Hillary Clinton's Staff Recognize She Doesn't Understand Encryption And Is Supporting 'The Impossible'

from the that's-at-least-marginally-reassuring dept

Hillary Clinton's position on encryption -- like so much of her tech policy -- has been kind of vague and wishy-washy. Saying things that possibly sound good, but could easily turn out to be bad depending on what is really meant. It's sort of the classical politician's answer on things, trying to appease multiple sides of an issue without getting fully pinned down on something that might come back to bite you later.

It started back in November of 2015, when Clinton gave a speech, which put her firmly into the "but Silicon Valley should nerd harder to figure out a backdoor" camp. A few weeks later, she doubled down on the "nerd harder" response in an interview with George Stephanopoulos:
STEPHANOPOULOS: How about Apple? No more encryption?

CLINTON: This is something I've said for a long time, George. I have to believe that the best minds in the private sector, in the public sector could come together to help us deal with this evolving threat. And you know, I know what the argument is from our friends in the industry. I respect that. Nobody wants to be feeling like their privacy is invaded.

But I also know what the argument is on the other side from law enforcement and security professionals. So, please, let's get together and try to figure out the best way forward.
A few weeks after that, she went even further, calling for a "Manhattan Project" on backdooring encryption. As we noted at the time, that made no sense and suggested a complete cluelessness about encryption and the issues related to it.

Now, with the release of the hacked emails from Clinton campaign manager John Podesta, we get to find out that Clinton's staff basically agreed with us that her statements on encryption were ridiculous, and felt that she should not support any effort to backdoor encryption. It started with an internal discussion in response to an inbound request from Politico, where some of her staffers sought to avoid answering the question on backdooring encryption, while admitting internally the reality. Here were the "boiled down" talking points, presented by Ben Scott (a former State Dept official who also ran Free Press for a few years):
1-The bad guys could already get crypto -- we helped the good guys get it.

2-The Internet Freedom investments in these technologies were strongly bipartisan (and remain so).
Those are good points. I wish she'd actually said that, rather than what eventually came out.

The second email comes right after that "Manhattan Project" comment at the debate in the middle of December, and there her staffers discuss what a terrible analogy it is and how they should tell the tech industry that Hillary won't support backdoors, but instead supports using hacking/malware to spy on terrorists (which is a better solution all around, though it raises some other issues).

The email thread starts off with lawyer and Clinton (and former Obama) advisor Sara Solow first highlighting the flip-floppy nature of Clinton's comments, and then followed it up by noting that the "flop" side of (supporting backdooring encryption) is "impossible":
She basically said no mandatory back doors last night ("I would not want to go to that point"). In the next paragraph she then said some not-so-great stuff -- about there having to be "some way" to "break into" encrypted content-- but then she again said "a backdoor may be the wrong door."

Please let us know what you hear from your folks. I would think they would be happy -- she's certainly NOT calling for the backdoor now -- although she does then appear to believe there is "some way" to do the impossible.
Teddy Goff, a political strategist and the digital director for Obama for America during the 2012 campaign, responds, calling it "a solid B/B+" and suggests that someone tell Clinton never to use the Manhattan Project line again. He also highlights the point that Ben Scott had raised a month earlier, and that it was clear that Clinton did not understand, that there is open source encryption out there that anyone can use already, and any attempt to backdoor proprietary encryption won't stop anyone from using those other solutions. Finally, he suggests that having "pledged not to mandate backdoors" will be useful going forward.
i think it was fine, a solid B/B+. john tells me that he has actually heard nice things from friends of ours in SV, which is rare! i do think that "i would not want to go to that point" got overshadowed in some circles by the "some way to break in" thing -- which does seem to portend some sort of mandate or other anti-encryption policy, and also reinforces the the ideological gap -- and then, more atmospherically, by the manhattan project analogy (which we truly, truly should not make ever again -- can we work on pressing that point somehow?) and the cringe-y "i don't understand all the technology" line, which i also think does not help and we should avoid saying going forward.

speaking of not understanding the technology, there is a critical technical point which our current language around encryption makes plain she isn't aware of. open-source unencrypted messaging technologies are in the public domain. there is literally no way to put that genie back in the bottle. so we can try to compel a whatsapp to unencrypt, but that may only have the effect of pushing terrorists onto emergent encrypted platforms.

i do think going forward it will be helpful to be able to refer to her having pledged not to mandate a backdoor as president. but we've got to iron out the rest of the message. i actually do believe there is a way to thread the needle here, which i am happy to discuss; it requires us to quickly pivot from encryption to the broader issue of working with tech companies to detect and stop these people, and not getting into the weeds of which app they happen to use and that sort of thing.
Finally, Solow responds to Goff agreeing that the "some way in" line implies undermining encryption, but suggests that they quietly let the tech world know that they don't mean backdoors, but just mean hacking/malware:
That she says no backdoor, which is good, but then says we need a way in, and then the bad line about not understanding technology. The latter two points make the first one seem vulnerable.

But in terms of wanting a way to break in - couldn't we tell tech off the record that she had in mind the malware/key strokes idea (insert malware into a device that you know is a target, to capture keystrokes before they are encrypted). Or that she had in mind really super code breaking by the NSA. But not the backdoor per se?
There are some obvious concerns with the hacking/malware stuff, but it's at a very different level than breaking encryption. While it's still ridiculous that Clinton won't just come out and say that backdooring encryption gives us both less security and less privacy, it does appear that she has people on her team who get the basics here. That's at least moderately encouraging. It would be better if there were some stronger indication that Clinton is actually listening to them.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, crypto wars, encryption, going dark, hillary clinton, manhattan project, nerd harder


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Stosh, 17 Oct 2016 @ 10:04am

    Hillary's keeping top secret information on a server that is not air-gapped shows a complete ignorance of cyber-security. And I'll go along with her "backdoors" when she starts leaving the backdoors to her compounds and houses unlocked and open to the public.

