Deputy AG Pitches New Form Of Backdoor: 'Responsible Encryption'
from the laugh-and-the-world-laughs-with;-pull-this-crap-and-you're-on-your-own dept
The DOJ is apparently going to pick up where the ousted FBI boss James Comey left off. While Attorney General Jeff Sessions continues building his drug enforcement time machine, Deputy AG Rod Rosenstein is keeping the light on for Comey's prophesies of coming darkness.
Rosenstein recently gave a speech at the US Naval Academy on the subject of encryption. It was… well, it was pretty damn terrible. Once again, a prominent law enforcement official is claiming to love encryption while simultaneously extolling the virtues of fake encryption with law enforcement-ready holes in it.
The whole thing is filled with inadvertently hilarious assertions, like the following:
Encryption is a foundational element of data security and authentication. It is essential to the growth and flourishing of the digital economy, and we in law enforcement have no desire to undermine it.
Actually, Rosenstein has plenty of desire to do that, which will be amply demonstrated below, using his own words.
But the advent of “warrant-proof” encryption is a serious problem. Under our Constitution, when crime is afoot, impartial judges are charged with balancing a citizen’s reasonable expectation of privacy against the interests of law enforcement. The law recognizes that legitimate law enforcement needs can outweigh personal privacy concerns.
The law indeed recognizes this and provides law enforcement access to communications, documents, etc. with the proper paperwork. What the law cannot do is ensure the evidence is intact, accessible, or exactly what law enforcement is looking for.
Rosenstein is disingenuously reframing the argument as lawful access v. personal privacy, when it's really about law enforcement's desires v. user security. The latter group -- users -- includes a large percentage of people who've never been suspected of criminal activity, much less put under investigation. Weakened encryption affects everyone, not just criminal suspects.
Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection, especially when officers obtain a court-authorized warrant. But that is the world that technology companies are creating.
Our society has had plenty of systems where evidence was "impervious to detection." Calls, text messages, emails, personal conversations, passed notes, dead drops, coded transmissions, etc. have existed for years without law enforcement complaining about everything getting so damn dark. Law enforcement has never had 100% access to means of communications even with the proper paperwork in hand. And yet, police departments and investigative agencies routinely solved crimes, even without access to vast amounts of personal communications.
Rosenstein follows this loop a few times, always arriving at the same mistaken conclusion: law enforcement should be able to access whatever it wants so long it has a warrant. Why? Because it always used to be able to. Except for all those times when it didn't.
Since Rosenstein isn't willing to handle the encryption conversation with any more intellectual honesty than the departed James Comey, he's forced to come up with new euphemisms for encryption backdoors. Here's Rosenstein's new term for non-backdoor encryption backdoors.
Responsible encryption is achievable. Responsible encryption can involve effective, secure encryption that allows access only with judicial authorization.
At worst, this means some sort of built-in backdoor, sort of what Blackberry uses for its non-enterprise customers. Nearly just as bad, this possibly means key escrow. These are the solutions Rosenstein wants, but he doesn't even have the spine to take ownership of them. Not only does the Deputy AG want tech companies to implement whatever the fuck "responsible encryption" is, he wants them to bear all expenses, cope with customers fleeing the market for more secure options, and be the focal point for the inevitable criticism.
Such a proposal would not require every company to implement the same type of solution. The government need not require the use of a particular chip or algorithm, or require any particular key management technique or escrow. The law need not mandate any particular means in order to achieve the crucial end: when a court issues a search warrant or wiretap order to collect evidence of crime, the provider should be able to help.
In other words, the private sector needs to build the doors and hold the keys. All the government needs to do is obtain warrants.
Rosenstein just keeps piling it on. He admits the law enforcement hasn't been able to guilt tech companies into backdooring their encryption. That's the old way. Going forward, the talking points will apparently portray tech companies as more interested in profits than public safety.
The approach taken in the recent past — negotiating with technology companies and hoping that they eventually will assist law enforcement out of a sense of civic duty — is unlikely to work. Technology companies operate in a highly competitive environment. Even companies that really want to help must consider the consequences. Competitors will always try to attract customers by promising stronger encryption.
That explains why the government’s efforts to engage with technology giants on encryption generally do not bear fruit. Company leaders may be willing to meet, but often they respond by criticizing the government and promising stronger encryption.
Of course they do. They are in the business of selling products and making money.
