Former NSA Lawyer Says Reason Blackberry Failed Was 'Too Much Encryption' Warns Google/Apple Not To Make Same Mistake

from the give-it-a-rest,-stew dept

There are times that I wonder if former NSA General Counsel Stewart Baker is just trolling with his various comments, because they're so frequently out of touch with reality, even though he's clearly an intelligent guy. His latest is to join in with the misguided attacks on Apple and Google making mobile encryption the default on iOS and Android devices, with an especially bizarre argument: protecting the privacy of your users is bad for business. Oh really? Specifically, Baker engages in some hysterically wrong historical revisionism concerning the rise and fall of RIM/Blackberry:
Baker said encrypting user data had been a bad business model for Blackberry, which has had to dramatically downsize its business and refocus on business customers. “Blackberry pioneered the same business model that Google and Apple are doing now - that has not ended well for Blackberry,” said Baker.

He claimed that by encrypting user data Blackberry had limited its business in countries that demand oversight of communication data, such as India and the UAE and got a bad reception in China and Russia. “They restricted their own ability to sell. We have a tendency to think that once the cyberwar is won in the US that that is the end of it - but that is the easiest war to swim.”
While it's true that some countries, like India, demanded the right to spy on Blackberry devices, the idea that this was the reason for the company's downfall is ludicrous. First of all, RIM gave in to some of those demands anyway. But, more importantly, the reason that Blackberry failed was because the company just couldn't keep up from an innovation standpoint -- and that's because early on it made the decision to focus onenforcing patents, rather than truly innovating. RIM got fat and lazy by getting an early lead and then focusing on protecting it, rather than keeping up with the market. And... one of the reasons it got that early lead was because companies were willing to buy into the Blackberry in part because of its strong encryption.

The idea that encryption was bad for business because China and Russia couldn't spy on people is not only ridiculous and silly, but it appears to be Baker supporting authoritarian states spying on its citizenry. What the hell, Stewart?

Beyond that, Baker insists that, really, the public doesn't want encryption anyway, and if people only knew what was really going on with the "bad guys," we'd all be willing to give up our privacy:
Baker said the market for absolute encryption was very small, and that few companies wanted all their employees’ data to be completely protected. “There’s a very comfortable techno-libertarian culture where you think you’re doing the right thing,” said Baker.

“But I’ve worked with these companies and as soon as they get a law enforcement request no matter how liberal or enlightened they think they are, sooner to later they find some crime that is so loathsome they will do anything to find that person and identify them so they can be punished.
Right. And that's what basic police and detective work is for. It doesn't mean that you need to weaken the security and privacy of everyone else. Anyway, let's see if Baker goes out and shorts Apple and Google's stock now that he believes encryption and protecting the privacy of their users is really so bad for business.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: blackberry, china, cryptowars, encryption, india, nsa, russia, stewart baker, surveillance
Companies: apple, blackberry, google, rim


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Ninja (profile), 5 Nov 2014 @ 4:44am

    Unless you intentionally mislead the average Joe into thinking that encryption is only used for criminal activities nobody will agree with anything being said here. Encryption is both essential and desirable.

    I used "mislead" and "only" in italics because that's precisely the strategy I began to see here and it's spreading throughout the world (I've seen clueless news here parroting the same bullshit). I think it's about time we unite and start explaining what encryption is and why these morons from law enforcement advocating against it are so wrong.

    link to this | view in thread ]

  2. icon
    Rabbit80 (profile), 5 Nov 2014 @ 6:29am

    I'm not actually all that bothered about encryption on my phone - I don't keep much on it anyway and I can remotely wipe / disable / back up / track it anyway.

    On my computer however, things are a little different. I use bitlocker to ensure it is all encrypted (Using both a TPM and a USB key which I carry around with me) - not to stop law enforcement (although they would have to have a very convincing warrant for me to give up the keys), but because I use it to run an offsite backup of works servers - which, as we are a scanning bureau, contain over 400GB of data, most of which consists of legal files for criminal cases, personal data, accountancy data etc. It would probably be criminal for me to NOT keep this kind of information encrypted!