    link to this | view in thread ]

  2. icon
    Ryunosuke (profile), 17 Oct 2016 @ 10:07am

    the inherent flaw in the "The backdoor only for good guys" argument is two-fold, 1) it assumes that encryption can determine who is a "good guy" from a "Bad guy" and 2) AND MORE IMPORTANTLY it assumes that *WE* can determine the "good guys" from the "bad guys". Even "good guys" do not so good things when presented the opportunity (See: LoveINT)

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 17 Oct 2016 @ 10:08am

    Re:

    With the hacking of the DNC, you would think she would see the value of encryption. But I am guessing she instead has seen the value of hacking.

    link to this | view in thread ]

  4. icon
    DannyB (profile), 17 Oct 2016 @ 10:09am

    Re:

    I wouldn't want Hillary to leave her property's back doors open to the public. Just open to anyone who has a special key to get in through that door. Of course, as with the rest of us, she should not be aware of how many copies there are of that key, or who has them. She should just assume that only good guys will have a copy of that digital key.

    Remind Hillary that a digital key to her property, unlike a physical key, can be stolen over the internet by the same kind of people who hacked the DNC.

    link to this | view in thread ]

  5. icon
    Ninja (profile), 17 Oct 2016 @ 10:11am

    Accusations of Mike being pro Trump in 3, 2, 1...

    Then we will meditate on the "Schrodinger Mike" problem: Mike is pro Hillary and pro Trump at the same time. And will obviously vote for both. Because why not?

    Ahem.

    link to this | view in thread ]

  6. icon
    Ninja (profile), 17 Oct 2016 @ 10:13am

    Re:

    Actually, these people think it's magic. They just don't use the word.

    link to this | view in thread ]

  7. icon
    DannyB (profile), 17 Oct 2016 @ 10:13am

    Re:

    If the government wanted physical keys to our property, it might (and I say 'might') be possible to keep those physical keys secure. Even knowing that physical keys can be copied.

    But digital keys, unlike physical keys, can be copied by hackers, over the network, without taking the original copy. (Do you hear that RIAA / MPAA?)

    Given the recent news stories of hacking, would Hillary really want her own property protected by a system where the government had an unknown number of copies of keys to her property, and the key holders were unknown, and it might go completely unnoticed if hackers made off with copies of those keys.

    link to this | view in thread ]

  8. icon
    DannyB (profile), 17 Oct 2016 @ 10:14am

    Re: Accusations of Mike being pro Trump in 3, 2, 1...

    Schrodinger's cat is simply having a staring contest. It's not dead.

    link to this | view in thread ]

  9. icon
    DannyB (profile), 17 Oct 2016 @ 10:16am

    Past reminder about digital cluelessness

    It was a long time ago, but right here on TD.

    Hillary said that Wikileaks should 'return' the stolen digital documents. And, IIRC, it was Mike who pointed out "that's not how digital works". (Hear that MPAA / RIAA?)

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 17 Oct 2016 @ 10:18am

    But I also know what the argument is on the other side from law enforcement and security professionals.

    They want to be able to search anything, at anytime, and it whatever way they deem best suites their need. Part of a politicians job is to keep those people in check, rather than help them to establish a police state. Until politicians can be convinced to do their jobs, things will only get worse.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 17 Oct 2016 @ 10:36am

    Re:

    How do you air gap an email server?

    link to this | view in thread ]

  12. icon
    Ryunosuke (profile), 17 Oct 2016 @ 10:41am

    Re: Re:

    that's pretty much what i was getting at. Encryption doesn't care WHO has the keys, just that you HAVE the keys. and even then, it doesn't care what you DO with those keys.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 17 Oct 2016 @ 10:41am

    HRC fails the Turing Test

    'Clinton gave a speech, which put her firmly into the "but Silicon Valley should nerd harder to figure out a backdoor"'

    Misunderstanding the *undecidability* of most questions about computer codes fails the most fundamental of Turing Tests.

    Turing tried his best to "nerd harder", and look what happened to him.

    In short, until you understand undecidability, STFU about backdoors and encryption.

    link to this | view in thread ]

  14. identicon
    Nick, 17 Oct 2016 @ 10:42am

    Re: Re:

    Wifi?

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 17 Oct 2016 @ 10:49am

    Re: Past reminder about digital cluelessness

    Nah, that's totally how digital works:
    http://27bslash6.com/overdue.html

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 17 Oct 2016 @ 10:50am

    I might well be to Clinton's advantage to be, or at least pretend to be, a technological dunce, especially after emailgate. Just look at the way she answered almost every FBI question with "I don't remember."

    link to this | view in thread ]

  17. icon
    Dave Cortright (profile), 17 Oct 2016 @ 10:51am

    Another data point that shows an unsettling trend

    You know her staff also recognized that running her own mail server was a bad idea, told her so, and yet she did it anyway. And now here is evidence of the same thing going on with her views on encryption.

    If she is going to hire smart, capable experts only to use as props and not to actually set her policy, that bodes poorly for an HRC White House.

    I already wasn't going to vote for her because of this exact reason. I appreciate having more evidence reinforcing my decision.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 17 Oct 2016 @ 11:01am

    Re: Re:

    It's not hard. I've done it.

    What you do is stick a proxy email server in front of it that is configured to (a) queue and hold inbound traffic and (b) accept and transmit outbound traffic. Periodically, you write the inbound queue on media, transport it to the air-gapped email server, and flush it into the delivery mechanism on that server. Then you reverse the process, carrying the outbound queue over and flushing it.

