New Attorney General Loves Him Some Encryption Backdoors, Which Should Pair Up Nicely With FBI Director's Plans For The Future

from the you-make-it,-you-break-it dept

It looks as though this administration may be the Decrypto Party. Trump's pick for Attorney General has already made it clear he thinks asset forfeiture is a damn good thing for the American public, even if it often deprives the public of their property without evidence of criminal wrongdoing or providing a valid avenue of recourse.

Now, he's (once again) confirmed encryption shouldn't keep law enforcement from accessing devices. The EFF reports that Sessions strongly hinted he's in favor of encryption backdoors during his confirmation hearing.

Question: Do you agree with NSA Director Rogers, Secretary of Defense Carter, and other national security experts that strong encryption helps protect this country from cyberattack and is beneficial to the American people's’ digital security?

Response: Encryption serves many valuable and important purposes. It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national-security and criminal investigations.

This dim view of the public's use of encryption is nothing new for Jeff Sessions. While still a senator, Sessions made it clear he feels law enforcement's "needs" should come before the general security of phone users. During the battle over access to the San Bernardino shooter's iPhone, Sessions offered his support of an anti-encryption bill.

Republican Senator Jeff Sessions of Alabama questioned Cook’s position. "Coming from a law enforcement background, I believe this is a more serious issue than Tim Cook understands," Sessions said. He said accessing phones is critical to law enforcement.

"In a criminal case, or could be a life and death terrorist case, accessing a phone means the case is over. Time and time again, that kind of information results in an immediate guilty plea, case over," Sessions said. He added that the ability for government to access a phone should not be abused.

Well, yeah… "should not be abused." That should go without saying. But would it be abused? Probably. Law enforcement used to search phones all the time without warrants until the Supreme Court put a stop to that. FBI plug-and-play kiosks allow LEOs to perform forensic searches at their convenience. Presumably the proper paperwork is in play, but it's not as though the FBI's going to frisk cops on the way to the FORENS-O-MATIC.

Add a backdoor and no phone is secure -- not from the government and not from anyone who steals the device.

Sessions and backdooring encryption go back even further than last year's iPhone battle. When Dianne Feinstein decided consumer devices had too much security, Sessions was there to pitch leading softballs and confirm her radicalization-via-Playstation Network fears.

I suspect what happened in the aftermath of Snowden, particularly Europe got very conservative with respect to encryption. And companies back away. Now, that's changing with Paris and God forbid what might happen in the future. I think the world is really changing in terms of people wanting the protection and wanting law enforcement, if there is conspiracy going on over the internet, that encryption ought to be able to be pierced.

Well, Sessions was wrong about what the world wanted. Governments still remain reluctant to mandate encryption backdoors -- despite law enforcement's continual pleas and ongoing attacks in European nations. But being wrong never stopped anyone from exploiting tragedies to push agendas -- even when Sessions' view of the public mindset contradicts the public's actual mindset

Adding to the mix is the federal government's own Donnie Darko, FBI Director James Comey. Comey has yet to switch up talking points on encryption and continues to point to an impending criminal apocalypse that can only be thwarted by

a.) smart people making impossible things happen

b.) smart people being told what's what by legislation mandating decryption/backdoors.

Comey now has a very sympathetic AG watching over his agency and his office. Very little good can come of that.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: attorney general, crypto wars, doj, encryption, fbi, going dark, jeff sessions


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 27 Jan 2017 @ 4:42am

    You first

    As always, anyone advocating for crippling security and making the public less secure should either put up or shut up. If crippled encryption is 'safe enough' then let their data, all of it, from bank info to medical records, personal emails and everything else be protected by deliberately flawed security, so they can show the public just how 'safe' it is.

    Of course I don't expect they'd ever do any such thing, because while they love the idea of screwing over the public and handing over the public to criminals everywhere in the process, they'd never put their own privacy and security on the line, hypocrites that they are.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Jan 2017 @ 10:24am

      Re: You first

      Oh, but they have... they've been using consumer-grade phones and email with known security holes.

      The fact that this is out of ignorance and convenience and not out of a decision to lead by example, well....

      link to this | view in chronology ]

    • icon
      Aaron Walkhouse (profile), 27 Jan 2017 @ 4:10pm

      The only argument that shuts these guys up is this:

      Weaken encryption in the U.S. and all exports of software
      and network-related technology "made in U.S.A."will dry up.
      Everybody, Americans included, will shop elsewhere for tech.