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 5 Nov 2014 @ 6:30am

    Beyond that, Baker insists that, really, the public doesn't want encryption anyway, and if people only knew what was really going on with the "bad guys," we'd all be willing to give up our privacy:

    Given that governments are looking more and more like the bad guys, it is strong encryption, or out with the pitchforks, and I doubt that he would like where the latter would be applied.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 5 Nov 2014 @ 6:39am

    These are like kids arguing for a puppy.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 5 Nov 2014 @ 6:42am

    " “But I’ve worked with these companies and as soon as they get a law enforcement request no matter how liberal or enlightened they think they are, sooner to later they find some crime that is so loathsome they will do anything to find that person and identify them so they can be punished.

    "loathsome" crimes? Well...

    We've been trying, but -- as amply documented here at TD and elsewhere -- the CIA insists on redacting the names of torturers and their accomplices.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 5 Nov 2014 @ 6:42am

    The problem with the NSA - Too much crooked behavior.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 5 Nov 2014 @ 6:44am

    novel excuse

    Claiming to have failed because the President uses an NSA-secured Blackberry?

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 5 Nov 2014 @ 6:58am

    But I’ve worked with these companies and as soon as they get a law enforcement request no matter how liberal or enlightened they think they are, sooner to later they find some crime that is so loathsome they will do anything to find that person and identify them so they can be punished.

    Sounds just like the usual trolls here, claiming to work for tons of artists who all apparently demand DRM on every disc and a fine for every customer.

    Don't count on either to prove their credentials, of course.

    link to this | view in thread ]

  9. identicon
    DigDug, 5 Nov 2014 @ 6:58am

    Lies, damned Lies and even more Damned Lies

    BlackBerry opened the back door to the encryption for India to steal everything going through them.

    This is more likely the reason why they died, the inability to trust the encryption to prevent government snooping.

    India's laws are also why jobs outsourced to India never actually receive the data, only video feeds from terminal servers located outside of India to get around the "We must see all data coming in and going out of our country".

    link to this | view in thread ]

  10. identicon
    David, 5 Nov 2014 @ 6:58am

    Quite the opposite

    I should think that the reason Democrats failed in Congress was far too much undermining of encryption, privacy, and accountability.

    In contrast to phones, sadly there is no convincing "sucks less" alternative from the market leaders.

    The Nobel Peace Prize winning product announcement from the Democrats last time round has been a thundering disappointment, and now the battery is dead with the contract running for another two years.

    It's not clear who will be producing the successor model, but it's pretty clear that it will deserve the name watchU.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 5 Nov 2014 @ 6:59am

    So, reading between the lines, what he's actually doing is threatening American companies with corporate murder.

    Nice.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 5 Nov 2014 @ 7:05am

    A Lawyer acting as if his word is good for anything, that in itself is comedy.

    link to this | view in thread ]

  13. identicon
    Anonymous Hero, 5 Nov 2014 @ 7:09am

    We Demand

    We demand all secret passwords for childrens' tree-house clubs so we may gain entrance to ensure they are not becoming terrorist breeding grounds. We can neither confirm nor deny whether we will respect the "No Girls Allowed" sign.

    link to this | view in thread ]

  14. icon
    PaulT (profile), 5 Nov 2014 @ 7:10am

    "“Blackberry pioneered the same business model that Google and Apple are doing now - that has not ended well for Blackberry"

    The same can be said for Nokia. Was that an encryption problem too?

    “They restricted their own ability to sell."

    Yeah, I remember once I got into the market for a smartphone, the Blackberry's dated UI was a turn-off compared to competitors and in business terms the requirement for BES subscriptions for certain features was something of a turn-off when considering new options. In both cases I rejected them and went with competitors. That trend has continues as friends and colleagues have rejected them in favour of iPhones and Samsungs even if they preferred the physical keyboard, which was one of the Blackberry's major attractions. WhatsApp and similar cross-platform apps pretty much killed Blackberry as an option for many once they got away from needing it to use BIM. only its cheap price seemed to keep many interested, and even that market's gone once cheaper Androids became ubiquitous. If only they hadn't restricted their own ability to sell by not keeping up with the demands of their market.

    Oh wait, this is about *encryption*? Oh, whichever scapegoat you prefer, I suppose...

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 5 Nov 2014 @ 7:12am

    C'mon man, get your propaganda straight

    Why is this NSA guy praising the policies of China and Russia, the same nations that get trotted out as deadly freedom-hating enemies brimming with apocalyptic superhackers every other month?