    This of course has its drawbacks, notably the delays involved, but since email isn't instant messaging and isn't supposed to be, that's not much of an issue. (And it can be mitigated by doing the process more frequently.) And since the air-gapped email server can't access DNS across the Internet, it's necessary to configure it to accept all outbound traffic without first checking to see if the domain part of the address is valid, e.g., it has to accept mail to example.com even if example.com doesn't exist, because it has no way to know that. Of course this mistake will be noticed eventually, once the outbound attempt to send fails, but that does impose a time delay.

    And so on. It's really that hard to do this is you use open-source tools like Unix or Linux, sendmail or postfix.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 17 Oct 2016 @ 11:07am

    If she is going to hire smart, capable experts only to use as props and not to actually set her policy, that bodes poorly for an HRC White House.

    I agree with you that this is the picture we're getting here. However, on many other policy issues, she has shown herself willing to consult with and listen to experts. Examples: economics, employment, climate, terrorism, policing, civil rights, education, and medicine. Given that, I suspect that tech is just a blind spot, and I hope that once she takes office, she'll be more inclined to remedy that.

    link to this | view in thread ]

  20. identicon
    AnonCow, 17 Oct 2016 @ 11:29am

    Clinton not supporting encryption is like someone who has just been beaten and robbed in his own home not supporting door locks.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 17 Oct 2016 @ 11:34am

    "Doubling down?"

    The statement described as "doubling down" says almost literally nothing. Someone from Apple could just go into a room with someone from the FBI and say "strong encryption is the best way forward". Evidently the Manhattan project comment was this:
    the US should launch a "Manhattan-like project" to "bring the government and tech communities together" so that law enforcement can "prevent attacks."
    Neither statement has any substance whatsoever. In other words, here's her plan:
    1. meet with technologists
    2. ?
    3. safety

    link to this | view in thread ]

  22. icon
    Groaker (profile), 17 Oct 2016 @ 11:53am

    Re:

    Air gapping is no longer sufficient to protect a PC.

    A "simple" technique is available with a cell phone.

    "Researchers Hack Air-Gapped Computer With Simple Cell Phone"
    https://www.wired.com/2015/07/researchers-hack-air-gapped-computer-simple-cell-phone

    Other methods exist that have been reported to crack PCs that are completely airgapped, and are in another room from a networked PC.

    Bit whisper is one that uses thermal emission.
    https://www.helpnetsecurity.com/2015/03/24/hack-air-gapped-computers-using-heat/

    Audio techniques have also been employed, as well as interpreting fan speed changes. Undoubtedly many more.

    As far as encryption goes, even the old standby of one time pads have been cracked on occasion.

    If you think your smart phone is safe if it never leaves your hands, think again. Celebrite makes devices that can directly read everything on your smartphone without physical contact, or invading your personal space (just your smartphone.)

    link to this | view in thread ]

  23. icon
    Groaker (profile), 17 Oct 2016 @ 12:01pm

    Re: Re:

    The physical key thing worked so well for traverelers luggage when operated by Homeland (In)security.

    link to this | view in thread ]

  24. icon
    Groaker (profile), 17 Oct 2016 @ 12:08pm

    Re:

    Very few locks can keep anybody out, except someone who believes in the lock fairy.

    Just a few truly trivial methods.
    http://www.wikihow.com/Open-a-Locked-Door

    link to this | view in thread ]

  25. icon
    Padpaw (profile), 17 Oct 2016 @ 12:41pm

    Re:

    really do you have any examples of these you can share?

    link to this | view in thread ]

  26. icon
    Groaker (profile), 17 Oct 2016 @ 12:43pm

    Re: HRC fails the Turing Test

    When the nerds are finished finding the golden backdoor key, they should start nerding on squaring the circle. Then eliminating air pollution by finding a way to revoke the Second Law of Thermodynamics.

    link to this | view in thread ]

  27. identicon
    Thad, 17 Oct 2016 @ 1:13pm

    Re: Re:

    Right. There are a million reasons why encryption is not really analogous to physical locks; this is one of them.

    Because properly designed, properly deployed encryption really is unbreakable (at least, given current technology -- if quantum computing becomes viable, then all bets are off). There's a reason that most modern attacks focus on circumventing encryption, not breaking it. (Man-in-the-middle attacks, malware, phishing, etc.)

    link to this | view in thread ]

  28. icon
    DannyB (profile), 17 Oct 2016 @ 1:16pm

    Re: Re:

    Are you asking for examples where she was not paid to 'remedy' her blind spots?

    Not that every other politician doesn't do the same.

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 17 Oct 2016 @ 1:34pm

    Re: Re: Re:

    'Because properly designed, properly deployed encryption really is unbreakable (at least, given current technology -- if quantum computing becomes viable, then all bets are off)'

    Properly implemented "one-time pad" encryption -- used by the Soviets since WWII -- is provably unbreakable even by a quantum computer.

    The few breaks of Soviet WWII encryption -- e.g., the Cambridge group, Julius Rosenberg -- were due to flawed implementation (violations of the "one-time" property of the random numbers). Google Venona.

    However, man-in-the-middle (MITM) can still be used against one-time pad encryption, so establishing trust becomes the major problem.

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 17 Oct 2016 @ 1:42pm

    HRC: Can't we all just get along?

    Yep. After the FBI locks you the fuck up.

    Until the law extends to all Americans, we remain unobliged.

    --Sincerely,
    --The tech sector.

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 17 Oct 2016 @ 2:12pm

    Re:

    To play devil's advocate - how would encryption have stopped the hack? Unless your assertion is all this data from Clinton's servers was acquired from a passive tap of Clinton's campaign server's uplink/downlink or unless your assertion is that her server's physical drives were stolen by foreign intelligence services without their RAM (and thus any encryption-at-rest keys) being imaged, encryption alone wouldn't have done a damn thing to prevent her dirty laundry from being uploaded to Wikileaks.

    I'm all for strong, unbreakable encryption, but it isn't a silver bullet for all security woes.