In other words, tech companies are doing it for the clicks. This is a super-lazy argument often used to belittle things someone disagrees with. (A phrase that has since been supplanted by "fake news.") This sort of belittling is deployed by (and created for) the swaying of the smallest of minds.
Having painted the tech industry as selfish, Rosenstein airlifts himself to the highest horse in the immediate area.
We use a different measure of success. We are in the business of preventing crime and saving lives.
The Deputy AG makes a better point when he calls out US tech companies for acquiescing to ridiculous censorship demands from foreign governments. If companies are willing to oblige foreign governments with questionable human rights records, why can't they help out the US of A?
It's still not a very strong point, at least not in this context. But it is something we've warned against for years here at Techdirt: you humor enough stupid demands from foreign governments and pretty soon all of them -- including your own -- are going to start asking for favors.
It would be a much better argument if it wasn't tied to the encryption war Rosenstein's fighting here. Comparing censorship efforts and VPN blocking to the complexities of encryption isn't an apples-to-apples comparison. Blocking or deleting content is not nearly the same thing as opening up all users to heightened security risks because the government can't get at a few communications.
Whatever it is Rosenstein's looking for, he's 100% sure tech companies can not only provide it, but should also bear all liability for anything that might go wrong.
We know from experience that the largest companies have the resources to do what is necessary to promote cybersecurity while protecting public safety. A major hardware provider, for example, reportedly maintains private keys that it can use to sign software updates for each of its devices. That would present a huge potential security problem, if those keys were to leak. But they do not leak, because the company knows how to protect what is important. Companies can protect their ability to respond to lawful court orders with equal diligence.
It's that last sentence that's a killer. This is Rosenstein summing up his portrayal of tech companies as callous, profit-seeking nihilists with a statement letting everyone know the DOJ will pin all the blame for any future security breaches on the same companies who got on board with the feds' "nerd harder" demands.
This is a gutless, stupid, dishonest speech -- one that deliberately misconstrues the issues and lays all the blame, along with all the culpability on companies unwilling to sacrifice users' security just because the government feels it's owed access in perpetuity.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, encryption, going dark, moral panic, nerd harder, responsible encryption, rod rosenstein
Reader Comments
Subscribe: RSS
View by: Time | Thread
Well, come on, now... we’re all adults here. I mean, there’s “encryption”, and then there’s encryption. (wink-wink)
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
But they do. And when it happens things go to hell and people get their stuff exposed. Companies that know their shit don't hold the keys so when things leak the only ones at risk are users that do security wrong (or their threat model says they don't need to go further, who knows?). And these companies cannot control their users. I use Google Drive for storage. All the files are encrypted prior to upload in my hard drive and Google can't do a thing about it. As the attacks on privacy and security continue people are getting more and more aware of the issue and will act accordingly. Good luck controlling open source encryption.
[ link to this | view in chronology ]
Re:
You must be thinking of user keys. That reference was to code-signing keys, which also leak. Ignore the bad headline—nothing was "stolen", and "certificates" are public. But people are finding and copying private code-signing keys, and using them to sign malware. The article gives several examples.
Companies have to hold code-signing keys. Unless they want to outsource that to "the cloud", which is a horrible idea. Doing this securely requires an expensive and complicated setup which small companies aren't likely to do, and aren't likely to reconsider once they become large.
[ link to this | view in chronology ]
Re:
Create a corporate web site or app these days with ASP.NET, and Microsoft wants you to use OAuth to authenticate users. "They'll be logged in automatically if they're already logged into FaceBook or Twitter! Account information is automatically shared with other sites!" They even removed the old authentication tools from Visual Studio to force developers in this direction.
I just picked up a spherical image camera. Ricoh will host those images for you, complete with scripting and other technologies that will let the viewer pan around the images with their mobile and desktop browsers.
But to create and log into your account, you MUST use a FaceBook or Twitter account. And hand over your login credentials to Ricoh.
It's as though the industry has looked at security breaches from Target to Equifax and asked, "How can we top that?"
[ link to this | view in chronology ]
Re: Re:
You mean? How can we "monetize that"? They don't give a shit about the consequences until the first lawsuit or legal charge arrives.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Responsible Encryption is REAL encryption.
Not a great allusion to bring up when you are talking about adding a backdoor into security!
Side Note: TD Staff, I expect a new T-shirt!