      That's trillions of dollars in new trade deficits, hundreds
      of billions in lost profits to tech industries and tens of
      billions in lost taxes every year until a new administration
      undoes the damage and stops the bleeding.

      Arguing about security and rights of the American people has
      no effect on these clowns because they hold the public in
      contempt, and always will. ‌ Show them what effect their dumb-
      ass meddling will do to their billionaire friends and corporate
      backers and they'll quietly let the issue die off without ever
      having to admit why it was a stupid idea to start with.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Jan 2017 @ 8:50pm

        Re: The only argument that shuts these guys up is this:

        Exactly. They don't care what's good for the country, only what's good for themselves.

        link to this | view in chronology ]

    • identicon
      Avantare, 27 Jan 2017 @ 4:34pm

      Re: You first

      When the encryption backdoor passes I'm all for hackers getting into the account of those that passed this by hacking into their ENCRYPTED accounts and sharing with the populace in general.

      I would be all in for Anonymous to do this.

      link to this | view in chronology ]

      • icon
        That One Guy (profile), 27 Jan 2017 @ 4:44pm

        Re: Re: You first

        Oh if such idiocy becomes law it won't directly affect the ones pushing for it in the least, as you can be absolutely sure they won't be using the Government Approved Encryption(with magical Unicorn Gates), but will of course continue to use encryption that actually works, because their privacy and personal data is of course a matter of National Security.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 27 Jan 2017 @ 7:29pm

          Re: Re: Re: You first

          And then they'll get hacked and banned from the internet for being idiots.

          If only.

          link to this | view in chronology ]

  • icon
    Ninja (profile), 27 Jan 2017 @ 4:47am

    And how would they make people use American developed encryption without turning dictator and mandating it while violating the Constitution in the process? (Not that violating the Constitution is an issue by the way but we still have to pretend we live in a democracy, no? Also, make America great again (tm)!!!!!).

    link to this | view in chronology ]

    • identicon
      Sasparilla, 27 Jan 2017 @ 6:48am

      Re: Just reclassify encryption as a munition

      Just reclassify it as a munition.

      Also issue national security based directives from the President with associate gag orders to smartphone, pc and software vendors to put the back doors in smartphones, PC's and OS's without announcing it. Most vendors would gladly roll over for this (Apple and maybe Google wouldn't but would have their hands tied legally with the secret gag order) - and nearly all would want to keep it secret after its done so their sales don't crater if word got out. I wouldn't be surprised (after all we've seen) if we find out Apple was secretly ordered to do this last year and its already happened.

      link to this | view in chronology ]

      • identicon
        Fin, 27 Jan 2017 @ 7:54am

        Re: Re: Just reclassify encryption as a munition

        Cool. And the rest of the world will do that as well...

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 27 Jan 2017 @ 8:56am

          Re: Re: Re: Just reclassify encryption as a munition

          You are stupid... the majority of nations have been doing just this for a long time.

          They WILL roll right the fuck over, with the right encouragement, just perhaps not in a way you were expecting.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 27 Jan 2017 @ 11:08am

            Re: Re: Re: Re: Just reclassify encryption as a munition

            who is being stupid ?

            link to this | view in chronology ]

      • identicon
        Anonymous Coward, 28 Jan 2017 @ 7:52am

        Re: Re: Just reclassify encryption as a munition

        Why, because classifying encryption as a munition worked so well the last time? All it did was piss off Tech, who worked overtime to develop workarounds.

        link to this | view in chronology ]

    • icon
      DannyB (profile), 27 Jan 2017 @ 7:26am

      Re:

      Violating the constitution is the new tactic.

      A president can ensure that his own agencies won't sue over it.

      Private money and years of time must be expended to litigate against things unconstitutional. Depending on the subject matter, a successful litigation may be irrelevant by the time it is achieved through legal process.

      What's not to love? Violating the constitution, as long as it's done at a high enough level is a win-win tactic.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Jan 2017 @ 12:42pm

        Re: Re:

        Private money and years of time must be expended to litigate against things unconstitutional.

        While arrest, imprisonment and torture can occur almost immediately.

        a successful litigation may be irrelevant by the time it is achieved through legal process.

        Dead men file no appeals.

        link to this | view in chronology ]

    • icon
      Bamboo Harvester (profile), 27 Jan 2017 @ 8:15am

      Re:

      "but we still have to pretend we live in a democracy, no?"

