White House Takes The Cowardly Option: Refuses To Say No To Encryption Backdoors, Will Quietly Ask Companies
from the ridiculous dept
Last month, we wrote about a document leaked to the Washington Post that showed the three "options" that the White House was considering for responding to the debate about backdooring encryption. The document made it clear that the White House knew that there was zero chance that any legislation mandating encryption backdoors would pass. But the question then was what to do about it: take a strong stand on the importance of freedom and privacy, and make it clear that the US would not mandate backdoors... or take the sleazy way out and say "no new legislation for now." As we said at the time, option 1 was the only real option. You take a stand. You talk about the importance of encryption in protecting the public.However, it appears that the White House has taken the cowardly approach. Yesterday, the leading voice in favor of mandating encryption backdoors, FBI Director James Comey, announced that the administration would not push for legislation to mandate backdoors... for now. But it will still push for backdoors quietly behind doors with companies.
After months of deliberation, the Obama administration has made a long-awaited decision on the thorny issue of how to deal with encrypted communications: It will not — for now — call for legislation requiring companies to decode messages for law enforcement.This is a totally bullshit response. Of course the administration isn't asking for legislation: because everyone knows (1) it couldn't pass and (2) it would be a really, really stupid thing to ask for. In that leaked document last month, the administration noted that with this option public interest groups "would likely see this outcome as a solid win." They're wrong. This option is bullshit. It's one notch up from literally "the least they could do." It doesn't help anyone. It provides cover to countries that do want to undermine the tech industry and mandate backdoors. It leaves open the ways to pressure tech companies to secretly include backdoors that undermine everyone's safety. And, worst of all, it takes away any and all "high ground" positions for the administration to point out that it doesn't want to undermine the safety and security of the American public.
Rather, the administration will continue trying to persuade companies that have moved to encrypt their customers’ data to create a way for the government to still peer into people’s data when needed for criminal or terrorism investigations.
“The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry,” FBI Director James B. Comey said at a Senate hearing Thursday of the Homeland Security and Governmental Affairs Committee.
In short, the administration didn't take the strong stand when the strong stand was the only feasible path. There are enough people within the administration who know this is the stupid choice, and yet they still took it. A very weak move from an administration that should know better (and does know better), just to please some technologically-clueless law enforcement folks.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybersecurity, encryption, encryption backdoors, going dark, james comey, obama administration, white house
Reader Comments
Subscribe: RSS
View by: Time | Thread
"Safety? Please, our ability to spy on you trumps your right to privacy and security."
One more time with feeling:
The 'conversation' is over, and has been for decades.
They're asking for the impossible with 'secure' broken encryption. Not 'difficult', not even 'extremely difficult' but flat out impossible. Encryption with a baked in vulnerability is by definition not secure. They know it, the tech companies know it, anyone with even the slightest bit of knowledge regarding any form of security knows it.
That they continue to push for breaking encryption like this is just another piece of evidence showing that they don't give a damn about the public's safety, all they care about is that they be able to do whatever they want with the least amount of interference. Put the public at risk by intentionally sabotaging the security that protects their private information, from emails to banking? Why should they care, it's not their data at risk, and so long as they can grab as much data as they want, so what if others do the same?
[ link to this | view in chronology ]
Re: "Safety? Please, our ability to spy on you trumps your right to privacy and security."
Remember, magic!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
and they're not too slow for most uses other than the newest
games. Look for ACPI motherboards without UEFI, max out the
RAM and the CPU speed and it should last you quite a while.
[ link to this | view in chronology ]
Anything after that is not as trustworthy.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Really?
[ link to this | view in chronology ]
My point is that pre-UEFI motherboards are far
less vulnerable to BIOS infection and offer no
obstructions to installing an operating system
of your choice and your choice alone; even if
you built it from scratch.
It's a bonus that they still perform well enough
for most uses, partly why PC sales are down lately. ;]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Are you suffocating there James?
The entire world KNOWS that there is absolutely no way to backdoor encryption without breaking it.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Obvious Obama Administration Position
[ link to this | view in chronology ]
open-source
[ link to this | view in chronology ]
Re: open-source
[ link to this | view in chronology ]
Re: open-source
they may very well not, for all kinds of reasons...
moles, social engineering, bribery, threats, or other means of injecting the alphabet spook's code could/would be used...
how would 99.999% of have any knowledge of such sophisticated attacks ? ? ?
zey haf vays uf maching you sprech...
[ link to this | view in chronology ]
The Open Source Hive Mind has been pretty forthright before.