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 17 Oct 2016 @ 2:40pm

    Re: Re:

    There's rather a lot so rather than enumerating it all, I'll just point you to the position papers on her web site. (Which is not to say that I agree with all of them: in some cases I have sharp differences. But they're well-researched and clearly incorporate expert input.)

    Probably the best example is climate. She's not a climatologist, but her grasp of the issues meshes extremely well with what experts are saying and publishing. And it's evolved -- which is a good thing, because our understanding is evolving too.

    You can like or dislike Clinton, but one thing you have to admit is that she's a policy wonk. She studies. Even on the issues where I think she's wrong, I have to concede that she has a superb grasp of the facts.

    link to this | view in thread ]

  33. identicon
    Anonymous Coward, 17 Oct 2016 @ 2:53pm

    Re: Re: Re:

    Except on tech issues like encryption which is the theme of this article.

    link to this | view in thread ]

  34. icon
    Groaker (profile), 17 Oct 2016 @ 2:54pm

    Re:

    Ms Clinton showed great humility in listening to experts in the trading of commodities and stock. The proceeds of which were often moved from someone else's account to hers. She also listened to the experts who allowed her to trade in violation of exchange rules.

    What a pity she can't seem to listen to experts when the issues involved don't result in incredulous sums being deposited to her accounts.

    link to this | view in thread ]

  35. identicon
    Anonymous Coward, 17 Oct 2016 @ 3:12pm

    Re:

    "[Hillary] has shown herself willing to consult with and listen to experts. Examples: ... medicine"

    Yes, indeedey!

    Take that speed, so you can get through the next debate without falling over.

    Then after Nov. 8, please spend two months recuperating in Warm Springs with your muse Eleanor, so you'll have the strength to hold you hand up Jan. 20 for a few moments.

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 17 Oct 2016 @ 3:46pm

    Re: Re: Re:

    Prior to digital electronic communications, most conversations were not recorded, and therefore not available to law enforcement and the security services after the event unless hey found a witness willing to testify. Occasional, people actually kept their written correspondence, but that was mainly love letters and everyday innocent gossip.
    Strong encryption is not making their jobs impossible, but rather requires the police and security services to actual make and maintain real contacts with people. The real problem here is that law enforcement and the security services have come to believe that they are entitled to capture every bit of recorded information, and trwl through it to find out what people are doing. However the people they should be going after, like the puppet masters controlling terrorists, and high level criminals know how to keep their conversation private, by playing a round of golf, or other such activities that make listening in to their conversations difficult.
    Certainly as far as law enforcement is concerned, strong encryption is likely to have a direct benefit to society, force law enforcement to engage with the community, rather than treating them as the enemy, as without that engagement they will really be in the dark.

    link to this | view in thread ]

  37. identicon
    Anonymous Coward, 17 Oct 2016 @ 4:08pm

    Re: Re:

    I don't know, like with bubble wrap or something? ;-)

    link to this | view in thread ]

  38. identicon
    Thad, 17 Oct 2016 @ 4:09pm

    Re: Re:

    Air gapping is no longer sufficient to protect a PC.

    A "simple" technique is available with a cell phone.


    Sure, but this still requires physical proximity.

    As far as encryption goes, even the old standby of one time pads have been cracked on occasion.


    How do you mean?

    A true OTP (where the pad is not reused and is the same length as the message) can't be brute-forced. The problem is that the pad has to be transmitted somehow, and we're back at the starting point: how do you transmit a message without it being observed in transmission? That's why OTP is, in the vast majority of all cases, impractical; if you have a secure way of transmitting the pad, why do you need it in the first place?

    link to this | view in thread ]

  39. identicon
    Thad, 17 Oct 2016 @ 4:11pm

    Re: Re: Re: Re:

    ...did you read the part where he said "Given that, I suspect that tech is just a blind spot, and I hope that once she takes office, she'll be more inclined to remedy that."?

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 17 Oct 2016 @ 4:11pm

    Re: "Doubling down?"

    In other words, here's her plan:

    1. meet with technologists
    2. ?
    3. safety
    ...and as always,

    4. PROFIT!!!11!

    link to this | view in thread ]

  41. identicon
    Thad, 17 Oct 2016 @ 4:12pm

    Re: Re:

    Wow, here I was thinking nobody could possibly be dumb enough to believe the "she's on drugs" theory.

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 17 Oct 2016 @ 4:15pm

    i want clinton to even out the days. it's silly to have some days longer than others, and i'm sure smart people can figure out how to make them constant.

    link to this | view in thread ]

  43. identicon
    Thad, 17 Oct 2016 @ 4:19pm

    Re: Re: Re: Re:

    Well, right; the problem with OTP is that it's only as secure as the method used to transmit the pad.

    There are cases where OTP is useful -- say, where the purpose of encryption is to disseminate a message that only needs to be a secret until the pad is released, at which time it doesn't matter if everybody knows it; or if you're dispatching two messengers and one has the ciphertext and the other has the pad and this decreases the chance of both messengers being captured -- but they're pretty specific and rare.

    It's not a useful means of encrypting instantaneous communications.

    link to this | view in thread ]

  44. identicon
    Anonymous Coward, 17 Oct 2016 @ 4:28pm

    Re: Re: Re:

    if you have a secure way of transmitting the pad, why do you need it in the first place?

