ht4790

    For Microsoft in a business situation: http://technet.microsoft.com/en-us/library/dd875531%28v=ws.10%29.aspx

    For Microsoft in a home situation: http://windows.microsoft.com/en-us/windows-8/bitlocker-recovery-keys-faq

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 6 Oct 2014 @ 10:58am

    Didn't RSA build a "Golden Key" into the it's elliptical curve random number generator. Then NIST made this golden key the default encryption option.

    Where has the Washington Post been for the last year? I'm sure China's gonna want it's own "Golden Key" too, so they can crack down on all the unruly young people protesting in Hong Kong.

    The Washington Post is advocating for repression and tyranny. Shame on them.

    link to this | view in thread ]

  25. identicon
    phils, 6 Oct 2014 @ 11:07am

    The magic key would not be made from gold but from unobtainium.

    link to this | view in thread ]

  26. icon
    John Fenderson (profile), 6 Oct 2014 @ 11:23am

    Re:

    "Replace "Magic" with "Private" and you don't have unicorns and rainbows anymore"

    Yes you do. If a third party is holding your private key, then it isn't private anymore. Functionally, doing so is exactly the same as having a universal key and it has all the same problems and all the same unicorns and rainbows.

    link to this | view in thread ]

  27. icon
    John Fenderson (profile), 6 Oct 2014 @ 11:26am

    Re:

    "Didn't RSA build a "Golden Key" into the it's elliptical curve random number generator."

    Not quite. The ECC problem was not a golden key, it was an intentional weakening of the random number generator. This by itself did not remove or bypass encryption. It made it possible to break the encryption, but doing so still took nontrivial effort.

    link to this | view in thread ]

  28. icon
    Ninja (profile), 6 Oct 2014 @ 11:28am

    Re:

    Bullshit, it's made of elvish steel forged by dwarfs using the light of the Silmarils. And it only opens during the full moon of the solstice. Or when some random judge says so.

    link to this | view in thread ]

  29. icon
    nasch (profile), 6 Oct 2014 @ 11:34am

    Re: Re:

    Bullshit, it's made of elvish steel forged by dwarfs using the light of the Silmarils.

    Please, you couldn't get Dwarves to work elvish steel. That's how I know your claim is made up.

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 6 Oct 2014 @ 11:40am

    Future Shock

    I don't know if that's completely fair. With the rate of growth and progress for technology, I do think that there are some people who would love to know more, but have no clue where to start. The solution of course is to ask for help, but if you have no clue where to start, then how do you even know what to ask?

    I'm not saying that there aren't bad actors. However, we should also consider that in less than a decade we went from moble phones to a universe of powerful internet-connected devices capable of storing and doing so much more than that.

    I think today that there is a valid argument for the growth of an excluded middle between the clued-in, and the willfully ignorant, and thanks to Alvin Toffler there's a name for the cause - Future Shock.

    link to this | view in thread ]

  31. identicon
    Corky Boyd, 6 Oct 2014 @ 11:54am

    Encryption security

    It is comforting that there is this reaction to Apple's encryption system. Seems it is highly resistant to prying eyes. Most important it encrypted all the way through which means there is no clear text or voice in the server's hands that can be read with only a subpoena.

    Intercepting US mail and reading it requires a court order. The public should expect no less for private phone conversations. Unfortunately official snoopers consider all communications their business even without probable cause. Justice prevails.

    link to this | view in thread ]

  32. icon
    That One Guy (profile), 6 Oct 2014 @ 12:19pm

    Re:

    Because the people hiring them, the people employing them, and the people telling them 'Write an article on the new encryption mess' are all equally clueless when it comes to the subject at hand.

    link to this | view in thread ]

  33. icon
    John Fenderson (profile), 6 Oct 2014 @ 12:23pm

    Re: Encryption security

    "Most important it encrypted all the way through which means there is no clear text or voice in the server's hands that can be read with only a subpoena."

    Perhaps I misunderstood what Apple & Google have done here, but my understanding is that they're encrypting the contents of the phone itself and not keeping a key for themselves. This has nothing to do with whether or not the data is encrypted outside the phone (is the server's hands).

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 6 Oct 2014 @ 12:27pm

    Re: Re: Encryption security

    As someone well versed in this, from an end user perspective, my understanding is the same as yours.

    They are encrypting by default the contents of what is on a phone itself, with only the end user/owner being able to decrypt it.

    Anything outside the phone (text messages, call logs, emails, etc.) is still subject to subpoena through a proper warrant. And that's what really drives home the point about the lack of understanding on the part of many complaining about the encryption coming to these devices pretty soon. That data is still legally accessible through the proper channels. All this means is you can't just grab a phone and go through it down the line.

    link to this | view in thread ]

  35. identicon
    Almost Anonymous, 6 Oct 2014 @ 1:33pm

    Re: Re:

    "And you can't get it down from the Cloud?"