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 5 Nov 2014 @ 7:13am

    the only ones worried about too much encryption on devices are the security forces! they are supposed to be ensuring our safety in the first place, being unable to read and listen to everything that everyone says and writes stops them from doing that? i very much doubt it!! it may mean those security people have to do a little more work, like they did prior to the internet and mobile devices, but throwing all surveillance eggs into one basket and saying that is stopping them from finding those pesky criminals seems rather OTT!!

    link to this | view in thread ]

  17. icon
    Anonymous Howard (profile), 5 Nov 2014 @ 7:14am

    Subtle threat isn't subtle

    Blackberry pioneered the same business model that Google and Apple are doing now - that has not ended well for Blackberry

    Between the lines: "they didn't comply with us requesting no encryption, so we killed them off. That's a bad business model, right?"

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 5 Nov 2014 @ 7:18am

    Re: Quite the opposite

    I suspect you're right. If the Democrats had actually delivered -- let's say, on robust investigation and vigorous prosecution of Wall Street -- then they could have easily carried the day. But they didn't, and as a result, they failed to distinguish themselves from the Republicans. And thus there was simply no motivating reason for Democratic-leaning voters to get out to the polls.

    Mid-term elections are (almost) always about turnout and that won't go in favor of any political party unless their base has a cause (or two or three) to rally behind. The Democratic Party has made the strategic political mistake of trying to be "centrist" when in fact no such political position exists any more in the United States. (I don't say that because I approve of the situation, I say that because it's true.) By moving farther and farther right (in an attempt to catch moving and mythical goalposts) they've lost far more support than they've gained. And now they're paying for it.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 5 Nov 2014 @ 7:24am

    I thought blackberry stabbed itself with it's inability to produce a smart phone until it was too late ...
    Is the guy from NSA now claiming they killed off blackberry to get ride of encryption?

    link to this | view in thread ]

  20. identicon
    jackn, 5 Nov 2014 @ 7:24am

    Re: Re: Quite the opposite

    A nice thought, but it wouldn't matter. The districts lines are well planned and the outcome almost certain. It doesn't matter what obama or anyone really did or didn't do. When you coral a bunch of ignorant folk, they will do what they are told.

    link to this | view in thread ]

  21. identicon
    Pragmatic, 5 Nov 2014 @ 7:33am

    Re: Re: Re: Quite the opposite

    Now that the Republicans have control of both Houses, who are you going to blame when the economy goes belly up again, encryption is still considered a terrorist/criminal act, and we're still ass-deep in surveillance?

    Just askin'.

    'Cause you can stop blaming Obama for whatever happens till the next election NOW.

    link to this | view in thread ]

  22. identicon
    Michael, 5 Nov 2014 @ 7:36am

    Blackberry had limited its business in countries that demand oversight of communication data, such as India and the UAE and got a bad reception in China and Russia.

    So what he is saying is that companies should comply with oppressive regimes that want to monitor all communications because that is a better way of doing business.

    Yay for the American way!

    link to this | view in thread ]

  23. icon
    John Fenderson (profile), 5 Nov 2014 @ 7:37am

    Re: Quite the opposite

    Indeed. The decline of Blackberry began when they weakened their security in order to operate in certain repressive regimes. Blackberry was already behind the curve in terms of features and usability at that point, and the primary reason people and companies gave for sticking with them was that it was the most secure option.

    When that was no longer true, there was no reason for people to stick with it.

    link to this | view in thread ]

  24. identicon
    mcinsand, 5 Nov 2014 @ 7:42am

    Re: Re: Quite the opposite

    Mr. Fenderson,

    >>they weakened their security in order to operate in
    >>certain repressive regimes.

    You really could not have phrased that better!

    link to this | view in thread ]

  25. identicon
    NSA/CIA/FBI/Cop Apologist, 5 Nov 2014 @ 7:42am

    Re:

    Horse drawn buggies have failed in the marketplace and they have round wheels. Therefore, the automotive industry should take note of that fact and remove round wheels from automobiles before they too fail!

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 5 Nov 2014 @ 7:51am

    Re: Re:

    ... remove round wheels from automobiles before they too fail!