    Given the capacity of easily concealed media, like microSD cards, a one time pad cab be practical if you have a good random noise source, and can either meet up with your correspondents occasionally, or have a trusted courier. Given modern capacities, it may only need one key exchange to encrypt all messages you will ever want to exchange with a person. When the key was printed on paper, then key exchange was a real problem, but that problem had largely disappeared after CD were invented.

    link to this | view in thread ]

  45. identicon
    Anonymous Coward, 17 Oct 2016 @ 4:30pm

    Re: Re: Re: Re: Re:

    Remedying a lack of knowledge after you have formulated policy is like bolting the stable door after the horse has fled.

    link to this | view in thread ]

  46. icon
    art guerrilla (profile), 17 Oct 2016 @ 4:32pm

    Re: Re: Re:

    meta comment regarding email policy going forward :
    will power elite players be able to trust ANY email that won't be ultimately 'hacked' OR released by insiders (EVEN encrypted emails) ? ? ?
    (please note: decent encryption done right *MAY* be unhackable given the current state of the art (maybe), but what about a year or ten from now ? further, in the case of insider leaks, they presumably already have access/encryption keys, no hacking required...)
    if so, will that create a changed communication strategy, one where emails are simply pollyanna-ish bullshit which says all the right shit, but belies their actual thoughts and plans ? ? ?
    will evil minions be limited to face-to-face meetings and coded communications ? ? ? will email ever be the same again ? ? ?

    link to this | view in thread ]

  47. identicon
    Anonymous Coward, 17 Oct 2016 @ 4:49pm

    Re:

    have you looked at any of the emails that wiki is releasing? Crooked Hillary is quite the fitting name, actually, and Trump can go fuck himself.

    Bill is still banging bimbos, the press has never carried so much water as they do for HRC and Chelsea is a spoiled brat that drives the handlers bonkers...

    Truly some circus... and there seems to be some bread left?

    Funny to see the email etiquette of Podesta and the likes

    link to this | view in thread ]

  48. identicon
    Anonymous Coward, 17 Oct 2016 @ 4:54pm

    Re: Re: Re: Re: Re:

    "[One time pads are] not a useful means of encrypting instantaneous communications."

    B.S.!

    Agent takes 128GByte flash drive full of one-time pad random numbers.

    Control keeps copy.

    Agent can encrypt decades of SMS messages sent to Control.

    One-time pads (although not using flash drives) were used by the U.S. in Vietnam.

    link to this | view in thread ]

  49. identicon
    Thad, 17 Oct 2016 @ 5:38pm

    Re: Re: Re: Re: Re: Re:

    Perhaps it is, but it's also Clinton's entire campaign strategy, no? Repudiating positions she held in the 1990's?

    link to this | view in thread ]

  50. identicon
    Thad, 17 Oct 2016 @ 5:41pm

    Re: Re: Re: Re: Re: Re:

    That's not exactly what I meant by "instantaneous", since the keys have to be provided in advance, but it's a fair point. I still think it makes for a pretty special case; it's certainly not applicable to everyday activities like, say, online banking.

    link to this | view in thread ]