      One of the major failings of the public school system in the US.

      US government is at NO level a "democracy", no matter how much the left whines and pouts. Never has been, and hopefully never will be.

      Google "Representative Republic" and find out for yourself what how the US governmental system works.

      link to this | view in chronology ]

      • icon
        Roger Strong (profile), 27 Jan 2017 @ 8:28am

        Re: Re:

        Nonsense. The US is absolutely a democracy. It's also a republic. The two terms are not mutually exclusive.

        "Republic" just means that you don't have a monarch.

        "Representative Republic" means that you don't vote directly on laws, but instead democratically vote in a representative who aligns with your views. Also equally known as "Representative Democracy", it's how most democracies work.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 27 Jan 2017 @ 9:02am

          Re: Re: Re:

          Yea, we know already...

          Butchering the meaning of democracy to mean what you want it to mean. Sadly if you just check the "definition" you might find that you are fucking wrong... but don't let me get in the way of you being stupid, its fun when you do it on the internet... amiright?

          In fact here is the page on Wikipedia where you can go and edit the form of US Government it states that it is.
          https://en.wikipedia.org/wiki/United_States

          here is the CIA web page on what form the US is, you might not be able to edit it though.
          https://www.cia.gov/library/publications/the-world-factbook/fields/2128.html

          You know so fucking much so go and tell the world! Don't let the rest of us cock holes tell you what facts are mkay?

          link to this | view in chronology ]

          • icon
            Roger Strong (profile), 27 Jan 2017 @ 9:39am

            Re: Re: Re: Re:

            From your first link:

            The United States is the world's oldest surviving federation. It is a constitutional republic and representative democracy...

            And before you move the goal posts, the minority rights protected by law and the system of checks and balances defined by a constitution are a standard feature of democracies. There's nothing particularly "republican" about them.

            Grow up.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 27 Jan 2017 @ 11:41am

              Re: Re: Re: Re: Re:

              You need to grow up, idiot. It is tiresome to have to correct fellow citizens that should know these things.

              Representative Democracy is a descriptive analogy of how people are elected into office, but in no way describes how the system of government itself operates.

              You are direct reason why this nation will continue to fail. You think you know, but you you don't understand anything. You don't know your own head from a hole in the ground and continue to refer to things inappropriately while you have the actual information directly at your disposal.

              That is the mark of a fool, data handy, yet no desire to understand it! The reason people like to mistakenly call this is a democracy is because like a Freudian slip, that is what they WANT it to be. Well, you might get your wish if you keep shitting this misinformation because it is well established that is you keep telling a lie often enough or create a lie based on some element of truth then they become pretty fucking effective lies.

              The reason why things like the electoral college was created was to keep tools like you in check. You are exactly what the founding fathers hoped would not happen to America.

              "There is a story, often told, that upon exiting the Constitutional Convention Benjamin Franklin was approached by a group of citizens asking what sort of government the delegates had created. His answer was: "A republic, if you can keep it."

              Now excuse me if I take a founders words over yours... no wait... how about you go and fuck yourself instead?

              link to this | view in chronology ]

              • icon
                Roger Strong (profile), 27 Jan 2017 @ 12:09pm

                Re: Re: Re: Re: Re: Re:

                "Republic" just means that you don't have a monarch. Your quote, in context:

                A Mrs. Powel of Philadelphia asked Benjamin Franklin, “Well, Doctor, what have we got, a republic or a monarchy?” With no hesitation whatsoever, Franklin responded, “A republic, if you can keep it.”

                His statement means one thing: The US is not a monarchy.

                If there's some difference other than the monarchy thing, then why don't you tell us rather than acting like a six-year-old who just learned to swear?

                (Again, electing representatives to vote on laws or vote in a President / Prime Minister is done in non-republican democracies too.)

                link to this | view in chronology ]

              • identicon
                Dingledore the Mildly Uncomfortable When Seated, 27 Jan 2017 @ 12:17pm

                Re: Re: Re: Re: Re: Re:

                Outside of your tiresome and infantile insults, the crux of your argument is patently bollocks.

                Yes, the Framers referred to a "pure democracy" in places, and the USA doesn't have that. But you're determinedly ignoring 3 things.

                Firstly, the USA could not be run on a "pure democracy" because it would take too long to do anything and be too prone to fraud.