    It's the 21st century. Where's my hovercar, dude?

    link to this | view in thread ]

  27. icon
    Blaine (profile), 5 Nov 2014 @ 7:53am

    Simple question for Stewart Baker and anyone arguing against encryption.

    Do any of your phones have encryption enabled?
    Work?
    Home?
    Family members?

    I'd love to see some reporters ask that question live.

    link to this | view in thread ]

  28. identicon
    Call me Al, 5 Nov 2014 @ 8:04am

    Re: Lies, damned Lies and even more Damned Lies

    As a Blackberry user for my work phone I can confirm that the main reason I want to give it up is because it is rubbish... not because the government can spy on it. I tend to assume they could spy on whatever phone I have anyway.

    Sadly I have no control on the choice of phone.

    link to this | view in thread ]

  29. icon
    Jeff Green (profile), 5 Nov 2014 @ 8:06am

    Re: Simple question for Stewart Baker and anyone arguing against encryption.

    His family are all good guys, it's no problem if their phones are encrypted, it's only everyone else that needs to leave their front doors unlocked!

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 5 Nov 2014 @ 8:07am

    Re:

    Just so. Very few - if any - of these public-facing government apologists have come out and said "Gosh, maybe all this encryption talk is because we got caught hoovering up everything in sight."

    And, implying that "bad guys" don't already use encryption or some other sort of obfuscation leads to two premises: one, the government is only capable of catching profoundly stupid criminals; and two, they really, really don't want average citizens to become opaque to mass surveillance.

    link to this | view in thread ]

  31. identicon
    Anonymous coward, 5 Nov 2014 @ 8:10am

    BB failed because it SUCKED! Sure they are uber secure because of their encryption which is very useful in a corporate/enterprise environment. But the "masses" like APPS, we like FUN, we like USEFUL devices in general. We DON'T want to lug around multiple phones. When you become BORING, you lose business. And BB became just that.

    link to this | view in thread ]

  32. icon
    John Fenderson (profile), 5 Nov 2014 @ 8:36am

    Re:

    "I use bitlocker"

    Which you shouldn't do.

    link to this | view in thread ]

  33. identicon
    Anonymous Coward, 5 Nov 2014 @ 8:37am

    Since when does he know what the public wants regarding encryption? Based on that presumption, it appears baker knows what the public wants for everything, not just phones. What else can he tell us about ourselves that we don't know?

    Perhaps he can tell me what car I should buy, since he knows what I what. Let me guess, one thatcontinuously transmits a GPS signal and can be remotely shutdown if there's reasonable suspicion?

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 5 Nov 2014 @ 8:46am

    Re: Re:

    Actually it is a pseudo-issue: As soon as you start discussing encryption at all, the bad guys not encrypting will already be more likely to encrypt.
    The clever thing from a law enforcement perspective with raising this specific debate, is the highlighting of some encryptions not being valuable. Therefore, as soon as they stop talking about encryption as the death of the world, the bad guys will feel uncomfortable. The lack of discussion would be worse than getting hammered in public opinion on this issue...

    link to this | view in thread ]

  35. icon
    John Fenderson (profile), 5 Nov 2014 @ 8:49am

    Re:

    "Perhaps he can tell me what car I should buy, since he knows what I what. Let me guess, one thatcontinuously transmits a GPS signal and can be remotely shutdown if there's reasonable suspicion?"

    That's what OnStar thinks you want.

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 5 Nov 2014 @ 8:53am

    Re: Re:

    Strongly concur (with John). Please see:

    http://cryptome.org/2014/11/ms-onedrive-nsa-prism.htm

    link to this | view in thread ]

  37. identicon
    David, 5 Nov 2014 @ 9:05am

    Re: C'mon man, get your propaganda straight

    Because we've always been at war with Eurasia.

    link to this | view in thread ]

  38. identicon
    Anonymous Coward, 5 Nov 2014 @ 9:34am

    Re: Re: Re:

    That's only for desktop users. If you run your own Active Directory, you can store keys in the server and nothing touches Microsoft. Same is also true for Apple's FileVault. With the death of TrueCrypt, and CipherShed still not fully vetted, alternatives are still sort of limited. Though I would probably trust CipherShed more than Symantec/McAfee at this point.