  51. identicon
    John Mayor, 17 Oct 2016 @ 5:52pm

    BEHAVIORAL UNCERTAINTY

    But!... even if she is listening to them, do THEY have the "GOODS"!
    .
    When governments begin discussing "BETTER SECURITY" on the Net, "FOUR POINTS" are usually missed! And these are... evil people want ACCESS, and evil people want PRIVACY; and non-evil people want ACCESS, and non-evil people want PRIVACY! Conclusion:... SECURITY, IS NOT SIMPLY ABOUT PRIVACY VERSUS ACCESS!... I-T-'-S A-B-O-U-T F-O-U-R S-E-C-U-R-I-T-Y E-L-E-M-E-N-T-S!
    .
    NON-EVIL PEOPLE NEED BOTH ACCESS AND PRIVACY! AND EVIL PEOPLE SHOULDN'T HAVE ACCESS!... OR!... PRIVACY! BUT, IF YOU DENY THE WRONG PEOPLE ACCESS AND PRIVACY (I.E., NON-EVIL PEOPLE!), AND ALLOW THE WRONG PEOPLE ACCESS AND PRIVACY (I.E., EVIL PEOPLE!), YOU HARM SECURITY!... AND, IN THE CASE OF NON-EVIL PEOPLE, ACCESS AND PRIVACY DENIALS WILL ADVERSELY IMPACT ON MANY OTHER DIGITAL... AND HUMAN!... RIGHTS! AND IF YOU DON'T KNOW WHICH IS WHICH (I.E., WHO IS EVIL, AND WHO IS NOT!)... WELL... YOU D*MN WELL BETTER FIGURE IT OUT!
    .
    SIMPLY STATED!... LIFE IS NOT GUARANTEED TO BE EASY!... OR WITHOUT THORNS!
    .
    What if... in response to the terrorist attacks in Paris, Brussels, or cybersecurity attacks on companies and government agencies!... the FBI had come to the American people, and said: "In order to keep you safe, we need you to remove all the locks on your doors and windows... and replace them with weaker ones! And... because!... if you are a terrorist, we need to get access to your house!... and your locks might slow us down!... or block us!... entirely! So... Americans!... remove your locks! And American companies!... stop making good locks!"
    .
    Well... I'm guessing!... most Americans would reject this as a bad idea! And... inasmuch!... as they would see this as making them vulnerable! And... not just to terrorists!... but to ordinary thieves, and bad guys! Americans-- for the most part!-- would reject having their daily security undermined, in favor of a VAGUE PROMISE, that law enforcement would be quick!... easy!... and GUARANTEED SECURE! Most Americans would say to the FBI:... "STOP!... RIGHT THERE!... WE NEED M-O-R-E S-E-C-U-R-I-T-Y IN THE WAKE OF THESE ATTACKS!... NOT L-E-S-S!"
    .
    Yet!... that same tradeoff is similar to what's being asked of Americans in the ATTACKS ON STRONG ENCRYPTION! The FBI, isn't-- TECHNICALLY!-- asking for NO LOCKS!... it's asking for WEAKENED ONES!... so that it can break any lock that Americans buy, or use! But!... the end result, is the same!... I.E.... AMERICANS ARE LEFT M-O-R-E V-U-L-N-E-R-A-B-L-E! As with the locks on doors, digital locks can't be made to ALLOW ONLY ACCESS TO ALL THE GOOD GUYS!... and!... to DISALLOW ACCESS TO ONLY THE BAD GUYS (i.e., AT LEAST, NOT YET!)! THE LOCK CAN'T TELL THE DIFFERENCE!... and!... even more vulnerabilities are created, by building complicated processes for storing digital keys (as demonstrated by a recent MIT report!... see, http://www.technologyreview.com/view/543566/dont-blame-encryption-for-isis-attacks/... and... in an open letter to David Cameron... see, https://medium.com/message/dear-prime-minister-cameron-20th-century-solutions-wont-help-21st-century -surveillance-ff2d7a3d300c#.ium2wu3n5, by Harvard Professor, and EFF Board member, Jonathan Zittrain)!
    .
    Right now, the FBI's strategy is focused on putting pressure on companies like Apple, Microsoft and Google to prevent Americans from ever getting access to good locks in the first place! Yet!... if the FBI was publicly calling for home builders and locksmiths to stop offering Americans the strongest possible home or office security systems, Americans would see the folly of their strategy!... OUTRIGHT!
    .
    The EFF (see, https://www.eff.org/deeplinks/2014/09/nine-epic-failures-regulating-cryptography) and many others (see, http://www.nytimes.com/2015/11/18/opinion/mass-surveillance-isnt-the-answer-to-fighting-terrorism.ht ml?_r=0) have long demonstrated that limiting Americans' access to strong encryption, is a bad idea! But... somehow!... and, maybe, because the way these locks work is more hidden from users in the context of digital networks and tools!... the argument continues to be raised by Agencies and politicians, who should know better!... and e.g., the FBI, and Hillary Clinton (see, http://www.bbc.com/news/world-us-canada-12475829)!
    .
    The response to insecure networks and digital technologies must be to make them-- IN PART!-- STRONGER! And yet!... this basic message is not only LOST on those who call for encryption controls, but it has also been UNDERMINED by the cybersecurity approach of the CISA (see, https://www.eff.org/deeplinks/2015/10/eff-strongly-oppose-cisa-cyber-surveillance-bill-and-cfaa-amen dment)... which!... instead of encouraging better security by those who store information, pushes companies to increase the risks Americans already face (by "SHARING" more data belonging to Americans, with the government)! Of course, the lapses in government security are already well documented (see, https://www.eff.org/deeplinks/2015/07/we-told-you-so-opm-data-breach-reveals-not-only-lame-data-secu rity-weak-legal)! The same wrongheaded approach is on display when the US Congress fails to reform the Computer Fraud and Abuse Act to protect the security researchers whose work results in better protections for Americans! And, instead, pushes for a worse version of the law!... with a still broader scope!... and harsher penalties (see, https://www.eff.org/deeplinks/2015/11/
    some-good-news-about-cisa-it-doesnt-include-dangerous-computer -fraud-and-abuse)!
    .
    Unlocking everyone's doors isn't the answer to global crime!... or terrorism! Nor!... is simply facilitating stronger encryption! Building, and supporting, STRONGER SECURITY is a VIABLE SOLUTION AGAINST ATTACKS!... however!... failing to allow for ACCESS to the "bad guys" is to-- LIKEWISE!-- D-E-N-Y O-U-R S-E-C-U-R-I-T-Y!
    .
    Nevertheless!... and the foregoing notwithstanding, this issue of Internet Security is compounded by the current reality, that Steganographic approaches are even eclipsing that of conventional encryption (not to mention, Quantum Steganography... see, Why Quantum Steganography Can Be Stronger Than Classical Steganography!)!... see, http://www.infosectoday.com/Articles/digitalstego.htm!
    .