                Secondly, and more significant to your florid yet poorly argued position, is that the Framers also referred to "representative democracy", and did so with frequency.

                Thirdly, the Framers did not invent democracy. Democracy in all it's forms has been around for centuries. I suggest that the Romans would be in a particularly strong position to futuo off.

                Next thing you'll be saying is that someone doesn't have a cat because they don't have a "ginger cat".

                Pillock

                link to this | view in chronology ]

            • identicon
              Anonymous Coward, 28 Jan 2017 @ 5:19am

              Re: Re: Re: Re: Re:

              As long as those representative are allowed to be ignorant jackasses, who have magical friends that require we "teach the controversy," we're going to have to wrestle to keep from being entirely fucked. Anti-science, magical thinking has never been ideal, but, in a modern, high-technology civilization, it's a recipe for socio-political disaster.

              link to this | view in chronology ]

        • identicon
          Cowardly Lion, 28 Jan 2017 @ 8:07am

          Re: Re: Re:

          "...but instead democratically vote in a representative..."

          I never considered that voting every 4 years for one of two or three guys was very "democratic". At the height of the Cold War it always seemed to me that the US was perhaps at best as democratic as the old Soviets, depending on how difficult it would be to become an influential member of a political organization in either camp.

          I always thought that Reagan and Thatcher were being ironic.

          link to this | view in chronology ]

      • icon
        Ninja (profile), 27 Jan 2017 @ 9:32am

        Re: Re:

        "no matter how much the left whines and pouts"

        Huh?

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Jan 2017 @ 12:41pm

        Re: Re:

        Whining and pouting are the exclusive province of right wing jackasses like yourself.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Jan 2017 @ 12:39pm

      Re:

      ...turning dictator and mandating it while violating the Constitution in the process?

      I don't think that's a problem for them.

      link to this | view in chronology ]

    • icon
      That One Guy (profile), 27 Jan 2017 @ 3:35pm

      Re:

      without turning dictator and mandating it while violating the Constitution in the process

      And exactly what makes you think the new administration cares one bit about either of those?

      link to this | view in chronology ]

  • icon
    Roger Strong (profile), 27 Jan 2017 @ 6:33am

    Someone should be along any moment now to tell us how politics has nothing to do with technology.

    link to this | view in chronology ]

    • identicon
      kallethen, 27 Jan 2017 @ 7:10am

      Re:

      I admit I feel a bit of satisfaction in how my comment yesterday pointing out how politics affects technology referenced encryption specifically.

      And today there's this article.

      link to this | view in chronology ]

  • icon
    PaulT (profile), 27 Jan 2017 @ 6:45am

    There's a couple of troubling things here in my mind.

    "He added that the ability for government to access a phone should not be abused."

    But, it will if a backdoor is inserted and compromised by a non-domestic or non-government actor. Which is almost guaranteed over time. It can't be restated enough - it doesn't matter how well you hide the door you're leaving wide open, once it's located then anyone can use it, authorised or not.

    "Time and time again, that kind of information results in an immediate guilty plea, case over"

    ...meaning that the case never makes it to trial. So, we never know if they actually found something incriminating or if they're just able to use the phone as leverage to make the accused believe that a guilty plea is the thing to do whether or not they're actually guilty. Call me paranoid, but "we regularly leverage access to a phone to bypass the need for a trial" is not a point in their favour.

    "I think the world is really changing in terms of people wanting the protection and wanting law enforcement..."

    ...to be accountable for their actions and not bypass the law whenever they feel like it. Especially in light of the abuses of power that have led to the ordinary public wishing to use encryption in the first place, something that was never a priority until people found out how bad the abuses were. I somehow think that's not what he was thinking though.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Jan 2017 @ 6:50am

      Re:

      But, it will if a backdoor is inserted and compromised by a non-domestic or non-government actor or domestic or government actor.