    "No one understands the Cloud, it's a fscking mystery!"

    link to this | view in thread ]

  36. identicon
    Almost Anonymous, 6 Oct 2014 @ 1:35pm

    Re: I'm going for funniest techdirt comment of the week

    Well played. I voted for you!

    link to this | view in thread ]

  37. icon
    John Fenderson (profile), 6 Oct 2014 @ 1:50pm

    Re: Re: Re: Encryption security

    "Anything outside the phone (text messages, call logs, emails, etc.) is still subject to subpoena through a proper warrant"

    And we need to keeping pointing out that anything on the phone is also still subject to subpoena. The only change is that the subpoena must be issued to the owner of the phone instead of to Apple or Google.

    link to this | view in thread ]

  38. identicon
    Anonymous Coward, 6 Oct 2014 @ 1:56pm

    Re: Re:

    John,

    I hate to tell you, but almost every FDE product out there has something like this. I used Apple and Microsoft as examples, but CheckPoint uses an EndPoint Policy Manager. Do you think the average consumer is going to have a server to backup the private keys to? Most that I know will end up using DropBox, iCloud, OneDrive, et al which is basically the same thing. You can't store the private key for decryption on the same device for recovery, so it's either purchase a server to run your own and make sure you have backups or lease cloud space which basically makes the key public to someone else.

    Actually, this whole argument sounds like a good KickStarter project, some cheap Arduino boards to basically do a password/key manager and I would integrate OAuth with a mini lcd display.

    link to this | view in thread ]

  39. identicon
    Anonymous Coward, 6 Oct 2014 @ 2:28pm

    Re: newspeak

    It's not torture, it's "enhanced interrogation" :-)

    You mean the WP is now involved in enhanced interrogation techniques on the English Language?

    link to this | view in thread ]

  40. identicon
    Capt ICE Enforcer, 6 Oct 2014 @ 2:48pm

    It works...

    Just to let you know, the Golden Key does work. I use it all the time on Borderlands. No key, No open. Easy as that. And it is really cool cause I can use cheat engine and give me unlimited keys for unlimited weapons... But without the key you can't open the chest. Fool Proof.

    link to this | view in thread ]

  41. icon
    John Fenderson (profile), 6 Oct 2014 @ 3:15pm

    Re: Re: Re:

    "almost every FDE product out there has something like this"

    I'm not sure what you're talking about here. I've used several FDE solutions for Windows and Linux, and have yet to be required to store my keys on a server of any sort, let alone a third party server.

    "You can't store the private key for decryption on the same device for recovery, so it's either purchase a server to run your own and make sure you have backups or lease cloud space"

    Or do what I do: store the keys on a memory stick. They'll also fit on floppies if you are really old-school.

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 6 Oct 2014 @ 3:35pm

    Re: Re: Re:

    If the cloud collects enough condensation it starts to cause rain storms and when that happens the terrorists win.

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 6 Oct 2014 @ 3:38pm

    Re: Re: Re: Re: Encryption security

    I guess if the owner of the phone refuses to turn over the decryption key ...

    link to this | view in thread ]

  44. icon
    nasch (profile), 6 Oct 2014 @ 4:03pm

    Re: It works...

    And it is really cool cause I can use cheat engine and give me unlimited keys for unlimited weapons...

    So... that would be a back door, right? Although the chest is right up against the wall so you'd have to scoot it out to get to a back door. Or is it metaphorical? Hm...

    link to this | view in thread ]

  45. identicon
    Anonymous Coward, 6 Oct 2014 @ 4:58pm

    Re: Re: Re: Re: Encryption security


    I guess if the owner of the phone refuses to turn over the decryption key ... 


    Then it's a self incrimination rather than a privacy issue.

    The owner of the phone may be someone else than the person whose name is on the purchase invoice or who pays the monthly bill.

    Or the phone may have been shared among a large group of persons or it may have been acquired through second hand sale by the most recent user.

    One great reason for officially refusing to hand over any password is that you by admitting knowing the password implicitly convey that you likely are aware of any potentially incriminating contents of the phone including contents planted by the police to frame you.

    Loudly refusing gives the government more work and forces the issue into court where the self incrimination argument can be determined.

    If asked by the police if you are the sole user of the phone just plead the Fifth and state politely that you only answer questions after assistance of counsel.

    Answering that you are the sole user of the phone likely makes knowledge of the password a foregone conclusion and effectively waives any Fifth Amendment protection.

    The government should have to work hard to establish that you are the sole user of the phone.

    The real problem for the government in using the subpoena power to compel a suspect to turn over a password is proving ownership and the other elements sufficient to make the testimonial implications flowing from disclosure of the password a foregone conclusion.

    Subpoenaing the information from a person involved in a crime may be possible, but the government doesn't like it because it may compromise the secrecy of an ongoing government investigation.

    If Bob's phone is seized by the police, and they can get a subpoena compelling Bob to turn over the password, the investigation is no longer a secret and Bob will be on notice that he is under investigation.

    If he is not immediately taken into custody,he can arrange a covert signal with his accomplishes alerting them to the fact that his phone has been seized and that everyone must immediately dispose of their codes.

    link to this | view in thread ]

  46. icon
    Steve R. (profile), 6 Oct 2014 @ 6:41pm

    Tip of the Iceberg

    Regretfully, this impractical solution by the Post is only the tip of the iceberg, that just happened to be tech related.