    The advantage of Steganography over encryption is that law enforcement authorities readily recognize encrypted files and are willing to dedicate resources to attempt decryption!... while, with Steganography, police are unlikely even to realize that a hidden file exists! [See, COUNTERING THE USE OF THE INTERNET FOR TERRORIST PURPOSES: LEGAL AND TECHNICAL ASPECTS, MAY, 2011, "Working Group on Countering the Use of Internet for Terrorist Purposes", "United Nations, Counter-Terrorism Implementation Task Force (CTITF)"]
    .
    The United Nations Global Counter-Terrorism Strategy... which brings together into one coherent framework decades of United Nations counter-terrorism policy and legal responses emanating from the General Assembly, and the Security Council and relevant United Nations specialized agencies... has been the focus of the work of CTITF since its adoption by the General Assembly in September 2006 (General Assembly resolution 60/ 288)!
    .
    The Strategy sets out a plan of action for the international community based on four pillars:
    .
    • Measures to address the "CONDITIONS CONDUCIVE TO THE SPREAD OF TERRORISM";
    .
    • Measures to PREVENT AND COMBAT TERRORISM;
    .
    • Measures to BUILD STATES' CAPACITY TO PREVENT AND COMBAT TERRORIM and to STRENGTHEN THE ROLE OF THE UNITED NATIONS SYSTEM IN THIS REGARD;
    .
    • Measures to ENSURE RESPECT FOR HUMAN RIGHTS FOR ALL AND THE RULE OF LAW... as the F-U-N-D-A-M-E-N-T-A-L B-A-S-I-S OF THE FIGHT AGAINST TERRORISM (and I'll add here... DIGITAL HUMAN RIGHTS!)!
    .
    In accordance with "the Strategy"... which welcomes the institutionalization of CTITF within the United Nations Secretariat... the Secretary-General in 2009 established a CTITF Office within the Department of Political Affairs to provide support for the work of CTITF! Via the CTITF Office, with the help of a number of thematic initiatives and working groups, and under the policy guidance of Member States through the General Assembly, CTITF aims to coordinate United Nations system-wide support for the implementation of the Strategy and catalyse... system-wide!... value-added initiatives to support Member State efforts to implement the Strategy in all its aspects! CTITF also seeks to foster constructive engagement between the United Nations system, international and regional organizations, the private sector, and civil society on the implementation of the Strategy!
    .
    To close... it would appear-- to me!... that many "Security Professionals"-- and "lay commentators"!-- are woefully stupid/ ignorant of the "Uncertainty Principle" in Quantum Mechanics! AND... IF UTILIZED (LET ALONE, ACKNOWLEDGED!)!... COULD VIRTUALLY SOLVE THE PRIVACY VERSUS ACCESS DILEMMA!... OVERNIGHT! In other words, the Global Security Community has got to begin to incorporate the Uncertainty Principle/ within Hardware, if it ever hopes to find a solution to the PRIVACY VERSUS ACCESS DILEMMA!
    .
    Conclusion... and a suggestion!... what is needed is GLOBAL ATTENTION on research into the Application of the "Uncertainty Principle" in Quantum Mechanics, to Cyber Security!... and, on the implications of Steganography-- yea, Quantum Steganography (to B-O-T-H ACCESS and PRIVACY re B-O-T-H the "good guys" and the "bad guys"!)-- in Cyber Security! The benefit of QUANTUM STEGANOGRAPHY being, the power of the "Uncertainty Principle" can then be applied to the I-D-E-N-T-I-F-I-C-A-T-I-O-N O-F B-O-T-H T-H-E B-A-D G-U-Y A-N-D T-H-E G-O-O-D G-U-Y R-E-C-E-I-V-I-N-G A-N-D/ O-R S-E-N-D-I-N-G A-N-Y F-O-R-M O-F S-T-E-G-A-N-O-G-R-A-P-H-I-C M-E-S-S-A-G-E!... as, it is I-M-P-O-S-S-I-B-L-E T-O H-I-D-E T-H-E I-N-T-E-N-T-I-O-N (Q-U-A-N-T-U-M F-L-U-X!) O-F T-H-E S-E-N-D-E-R O-R R-E-C-E-I-V-E-R! In other words... AND AT THE QUANTUM LEVEL!... T-H-E I-N-T-E-N-T-I-O-N O-F A-H-U-M-A-N S-O-U-L C-A-N B-E-- HOW SHALL I PUT IT!-- "Q-U-A-N-T-I-F-I-E-D (M-E-A-S-U-R-E-D!... ALBEIT, INDIRECTLY!)"!
    .
    Therefore!... the sooner the Global Cyber Security community-- yea, the world of Cyber Security stakeholders!-- begins to acknowledge, and then implement the powers vested within the "Uncertainty Principle" within Quantum Mechanics, the sooner 100% Cyber Security will be assured for users!
    .
    However!... and to use God as an analogy here!... just because GOD knows how completely wretched we actually are, doesn't mean he is desiring to destroy us at every turn, due to every OVERT SIN we make! And so!... likewise!... just because "CERTAIN" will have the power to know the QUANTUM DYNAMICS OF THE INTENTION of whoever is sending and/ or receiving a message, what will ensure us of the REAL WORLD INTENTION of the persons "manning the new Cyber Security ICT"!
    .
    The "Uncertainty Principle" may do its job!... but, will "CERTAIN INTERESTS" O-V-E-R-R-I-D-E the "Uncertainty Principle", in order to delude us into a false sense of security! Will "CERTAIN" manning our new Cyber Security ICT know when to show M-E-R-C-Y in their disclosure of the INTENTION of a sender or receiver of information!... and, will "CERTAIN" manning our new Cyber Security ICT C-R-I-M-I-N-A-L-L-Y D-I-S-R-E-G-A-R-D the safety of Netizens (physical, and spiritual!) in what these allow to be excused, in their manning of our new Cyber Security ICT!
    .
    Simply put!... just because I now know the "QUANTUM GOOD INTENTION" of information sent and/ or received over the Net, doesn't mean that I desire to allow the sender and/ or receiver to get away with "ruling my world"! And conversely!... just because I now know the "QUANTUM BAD INTENTION" of information sent and/ or received over the Net, doesn't mean that I desire to deny the sender and/ or receiver the opportunity to "rule my world"! And!... there is also the matter of the "SANCTIONED DEFINITION" of the A-C-T-U-A-L I-N-T-E-N-T-I-O-N T-R-I-P-W-I-R-E P-A-R-A-M-E-T-E-R-S E-M-B-E-D-D-E-D W-I-T-H-I-N I-C-T H-A-R-D-W-A-R-E! Who will "SANCTION" whatever definition will be used within such new Cyber Security ICT, that becomes the "STANDARD" for determining who the bad guy is, and who the good guy is?
    .
    Folks!... ladies and gents!... boys and girls!... this A-L-L comes down to behavior! And!... it's all the more reason why S-O-C-I-E-T-Y must F-U-N-D-A-M-E-N-T-A-L-L-Y "rethink" its PRIORITIES in the classroom! Behavior, behavior, behavior!... and as Dr. Edwin Fuller Torrey said in his work, The Death of Psychiatry!... and to paraphrase:... "INTRAPERSONAL AND INTERPERSONAL INTELLIGENCE, IS THE MISSING 'FOURTH WHEEL' ON EDUCATION'S SCHOOL BUS"! But!... in my view!... T-H-E W-H-O-L-E O-F E-D-U-C-A-T-I-O-N S-H-O-U-L-D B-E B-R-O-U-G-H-T U-N-D-E-R A G-L-O-B-A-L H-E-A-L-T-H M-O-D-E-L!
    .
    Please!... no emails!