      There, FTFY

      link to this | view in chronology ]

      • icon
        PaulT (profile), 27 Jan 2017 @ 7:02am

        Re: Re:

        Well, that goes without saying, I was just going along with his unspoken assumption that no "authorised" actor would ever abuse their position, as wrong as that might be!

        link to this | view in chronology ]

    • icon
      Ninja (profile), 27 Jan 2017 @ 9:40am

      Re:

      I'm pretty much a law abiding citizen and even copyright infringement for personal use is not even a civil issue here (I have 'unauthorized' music on my phone). Technically I have nothing to hide in my phone. Technically. Even then I don't want somebody scrolling through my pictures, my private conversations and so on because they can. I want it locked shut behind encryption and good encryption while at it. I don't want cops browsing through the nudes I exchange for my privacy and for the other parties involved privacy. I don't want cops meddling with pictures from my family, reading conversations with my doctors and so on. There's plenty of reasons why a law abiding citizen would want strong privacy protections.

      link to this | view in chronology ]

      • identicon
        Cowardly Lion, 28 Jan 2017 @ 7:59am

        Lolcats

        It all equates to Lolcats in the end. No government agency on this planet has the right to know how many lolcats I exchange with my fiends and family. It's our business not theirs.

        End of discussion.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Jan 2017 @ 11:13am

      Re:

      "But, it will if a backdoor is inserted and compromised by a non-domestic or non-government actor."

      and when, not if, it happens - you will be blamed for what ever was done. Better just ditch that phone now before it becomes a liability. Would the phone companies notice?

      link to this | view in chronology ]

  • icon
    timmaguire42 (profile), 27 Jan 2017 @ 6:57am

    The problematic legal aspect of asset forfeiture is not that the Attorney General thinks it's ok (I don't care what the AG's position on it is, except perhaps tangentially as an aspect of his overall world view), but that the Supreme Court thinks it's ok.

    It's obviously unconstitutional (not even a close call) and deeply troubling that freedom's last resort has turned its back on the fourth amendment.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2017 @ 7:04am

    Thank you America for going down the path of making the world a place fit only for totalitarian rulers; as with no privacy they can ensure that their serfs only think and do as they want them to.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2017 @ 7:09am

    Burn baby, burn.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2017 @ 7:46am

    However, encryption providers, such as VPNs, outside the United States, are not subject to American laws.

    That is why this will never work, and why China's crackdown on encryption and privacy tools will never work.

    A VPN, or other privacy service, only has to obey the laws of the countries where the servers are. So China and the USA will never be able to enforce any kind of restrictions on encryption against offshore companies.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Jan 2017 @ 8:15am

      Re:

      This is just step 1. Step 2 is to create a Firewall and make the hackers pay for it. Gotta keep them digital immigrants out so they don't take our digital jobs.

      link to this | view in chronology ]

      • identicon
        kallethen, 27 Jan 2017 @ 8:33am

        Re: Re:

        Will Trump make Mexico pay for the building of this Firewall too?

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Jan 2017 @ 7:10pm

        Re: Re:

        The firewall might not work, if California, Oregon, and Washington vote to become the Republic Of Pacifica.

        A wireless ISP could set up shop in South Lake Tahoe, and provide services in Stateline, Nevada, on the US side of the the border,the US government would no jurisdiction over a Pacifican ISP.

        Also, someone with a cell phone could sign up with a cell phone provider on the Pacifican side of the border and get 3G/4G wireless internet. A Pacifcan cell phone provider, in this scenario, would not not subject to United States laws. The US government would not be able to stop a Stateline resident from going accross the border into Pacifica, walking into a cell phone store in South Lake Tahoe, and signing up for service with a Pacifican cell phone service provide.

        link to this | view in chronology ]

    • icon
      Bamboo Harvester (profile), 27 Jan 2017 @ 8:18am

      Re:

      I'm rather surprised "countries" like Sealand haven't already set themselves up as data havens.

      link to this | view in chronology ]

      • icon
        Roger Strong (profile), 27 Jan 2017 @ 8:43am

        Re: Re:

        The problem is that the "country" status is usually just fantasy.

        Sealand was built by the British government and sits within inside British waters. As Wikipedia states:

        The United Kingdom is one of 165 parties to the United Nations Convention on the Law of the Sea (in force since 1994), which states in Part V, Article 60, that: 'Artificial islands, installations and structures do not possess the status of islands. They have no territorial sea of their own, and their presence does not affect the delimitation of the territorial sea, the exclusive economic zone or the continental shelf'.

        In the opinion of law academic John Gibson, there is little chance that Sealand would be recognised as a nation because it is a man-made structure.

        At best it's "privately owned by British citizens" who still live in Britain and collect the benefits of being British citizens. It's essentially elaborate LARPing.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 27 Jan 2017 @ 12:49pm

          Re: Re: Re:

          'Artificial islands, installations and structures do not possess the status of islands. They have no territorial sea of their own, and their presence does not affect the delimitation of the territorial sea, the exclusive economic zone or the continental shelf'.