    Also you can use Bitlocker without ever signing into a Microsoft account on account creation, thus no OneDrive to upload to. The same is true for Apple's FileVault.
    As far as security, they've both pretty well have been vetted, even Bruce Schneier's blog says that they are not bad.
    BitLocker
    FileVault2

    What half of the idiots don't realize is that FDE is only good when the device is turned off, and even then with enough time and effort pretty much anything is vulnerable if they have the hardware.

    link to this | view in thread ]

  39. icon
    John Fenderson (profile), 5 Nov 2014 @ 9:37am

    Re: Re: Re: Re:

    There are several other issues with Bitlocker that have nothing to do with who holds the keys, including that it uses the problematic Windows crypto APIs to perform the encryption.

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 5 Nov 2014 @ 9:46am

    Re: Re: Re: Re:

    ... with enough time and effort pretty much anything is vulnerable...


    AES ?

    I am informed that the Earth is believed to be about 4 1/2 billion years old. The best guesses for the age of the universe, I think, are about three times that.

    There are also energy considerations. Via Schneier:
    Or read what I wrote about symmetric key lengths in 1996, in Applied Cryptography (pp. 157–8):
    One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

     . . . .

    link to this | view in thread ]

  41. identicon
    Anonymous Coward, 5 Nov 2014 @ 9:54am

    DVD's are encrypted

    Can we move to remove the encryption from those so that we, the people, can make legal copies? If not, then, we get to enjoy the exact same law: cannot lawfully decrypt encrypted devices.

    Good for the goose....

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 5 Nov 2014 @ 9:56am

    Re:

    Exactly why iPhone is good, but Android is better - side loading apps.

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 5 Nov 2014 @ 10:00am

    Re: Simple question for Stewart Baker and anyone arguing against encryption.

    I would like an affordable phone with the same capabilities as the President's phone. If my phone isn't encrypted, then neither is his.

    If he can keep a secret from me, then I want to be able to keep my secret also.

    link to this | view in thread ]

  44. identicon
    Anonymous Coward, 5 Nov 2014 @ 10:01am

    Re: Re: Re: Re: Re:

    Who said you have to defeat the encryption?
    I guess you never heard of the evil maid attack, Van Eck phreaking?
    Pretty cool experiment if you are interested: Hack-a-day

    link to this | view in thread ]

  45. identicon
    Anonymous Coward, 5 Nov 2014 @ 10:06am

    Re: Re: Re: Re: Re: Re:

    Who said you have to defeat the encryption?

    I should have quoted a little bit more, I guess:

    The commenter's assertion was: “[T]he device is turned off, and even then with enough time and effort...”

    link to this | view in thread ]

  46. identicon
    Tom, 5 Nov 2014 @ 10:19am

    BB = DoD

    Does this guy forget that one of the biggest users of Blackberry devices is the Department of Defense, because of the encryption?

    link to this | view in thread ]

  47. icon
    John Fenderson (profile), 5 Nov 2014 @ 10:28am

    Re: Re: Re: Re: Re:

    "... with enough time and effort pretty much anything is vulnerable..."

    With a single change, this assertion is correct. The change is to remove the words "pretty much".

    Even AES. All of those claims about how it would take longer than the lifespan of the universe to break are based on brute-force attacks, which is not how breaking them is done in the real world.

    Ignoring quantum encryption (which is still purely experimental and largely theoretical) and excepting one-time pads (which are very difficult -- although certainly not impossible -- to do properly), there is no encryption scheme which is unbreakable.

    The value of encryption is not to keep something a secret forever. If you need to do that, then you're better off using different methods. The value is to make breaking so time-consuming and expensive that by the time it has been accomplished, the data that was encrypted is not so critical anymore.

    link to this | view in thread ]

  48. identicon
    Anonymous Coward, 5 Nov 2014 @ 10:35am

    Re: Re: Re: Re: Re: Re:

    there is no encryption scheme which is unbreakable

    Do you have a proof of that?

    To prove:
    Every encryption scheme which cannot be broken with less effort than brute force is necessarily equivalent to a Vernam cipher.


    I've never seen that proof.