    But the world is bigger than tech. Recently, Biden made (truthful) remarks critical of Turkey. Now Biden has been forced to apologize for his supposed "gaffe". We are living in the world of Orwell's NewSpeak.

    link to this | view in thread ]

  47. icon
    bratwurzt (profile), 7 Oct 2014 @ 3:09am

    Re: Re: Re:

    Any technology is indistinguishable from magic to stupid people.

    FTFY

    link to this | view in thread ]

  48. icon
    Jeremy Lyman (profile), 7 Oct 2014 @ 5:05am

    Re:

    Hmmm... that might be an interesting Emperor's Clothes type situation. Tell them there is a Golden Key, even though is doesn't work, but that they're never allowed to use it.

    Sure, they'll be pissed off when they realize it doesn't work, but we'll be pissed that they so readily abused the power they thought they had.

    link to this | view in thread ]

  49. icon
    John Fenderson (profile), 7 Oct 2014 @ 8:15am

    Re: Re: Re: Re: Re: Encryption security

    Then the owner sits in jail for contempt of court until he does provide the key.

    link to this | view in thread ]

  50. icon
    GEMont (profile), 7 Oct 2014 @ 1:46pm

    Social Engineering

    Its already started and its a pretty big campaign actually.

    This morning's news had a long piece about a cop who "pimped out his wife" and sold drugs, among other crimes, and was caught ONLY because investigators had the use of "the backdoor" to read his incriminating emails.

    The spokesman (I missed his name) claimed they "would never have caught the guy" if his cell phone had the new full encryption that was planned to be put in place by Google and Apple and other manufacturers soon.

    It really does seem to be that the cops are going to claim repeatedly that lack of encryption is essential to the capture of criminals. I guess before cell phones, criminals had to arrest themselves and confess on paper before the cops could catch them.

    You can't really blame the bad guys in white hats for trying to prevent encryption though. After all, they've spent millions of tax payer's dollars and many years making sure that Americans have the least secure communications on earth.

    A step forward for the public is a step backwards for the folks in law enforcement, because then they would have to go back to using barbaric detective work, savage investigation analysis and old fashioned common sense.

    Techniques which apparently, never worked and never caught any bad guys.

    ---

    link to this | view in thread ]

  51. icon
    nasch (profile), 7 Oct 2014 @ 2:43pm

    Re: Social Engineering

    Techniques which apparently, never worked and never caught any bad guys.

    Don't you remember the headlines in 1983? "Cellular phones go on sale; police predict some crimes can now be solved".

    link to this | view in thread ]

  52. icon
    Lleuad Ci (profile), 7 Oct 2014 @ 9:46pm

    Phone Encryption

    You could always really frustrate the feds by not having an idiotPhone in the first place.
    Between the backdoors, the DRM, the camera, the microphone and the GPS you couldn't possibly be expecting privacy anyway.

    link to this | view in thread ]

  53. identicon
    Anonymous Coward, 8 Oct 2014 @ 12:37am

    Re: Re: Re: Re: Re: Encryption securityf

    No, the Fifth Amendment allows you to refuse to disclose information that may furnish the link in the chain of evidence if the evidence may either incriminate you directly or indirectly lead to incriminating evidence.

    The only exception to this rule is if the government already can establish from an independent source that you knows something.

    Also remember that the civil contempt power is time limited because it's not intended to be punitive.


    Criminal contempt is an entirely different beast and you can in fact be sentenced to real punishment for criminal contempt.

    But criminal contempt requires proof beyond a reasonable doubt.

    link to this | view in thread ]

  54. identicon
    Anonymous Gold, 8 Oct 2014 @ 5:27am

    I want Google and Apple to provide magic gold.

    link to this | view in thread ]

  55. identicon
    Laszlo Marai, 9 Oct 2014 @ 2:04am

    Not exactly equal

    While true that no back door or golden key is needed for a number of reasons (some of them you also mention), the two solutions are not equal.

    A back door, while it could mean anything, conventionally would be a feature implemented in the software on the phone, that would allow anyone knowing it get around the encryption. It could be anything like a hidden key on the phone, a software service that would leak a few bits of the encryption key, etc. The point is that all the info is on the phone and thus can be found out by only looking at the phone OS and, once found out, can be utilized by having only the phone.

    A golden key, on the other hand, is controlled by the phone manufacturer, so utilizing it means their help. Now true, that by a golden key, the WP authors probably really meant a single key, so if that leaks that would make the two equal. The 'golden key', could however be a per phone one (stored or generated on demand at the manufacturers) which would mean that just because the law enforcement guys got hold of a key, they cannot pass it on two the criminals or the other agencies to use it to unlock other phones. Of course, criminals could still steal these from the phone manufacturers which is a real danger.

    I agree with you that phones (AND clould storages!) should be encrypted, just saying that the threat level is not 100% equal in both cases.

    Also, even if google and apple give in, criminals and privacy aware citizens will still be able to get around this with custom ROMs. At least in the case of android.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.