    link to this | view in thread ]

  52. icon
    Groaker (profile), 17 Oct 2016 @ 6:37pm

    Re: Re: Re:

    One consideration with one time pads is that the key is completely random. A software random number generator (PSRNG) is difficult to make sufficiently random. Having worked with Monte Carlo simulations and other projects requiring high quality PSRNGs, I will tell you that many claimed "adequate" generators are in fact not. At least some one time pads have been broken.

    link to this | view in thread ]

  53. icon
    Groaker (profile), 17 Oct 2016 @ 6:44pm

    Just what enterprises will have exceptions made for them?

    Are the financial houses willing to go along with weakened encryption when literally trillions of dollars are at stake? Now trillions may not mean much to the US government, but I can't imagine a brokerage house being willing to use "bump key" breakable encryption.

    link to this | view in thread ]

  54. icon
    That One Guy (profile), 17 Oct 2016 @ 10:03pm

    Re:

    Oh the financial companies will of course be exempt, as will any sufficiently large company that keeps up on it's 'donations' because those companies are 'True Patriots', a position which grants the privilege of being able to use Super Secure Encryption, as opposed to the Totally Secure Encryption(with Unbreakable Unicorn Gate) everyone else would be required to use.

    link to this | view in thread ]

  55. icon
    Padpaw (profile), 18 Oct 2016 @ 12:52am

    Re: Re: Re:

    I am asking for examples as I have never seen her do anything but lie cheat and steal.

    link to this | view in thread ]

  56. identicon
    Anonymous Coward, 18 Oct 2016 @ 1:40am

    Re: Re:

    here is also no need to weaken the encryption used by the corporations because the will hand over the data on their customers, under the third party doctrine.

    link to this | view in thread ]

  57. identicon
    Anonymous Coward, 18 Oct 2016 @ 5:32am

    Techdirt already said it best...

    Math is not a crime.

    link to this | view in thread ]

  58. identicon
    Anonymous Coward, 18 Oct 2016 @ 7:53am

    Re: Re: HRC fails the Turing Test

    Us nerds ought to build an AI and have it run for presidency.

    link to this | view in thread ]

  59. identicon
    Anonymous Coward, 18 Oct 2016 @ 8:14am

    Re: believe there is "some way" to do the impossible.

    Being unable to acknowledge the world may not be as you see it in your own head, is typical sadistic narc.

    And since she's perfect, and the master of the rainbow she lives on she can completely contradict herself any time she wants. The universe will align to make her right, and everybody else is just supposed to know that, and make it so.

    It is unsurprising that her staff disagrees with her all the time. There is a difference between asking what is hard and asking what is impossible. A leader does some vetting before making huge demands. A sadistic narc doesn't.

    From the worker standpoint the behaviors SEEM the same, but they aren't. The worker never sees the vetting.

    The problem shows up once a few people know what kind of person she is. All you have to do is appeal to her ego. What your offering doesn't have to make sense, because making sense is not a prerequisite for motivating a person like this.

    This means they do irrational shit frequently. It is incredibly destructive to have a person like this around any organization that intends to be productive. Most managers have experienced this at some point.

    Yes she can spin a great tail. Yes, she can politically destroy people who disagree with her. But she can't build anything. She's always spinning, because she is ungrounded in any practical discipline.

    BTDT. I cannot in good faith support a person like this. I've seen the damage they can do.

    link to this | view in thread ]

  60. icon
    Groaker (profile), 18 Oct 2016 @ 8:39am

    Re: Re: believe there is "some way" to do the impossible.

    The other one is no better. Like Clinton, he does little but lie, obfuscate and destroy. Even calling for violence in the streets.

    I am glad that I live in a state where the winner is foreordained. I can write in a brief "candidate" of total expressing total disgust. Not that it means anything, but at least I don't have to vote for either one.

    link to this | view in thread ]

  61. icon
    JBDragon (profile), 18 Oct 2016 @ 8:40am

    Re: Re:

    She's clearly a Politician. So a lot of nothing coming out of her month. It all just defy's logic.

    link to this | view in thread ]

  62. identicon
    Anonymous Coward, 18 Oct 2016 @ 8:56am

    Re: Re: Re: believe there is "some way" to do the impossible.

    "The other one is no better."

    There are more than two players, in this here poker game.

    link to this | view in thread ]

  63. identicon
    Thad, 18 Oct 2016 @ 10:04am

    Re: Re: Re: Re:

    True. The quality of the RNG is an important consideration.

    And while it's not applicable to OTP, the quality/randomness of the primes is an important related issue that we're seeing some problems with right now.

    link to this | view in thread ]

  64. identicon
    Thad, 18 Oct 2016 @ 10:09am

    Re: Re: Re: Re: believe there is "some way" to do the impossible.

    Yeah, but they're all pretty bad. Johnson and Stein are political lightweights with limited understanding of economics and even less understanding of foreign policy, and McMullin's a far-right ex-CIA officer.

    I'm this close to writing in Hartnell, and it's not clear that Hartnell has any position on any issue.

    link to this | view in thread ]

  65. identicon
    Anonymous Coward, 18 Oct 2016 @ 1:23pm

    So, according to Hillary CLINTON, privacy and security is a threat because [insert bullshit here].

    link to this | view in thread ]

  66. icon
    BernardoVerda (profile), 18 Oct 2016 @ 3:52pm

    Re:

    Or...

    ... maybe she was wading hip deep in Middle East issues, Western European issues, South China Seas issues, international trade issues, human rights issues, UN issues, NATO issues, maybe even Democratic Party issues, and what not -- and her attention was on those matters (which were her actual job and responsibility), while she left the "techie" details to her support staff (which was their actual job and responsibility), and didn't think much about the "computer technology" issues any more than she could help, except when the aggravation of dealing with them were distracting from her actual job.

    Or... maybe her secret hobby involves setting up raspberry pi mesh networks and compiling custom linux kernels during boring boring State Dept. meetings. I mean, who knows right? Anything is possible.

    link to this | view in thread ]

  67. icon
    That One Guy (profile), 19 Oct 2016 @ 12:06am

    Re: Re: Re: HRC fails the Turing Test

    GLaDOS 2020: 'Don't worry, we disconnected the nerve gas this time.'

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.