    No more than I've ever seen a proof that P != NP.

    link to this | view in thread ]

  49. identicon
    Anonymous Coward, 5 Nov 2014 @ 10:36am

    He is a Sophist. The evil kind Socrates warned of, and should be pointed out as such, and then rejected.

    link to this | view in thread ]

  50. identicon
    Anonymous Coward, 5 Nov 2014 @ 10:41am

    Re:

    Remember Remember the Fifth of November, The Gunpowder Treason and Plot, I know of no reason why the Gunpowder Treason should ever be forgot.

    link to this | view in thread ]

  51. identicon
    New Mexico Mark, 5 Nov 2014 @ 10:56am

    Re: Re: Re: Re: Re: Re: Re:

    And of course, encryption is not meant to withstand any attack forever. It is intended to exceed the resources (time, money, focus, constraints, etc.) an attacker would reasonably bring to bear to gain access through the encryption layer vs. obtaining that data via other methods. Essentially, it is cost/benefit analysis.

    We also act in faith to a certain extent that the assumptions behind a particular method of encryption haven't changed. (I.e. a mathematically efficient way to reverse a one-way function or a weakness in "random" number generation has not secretly discovered.)

    The "my data is encrypted using xyz method and you will never be able to get to it. Never! Bwahahahaha!" is unrealistic. Methods to protect data are business decisions as well as technical ones, so using commercial tools in a way that reduces the likelihood of preinstalled backdoors is reasonable.

    One might presume the reason the NSA screams so loudly about large shifts toward even moderately strong encryption is not because they can never decrypt any particular communication, but rather because they can't easily intercept/store the vast majority of communication (and have a much narrower field of "interesting" encrypted traffic). In other words, the cost/benefit ratio has been shifted dramatically.

    After all, if a government really wants my data and is not constrained by law, there are extremely efficient decryption solutions available today that can defeat any known methods of encryption I may have employed.

    https://xkcd.com/538/

    link to this | view in thread ]

  52. identicon
    Anonymous Coward, 5 Nov 2014 @ 10:56am

    Re: Re: Re: Re: Re: Re: Re:

    there is no encryption scheme which is unbreakable

    Immediate prior clause from the post
    and excepting one-time pads (which are very difficult -- although certainly not impossible -- to do properly),


    A one time pad, done properly is theoretically unbreakable. Because it uses a pure random key, it is possible to generate a key, of the same length as the message, to translate (decrypt) it into any string of the same length; which includes all meaningful strings of the message length, including padded strings, in all languages that can be represented in the coding scheme that could be represented by the encrypted message. Hence, providing a key that produces a meaningful message is not proof that that is what was sent.

    link to this | view in thread ]

  53. icon
    connermac725 (profile), 5 Nov 2014 @ 11:10am

    In what world

    Beyond that, Baker insists that, really, the public doesn't want encryption anyway, and if people only knew what was really going on with the "bad guys," we'd all be willing to give up our privacy:


    In what world do people not care about their privacy Baker is another fear monger
    I encrypted my phone just because of people like him clueless

    link to this | view in thread ]

  54. icon
    John Fenderson (profile), 5 Nov 2014 @ 11:11am

    Re: Re: Re: Re: Re: Re: Re:

    No, I have no mathematical proof. However, the assertion has so far held true empirically. You're right, that this is much like the P != NP problem, and must be considered in an analogous way: until the assertion is mathematically settled, we have to go by empirical observation.

    link to this | view in thread ]

  55. identicon
    Anonymous Coward, 5 Nov 2014 @ 11:17am

    Re: Re: Re: Re: Re: Re: Re: Re:

    ... much like the P != NP problem...

    Intuitively, I believe your claim was "P == NP", and I'm kinda noodling around with an actual proof that is indeed what you claimed.

    Fwiw, the other AC's reply also got me to thinking about Kolmogorov complexity.

    link to this | view in thread ]

  56. icon
    Pronounce (profile), 5 Nov 2014 @ 11:23am

    This Encryption Arms Race Needs a Change of Tactics

    As was recently reported in PCWorld Microsofts top legal counsel is calling this an encryption arms race.

    I suggest we take a page out of the spook agencies' handbook and be more aware of who is looking at whom.

    The technology to do this readily available and in place, but the funding needed may prevent anything like this from happening.