          Tell that to the Chinese. The difference is the Chinese are a nuclear power. Sealand isn't. If you don't have nukes, you ain't shit.

          link to this | view in chronology ]

          • icon
            Roger Strong (profile), 27 Jan 2017 @ 1:20pm

            Re: Re: Re: Re:

            China is a country regardless of the status or existence of artificial islands.

            And yes, people ARE "telling that to the Chinese." Their artificial islands do not extend their territory under the Law of the Sea and other laws. It's strictly a case of "might makes right."

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 27 Jan 2017 @ 3:32pm

              Re: Re: Re: Re: Re:

              And yes, people ARE "telling that to the Chinese."

              To which the Chinese are replying "Oh yeah? What you gonna do about it?"

              It's strictly a case of "might makes right."

              Which was exactly the point. Sealand doesn't have the might. If Sealand had, for example, a fleet of nuclear submarines with ICBM nukes cruising around the oceans, nobody would mess with them, "Law of the Sea" or not.

              link to this | view in chronology ]

              • identicon
                Cowardly Lion, 28 Jan 2017 @ 8:34am

                Re: Re: Re: Re: Re: Re:

                You do know that Sealand is a old fort on stilts, 7 miles off the coast of the UK, right... It's in British waters.

                Last time I checked, the UK was knee-deep in subs and nukes.

                link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 28 Jan 2017 @ 10:10am

                  Re: Re: Re: Re: Re: Re: Re:

                  "Last time I checked, the UK was knee-deep in subs and nukes."

                  Yep. The UK, not Sealand.

                  link to this | view in chronology ]

        • identicon
          Anonymous Coward, 28 Jan 2017 @ 1:45pm

          Re: Re: Re:

          Sealand was built by the British government and sits within inside British waters.

          That's a little misleading. The platform on which Sealand rests was constructed in international waters and then abandoned by the British. International law allowed it to then be claimed by others. It was only after Sealand declared its sovereignty that Britain extended its territorial waters claim to include Sealand.

          link to this | view in chronology ]

      • icon
        orbitalinsertion (profile), 27 Jan 2017 @ 10:42am

        Re: Re:

        As noted, it is still not a country. But Welcome to the Year 2000! Or 2013. Maybe it will stick at some point.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2017 @ 8:19am

    SSL can already be cracked. The previous owners of one Taco Bell franchise where I live used to have extreme filtering, and I founnd that if I logged onto the SSL proxy on my home computer, they could still detect that I was accessing a filtered site and block it.

    The current owners of that franchise have dialed down the filtering quite a bit. You can now access YouTube, and Live 365 was unblocked, before they went dark in January of last year.

    Somehow the previous owners of that Taco Bell franchise were able to crack and sniff SSL. I was using a port 443 SSL connection using SoftEther is my server.

    link to this | view in chronology ]

    • icon
      Roger Strong (profile), 27 Jan 2017 @ 9:19am

      Re:

      Commercial and even some home firewall appliances do a man-in-the-middle attack on HTTPS traffic, so that they can scan for malware and block sites as specified.

      For example:

      When you select the Enable Content Inspection check box, the Firebox can decrypt HTTPS traffic, examine the content, then encrypt the traffic again with a new certificate.

      And

      When your device scans an HTTPS connection, the HTTPS Proxy intercepts the HTTPS request, and initiates its own connection to the destination HTTPS server. The HTTPS Proxy on your device presents its own resigning certificate to the originating client and connects with the destination HTTPS server on the client's behalf. The resigning certificate can be either the Default Proxy Authority Certificate or an imported CA Certificate.

      Their home use firewall appliances can do this, as can the big corporate models for Fortune 500 companies and ISPs. The difference is the throughput of the different models - how much traffic they can scan at once.

      Any time you connect to the internet, even if not through a company firewall, assume that your ISP has this capability.

      link to this | view in chronology ]

      • icon
        DannyB (profile), 27 Jan 2017 @ 10:17am

        Re: Re:

        If you use HTTPS (eg, TLS) how can anyone do an MiTM attack?

        The MiTM doesn't have the private key for the certificate. So it is unable to negotiate a private session key with the end user browser.

        I understand how the MiTM can pretend to be the browser and establish a connection to Amazon.com. But I would surely like to know how the MiTM can impersonate Amazon.com without Amazon's private key.