So the Open Source sector has detected these things before, and were distracted by social politics within the project. Now they have cause to be paranoid about it. I suspect they'll jump on any discovered exploit like Americans on a disruptive airline passenger.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Jerry Pournelle's Iron Law of Bureaucracy
But yeah, future administrations are going to have to be engineered to curb this problem.
But long before Bush and Obama have our administrations been looking out for themselves, or their plutarch masters before their alleged bosses, the American People.
[ link to this | view in chronology ]
Also...
Plus, any critical code is obviously torn apart by every major country's version of the NSA, just looking for such back doors. Suggesting they may appear will simply make those foreign agencies more paranoid.
I don't give the white house credit for this being a clever fake-out to make foreign agencies work overtime looking for nothing. More likely, I expect it to be a version of the old Law & Order tactic - "you can give us what we want, or we'll call the Health Inspector and every other regulatory agency and tie you up in knots for the next 5 years..."
[ link to this | view in chronology ]
This is how it's going to go down.
Someone within that company is going to leak that there is a secret back door, and probably a couple of clues as to how to crack it.
Someone will crack it. If they're smart, since whitehats get prosecuted these days, they'll go totally blackhat and use it for their own exploits.
Someone will realize they got hacked
The company will dismiss it as a aberration, probably human error.
More people will get hacked. The backdoor will seep into the cracking community.
At that point, with no way to trace it back to the leaks or the original cracking research, the backdoor will go public. Whitehats will quickly determine the back-door is not an exploit, but was willfully baked in.
The company will lose all its user trust, as will the United States. As will any software exports from the US.
[ link to this | view in chronology ]
Re: This is how it's going to go down.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
State Actors
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Cellphones will never be secure so long as the baseband radio transceiver's processor remains a black box full of secret closed-source backdoor exploits.
The best privacy advocates can do is to connect separate hardware devices to their cellphones for handling the encryption process. Hardware encryption devices such as JackPair (http://www.jackpair.com).
This way cellphones can be completely compromised and it doesn't matter. The cellphone is simply being used as a modem to the internet. Leaving the end-to-end encryption task to the uncompromised hardware device running free software.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Predictable as flies finding turds
An excerpt from my response to the techdirt article:
Former NSA Directors Coming Out Strongly *Against* Backdooring Encryption - October 8
"Tell the public that back doors are not cool and that we're dropping that whole idea in the waste basket, then secretly add back-doors to everything the public touches, using public money to bribe companies where possible, and when necessary, secret legislation to force the issue with the companies that balk at the idea."
Looks like the Admin has decided to go back to doing things the old way, like the spy bosses want - secretly, behind the backs of Americans, using tax payer money for bribes and secret laws to make the criminal activities of the agencies legal and to force the companies that refuse to play ball, to assist in the crimes, or pay the price.
Its obvious that the "persuasion" is already underway.
Wonder if the secret legislation is already in effect.
---
[ link to this | view in chronology ]
Re: Predictable as flies finding turds
[ link to this | view in chronology ]
Re: Re: Predictable as flies finding turds
The canonical example is Ken Thompson's login hack: http://scienceblogs.com/goodmath/2007/04/15/strange-loops-dennis-ritchie-a/
[ link to this | view in chronology ]
Compilers that are compiled by the previous iteration
I'd think if you wanted a clean compile you'd need it run by an original, assembler-written compiler, yes?
And then the base compiler is sustained on its own and used only to compile the C-Compiler.
A really bad case scenario: The NSA inserts their backdoor scheme into a commonly used C-compiler, and gets away with it for years. Then China gets a hold of the backdoor scheme (which is now in everything used in the US and much of Europe) and disseminates it to black-hat channels for maximum damage.
Then, not only is everything exposed, but it can't be easily fixed without going back to a way outdated iteration.
It's pretty scary.
[ link to this | view in chronology ]
Re: Re: Re: Predictable as flies finding turds
And it will behoove the snoop and scoop agencies to use more secret laws and whatever amount of tax-payer and drug-sale money necessary to insure that open source is at least partially compromised, since it will soon be the only choice left.
What good is paying/forcing companies to put back-doors in their communications devices if the public can just switch to open-source coded devices?
I see a huge agency-driven anti-marketing scheme in the future - a massively covered media scandal - where a well known open source product line will be "discovered" to be "evil".
The best way to prevent open source from becoming the choice of a nation, is to scare folks away from it and make it look dangerous or criminal.
A cheaper method than trying to find ways to add hidden back doors in user compiled software and a tried and true means of misdirection that has regularly proven effective in making Americans avoid something beneficial in the past.
---
[ link to this | view in chronology ]