    My vision is to create a system by which standardized honeypots are located in the DMZ of routers and the firmware of mobile devices and then report to a community monitored database that shows who is looking at home in real time.

    Using projects like Tomato and DD-WRT and Cyanogenmod to develop an open source honeypot project with standard updates to stay on top of the latest attacks and then each device reporting to a centralized public domain database showing aggregate data that highlights the type of attack and the targets of the attack.

    link to this | view in thread ]

  57. icon
    John Fenderson (profile), 5 Nov 2014 @ 11:41am

    Re: Re: Re: Re: Re: Re: Re: Re: Re:

    "Intuitively, I believe your claim was "P == NP""

    Yes, I wasn't going to nitpick this because it's often referred to both ways, and either way is logically the same thing.

    link to this | view in thread ]

  58. identicon
    Anonymous Coward, 5 Nov 2014 @ 12:10pm

    appears to be Baker supporting authoritarian states spying on its citizenry


    As the years go by, it gets harder and harder to see very much difference between the actions of the US and other 1ˢᵗ world countries. They are all doing the same things and what they are not doing that distinguished them from each other is fading into a blurry undefined border that gets ever more difficult to compare those differences. It's like everyone is going back to a banana republic.

    Now add lawyer + NSA and if that isn't recipe to hear a lie, it only misses politician in the mix. While I read what is reportedly said here from the NSA, in the back of my mind I always hear, "This is the NSA and it lies all the time". I now filter all incoming input from that group with that in mind. Nearly nothing do I accept coming from them at face value. It always requires supporting evidence from someone else to have a hint of believability to it. Government does not supply supporting evidence because it too is caught in the same trap. Given that it has lied so much, when it comes time to believe because they need you to have faith, it's not there now. I won't take their info at face value. They have squandered the inherent trust and the ability to be taken at face value with things like "We're the good guys".

    link to this | view in thread ]

  59. icon
    JP Jones (profile), 5 Nov 2014 @ 12:15pm

    Re: Re: Re: Re: Re:

    Nobody needs to break the encryption. They just need to break the password.

    Which is easy. Any security system is only as strong as it's weakest link. And, in the case of computer security, most of the time you (the user) are the weakest link.

    link to this | view in thread ]

  60. identicon
    Anonymous Coward, 5 Nov 2014 @ 12:19pm

    Re: Re: Re:

    Will you settle for a hoverboard?

    link to this | view in thread ]

  61. identicon
    Anonymous Coward, 5 Nov 2014 @ 12:30pm

    Re: Re: Re: Re: Re: Re:

    They just need to break the password...Which is easy.

    Oh, you'd like my passord. Happy to oblige.

    #! /bin/sh

    head -c 42 /dev/urandom | base64 -w 7 | sed -ne '1 h; 1! H; $ { g; y,\n+/,:-_,; p }'

    Right you are! All you have to do is ask the user, and they give it right up.

    link to this | view in thread ]

  62. identicon
    Anonymous Coward, 5 Nov 2014 @ 12:34pm

    Re: Re: Re: Re:

    Will you settle for a hoverboard?

    Cool. But it's not atomic jet-powered.

    It's the 21st century.   Dude, I want my atomic jet-powered hovercar.

    link to this | view in thread ]

  63. identicon
    Anonymous Coward, 5 Nov 2014 @ 1:23pm

    Re: Re: Re: Re: Re:

    AES is an algorithm, not an implementation. Bitlocker is an implementation, and it includes parts that significantly weaken the potential security in ways that are not trivially verifiable.

    Most AES implementations used in today's products are seriously flawed, and do not adhere to the theoretical mean time required to brute force the theoretical model.

    link to this | view in thread ]

  64. identicon
    Anonymous Coward, 5 Nov 2014 @ 1:25pm

    Re: Re: Re: Re: Re: Re: Re:

    You just leaked the fact that you seed with urandom. Now a replay attack could actually arrive at your password in a finite amount of time....

    link to this | view in thread ]

  65. identicon
    Anonymous Coward, 5 Nov 2014 @ 1:39pm

    Re: Re: Re: Re: Re: Re: Re: Re:

    You just leaked the fact that you seed with urandom.