        In short, while MiTMs are theoretically possible. And somewhat possible on a corporate network, it can be detected, and it is not likely to be impossible on your home ISP on your home computer. (Unless you install a trusty CD ROM into your computer provided by your ISP.)

        One way that I do know, is to subvert the trust of the user agent (eg, your web browser). That can be done in a corporate environment by inserting a new trusted CA certificate into your local trust store. Now the MiTM can instantly issue it's own Amazon.com certificate, and it will have the private key since it issued the certificate. And your browser will trust it.

        That's a corporate environment. Even then, browsers can discover that the certificate the MiTM is presenting is NOT the certificate it should be. Google, for example, knows who signed its certificates, and its browser knows who signs Google's certificates, and that signer is not the CA that was added to the local trust store.

        You can also run browser plug in apps that watch for changes in the certificates of secure sites you visit.

        In an ISP environment, I really can't see how an ISP can do this. My ISP definitely cannot change the trust store on my browser nor on my OS. So my ISP definitely should not be able to execute an MiTM attack.

        Now there is one avenue left. Subvert the entire CA infrastructure. There are a lot of CA certificates in the trust store these days. You could get a Google.com certificate issued by Honest Achmed's Certificate Authority of Tehran Iran. And your browser might trust it. But do you really think a Google.com certificate presented that was signed by Honest Achmed's is real? Do you really think this is where Google purchases certificates from?

        link to this | view in chronology ]

        • icon
          Roger Strong (profile), 27 Jan 2017 @ 10:45am

          Re: Re: Re:

          As I understand it (which is admittedly vague) you install your own trusted CA certificate in the firewall appliance. This could be your own company certificate, which you'd have to install in your browsers.

          But it could also be a certificate purchased from a trusted Certificate Authority, the kind most web sites purchase, where the certificate is already built into your browser. You don't need to install a certificate when you visit those sites.

          So when you visit Google.com, your browser gets a legitimate certificate from a trusted CA via the firewall. No need to install a new certificate in your browser. Google.com sees a legitimate Google.com certificate in use, the one it told the browser to use. It doesn't know that it's talking to the firewall rather then the browser on the other side.

          I may be wrong, of course. It's not my specialty. But I do know that one way or another it works, and that companies are selling firewall appliances that do it.

          link to this | view in chronology ]

  • icon
    OldMugwump (profile), 27 Jan 2017 @ 8:26am

    But the Chinese!

    Please.

    Somebody tell Mr. Trump that encryption backdoors are an open invitation for Chinese government hackers to access American citizen, business, and industrial communications.

    That should do it.

    (And, it happens to be true.)

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Jan 2017 @ 8:32am

      Re: But the Chinese!

      Then he'd be all about backdoors then.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Jan 2017 @ 9:05am

        Re: Re: But the Chinese!

        wait...

        for china or for russia?

        I am getting confused which nation is trump a bitch for?

        link to this | view in chronology ]

        • icon
          OldMugwump (profile), 27 Jan 2017 @ 9:57am

          Re: Re: Re: But the Chinese!

          Trump loves Russia and hates China.

          I don't know why - my own inclinations are more or less the opposite.

          But let's push Trump's buttons.

          link to this | view in chronology ]

          • icon
            DannyB (profile), 27 Jan 2017 @ 10:06am

            Re: Re: Re: Re: But the Chinese!

            Because Mr. Trump's buttons are so easy to push, he will get us into a war with both Russia AND China. He's non discriminatory when it comes to what people say about him on FaceTwit.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 27 Jan 2017 @ 11:15am

              Re: Re: Re: Re: Re: But the Chinese!

              unless fox news tells him not to

              link to this | view in chronology ]

              • icon
                DannyB (profile), 30 Jan 2017 @ 6:22am

                Re: Re: Re: Re: Re: Re: But the Chinese!

                Twitter can tell him to start a war faster than faux news can tell him not to.

                link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2017 @ 8:50am

    putting back doors is a two way street. just ask schmuck whom allowed the Chinese to make ff with opm personnel files of all federal employees.

    link to this | view in chronology ]

  • icon
    DannyB (profile), 27 Jan 2017 @ 10:04am

    We've come a long way since the Clipper Chip fiasco

    Government tried to mandate "government approved" crypto in the 1990's. (Clinton)

    The absurdity of it became apparent.

    They even classified crypto as a munition. They did everything to suppress exporting of good crypto. Because "going dark", or whatever they called it back then.

    So what if you took an excellent crypto textbook (quite thick) across the border? The government didn't seem to be quite ready to stop people from taking academic textbooks available in any bookstore or library across open borders.

    Also, the rest of the world got the message. Actually two messages:
    1. Do NOT trust US government mandated crypto
    2. Any real research on crypto would move outside the US

    Another thing was learned by all. It's not intuitive. The only good crypto is OPEN crypto. The algorithm must be completely open. Only the keys are secret. If someone is selling you a proprietary or closed crypto, it is snake oil.

    Now here we are today well over two decades later, with a lot of lessons learned. And they think they can do this again.

    They can pass any laws they want. But they just don't get it.

    When strong cryptography is outlawed only outlaws will have strong cryptography.

    Terrorists won't be detered from strong cryptography. I'm sure they'll be quaking in their boots that it's illegal in some countries.

    The only people without privacy will be law abiding people.

    The back doors of government weak insecure crypto WILL be broken. It's only a question of when. Then an enemy will have access to a lot of secrets.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Jan 2017 @ 10:19am

      Re: We've come a long way since the Clipper Chip fiasco

      Hell.

      If they classify crypto as a munition, does that make it protected under the second amendment?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2017 @ 12:20pm

    "Asset Forfeiture" IS the biggest organized crime syndicate

    I don't believe that any asset forfeiture is hidden behind encryption, so what excuse is the DOJ/FBI going to use for not going after these highway robbers?

    link to this | view in chronology ]

  • icon
    Jinxed (profile), 27 Jan 2017 @ 1:30pm

    All this government "backdoor" stuff is starting to hurt.

    For once, I wish they'd use lubricant.

    Oh, you mean those backdoors.

    Sorry. When it comes to the government, such wording can be confusing given how much the government has been screwing everyone in the backside for decades.

    link to this | view in chronology ]

  • identicon
    Rekrul, 27 Jan 2017 @ 1:33pm

    They keep stressing "lawful authority" or "lawful court orders". Someone should tell them if they were using "lawful" methods to get access to people's data then, companies wouldn't be rushing to encrypt all the data now.

    link to this | view in chronology ]

    • icon
      That One Guy (profile), 27 Jan 2017 @ 3:42pm

      Re:

      It's also a weasel-term. Torture was(and likely will be again) 'lawful', slavery was 'lawful', internment camps on US soil were 'lawful'. If the best argument they have is that what they're doing is 'lawful' then they're admitting that they cannot defend their actions honestly.

      link to this | view in chronology ]

      • identicon
        Cowardly Lion, 28 Jan 2017 @ 8:22am

        Re: Re:

        +1

        It always brings to mind Darth Palpatine oozing raw naked villainy with the classic: "I will make it legal..."

        link to this | view in chronology ]

  • identicon
    Lawrence D’Oliveiro, 27 Jan 2017 @ 1:45pm

    Why Don’t The NSA Do It?

    The NSA is supposedly the largest pool of cryptology talent anywhere in the world. And it’s in the pay of the US Federal Government. If anybody can come up with an encryption system that is simultaneously secure against criminals and crackable by law enforcement, why don’t they show us how it’s done? And make the entire unclassified research community look silly into the bargain?

    I’m sure they would be champing at the bit to do that, if they could.

    Maybe Trump can contribute the pixie dust by issuing another Executive Order...

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2017 @ 6:32pm

    they are just chipping away at privacy for false security

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2017 @ 6:52pm

    Chew on this, just suppose California, Oregon, and Washington secede and form a new nation, the Republic Of Pacifica

    Since Apple would be in Pacifica, they would not have to obey any restrictions on encryption in the remaining United States.

    Since Apple's and Google's servers would be in the Republic Of Pacifica, if this happened, they would only have to obey Pacifican law, and their services would no longer be subject to United States laws.

    If, say, the remaining United States outlawed VPNs, VPN providers in Pacifica could supply VPN services, and Pacifican companies would not be subject to United States laws. They would only have to obey Pacifican laws.

    Samet thing if the US passed laws requiring VPNs to log user activity. A VPN service in Pacifica, if the Pacifican nation comes into being, will only have to obey the Pacifican law, regarding their VPN sevice. The remaining United States would have no jurisdicton over Internet services in Pacifica if this happened.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Feb 2017 @ 7:47am

    They can overcome encryption... they just need to nerd harder.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.