    Even worse, I'll leak the fact that I seed the urandom pool with input from both:

    Hotbits
    Random.org

    That's not too terrible of a leak, insamuch as anyone observing my internet connection can see it. But still...

    link to this | view in thread ]

  66. identicon
    Anonymous Coward, 5 Nov 2014 @ 2:01pm

    Make it yourself encryption.

    Even though I work in the IT business, I really haven't studied this area much, but would it be impossible to think that organized terrorists could make encryption themselves?

    link to this | view in thread ]

  67. identicon
    Zonker, 5 Nov 2014 @ 2:05pm

    Rephrasing Baker's claims for transparency

    Beyond that, Baker insists that, really, the public doesn't want locks on their doors anyway, and if people only knew what was really going on with the "bad guys," we'd all be willing to leave our doors open all the time.

    link to this | view in thread ]

  68. identicon
    liar, 5 Nov 2014 @ 2:51pm

    People won't stop using Google and Apple products because of that.

    link to this | view in thread ]

  69. icon
    John Fenderson (profile), 5 Nov 2014 @ 2:52pm

    Re: Make it yourself encryption.

    "would it be impossible to think that organized terrorists could make encryption themselves?"

    Not impossible at all, but if they do then they're fools. It's actually really, really hard to come up with strong homebrew encryption, and it's even harder to verify that the encryption you have is any good.

    Crypto is a highly specialized field of mathematics. If you aren't an expert in it, you're begging for trouble by going the DIY route.

    link to this | view in thread ]

  70. icon
    John85851 (profile), 5 Nov 2014 @ 3:44pm

    Slippery slope

    ... they will do anything to find that person and identify them so they can be punished.
    I'm surprised no one picked up on this slippery slope of abusing rights. It starts by doing "anything" to stop a bad guy (terrorist, child molester, etc). Then when the police break some rules, like gathering data without a warrant, and get their man, this will set a precedent so they can continue doing it. "Just this once" to stop a "terrorist" never seems to be just once.

    link to this | view in thread ]

  71. identicon
    Anonymous Coward, 5 Nov 2014 @ 8:26pm

    "play ball or we will shut you down"

    What is this the mob?

    link to this | view in thread ]

  72. icon
    toyotabedzrock (profile), 5 Nov 2014 @ 10:13pm

    Giving into the backdoor demands of those countries eliminated the last of their customers.

    link to this | view in thread ]

  73. identicon
    David, 6 Nov 2014 @ 3:51am

    Re:

    Won't anybody think of all the money?

    link to this | view in thread ]

  74. identicon
    David, 6 Nov 2014 @ 4:12am

    Re:

    You are probably referring to the conclusions in "Euthydemon". Those are actually pretty bland. The dialog as a whole, however, is hi-la-ri-ous.

    Sokrates is not actually warning of an "evil kind" here: he is rather dismissing them as irrelevant.

    link to this | view in thread ]

  75. identicon
    Anonymous Coward, 6 Nov 2014 @ 8:33am

    This is like something out of a spam message: "...the CEO of Blackberry broke the chain, and his business began to fail...."

    link to this | view in thread ]

  76. icon
    JP Jones (profile), 7 Nov 2014 @ 4:19am

    Re: Re: Re: Re: Re: Re: Re:

    Oh, you'd like my passord. Happy to oblige.

    And where do you store this password? I'm willing to bet you don't have it memorized.

    The nature of passwords is that the harder it is to crack, the harder it is for humans to remember. If the password becomes too difficult to remember, and must be stored, it's now worthless (because the password to store the complex password will need to be easy enough to remember...which defeats the purpose of the complex password).

    Either way, the point is that it's much easier to crack a password than the encryption it protects. Computers have gotten powerful enough that even standard computers using a graphics card can test an insane amount of passwords per second. A specialized computer, such as EFF's Deep Crack, would break your hash in under a month.

    Passwords are like a door lock. They'll stop someone from easily breaking in, but even the toughest door or most complex lock is only going to buy you time. A determined attacker is getting in.

    link to this | view in thread ]

  77. identicon
    Anonymous Coward, 8 Nov 2014 @ 10:45pm

    I can't speak for anyone else, but RIM giving in and installing backdoors for governments was what turned me off Blackberry.

    And, at least in my memory, the timing of these backdoors corresponded quite closely with RIMs slide out of the marketplace.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.