[ link to this | view in chronology ]
Re: Responsible Encryption is REAL encryption.
Why not? Most internet users have never heard of it, and no court ever ruled on it (it failed in the marketplace, in favor of totally unencrypted traffic). It wouldn't even be that bad if people had to use the Clipper chip—the backdoor is totally broken, after all: "A brute-force attack would quickly produce another LEAF value that would give the same hash but not yield the correct keys after the escrow attempt. This would allow the Clipper chip to be used as an encryption device, while disabling the key escrow capability." (The key length is weak by modern standards, but nobody's been able to break the full cipher.)
[ link to this | view in chronology ]
IRRESPONSIBLE encryption
How you use language is important.
[ link to this | view in chronology ]
History Repeating
[ link to this | view in chronology ]
Re: History Repeating
They did, that's why this time they're trying to dump the entire thing on the companies in question, so that when it fails to work they can look shocked, shocked I say, that the magical unicorn gates they are sure is possible didn't work, obviously because the companies didn't really try, or really care enough about the public.
[ link to this | view in chronology ]
It still galls me how these people talk out of both sides of their mouths like this. They go on and on about how the Constitution provides for a "lawful access" through a judge and warrant, while also fighting tooth and nail against those who say that the laundry list of things they get their hands on without a warrant (the whole "third-party" process) should be subject to judicial review as well.
If these agencies hadn't gone so far in the scope of what they demand in those contexts---in other words, if they had gone and gotten a warrant---then maybe, just maybe, the landscape would be a little different today.
[ link to this | view in chronology ]
Would you support a local law where you had to submit a house key to be kept in the police station? And what if there were a history of the keepers of the keys using them for personal gain, or just outright losing them?
Nobody in their right mind would support such a law, but that's almost exactly what the DOJ is proposing now.
[ link to this | view in chronology ]
Wrong analogy
What if the government mandated that house locks can't be made to be "too secure". And call it Responsible Security.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Isn't this the job of the NSA, GCHQ, et-al? They are the supposed experts in this stuff. Is it because even they know it is impossible?
Interestingly two blockchain based schemes invented by the NSA have been rejected by ISO because they are thought to be backdoored.
Everyone seems to know what these idiot politicians is asking for is impossible.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Because if they did that then when it was proven to be impossible it would be much more difficult for them to turn around and insist that private companies, who don't have the resources of major government agencies to throw around, can do what they cannot.
[ link to this | view in chronology ]
legitimate law enforcement needs
Therefore we need to do something about the problem of windows "going dark". Yes, I'm talking about opaque window blinds, curtains and other coverings. Note that I'm not suggesting that people should not have window coverings, but just that they should be "responsible coverings" with holes big enough to let law enforcement see everything going on inside. Of course, law enforcement will be told to look away when they pass by windows unless they a warrant. That should take care of any legitimate privacy concerns.
Now I'm sure some people will object to this modest proposal, but remember, law enforcement needs outweigh personal privacy concerns.
[ link to this | view in chronology ]
Re: legitimate law enforcement needs
... unless they have a warrant.
[ link to this | view in chronology ]
Re: Re: legitimate law enforcement needs
[ link to this | view in chronology ]
Quis custodiet ipsos custodes?
Who are the 'good guys'?
Because, as a non-US-citizen, I sure as hell don't trust the USA Government to do it.
Maybe we should give these to the International Court of Justice in The Hague.
(And you Americans can play along if you join the program... all of it)
[ link to this | view in chronology ]
Re: Quis custodiet ipsos custodes?
Think of the StingRay cellphone surveillance devices. Originally for counter-terrorism and national security users. Now operated in the US alone by over a dozen federal departments and in widespread use by state and local police. And by local police forces in other countries including Canada and the UK. With 12 private companies in the UK alone exporting them Saudi Arabia, UAE, and Turkey and elsewhere.
Those keys will be shared far and wide.
[ link to this | view in chronology ]
https://en.wikipedia.org/wiki/List_of_data_breaches
That's quite a list of companies...Including various departments of the US Government.
[ link to this | view in chronology ]
Quit Horsing Around
Don't you mean "highest unicorn"?
[ link to this | view in chronology ]
Re: Quit Horsing Around
[ link to this | view in chronology ]
Al this evidence that he wants to access has only existed between the widespread adoption of the Internet and strong encryption being implemented. All strong encryption is doing is restoring some of the privacy that existed before the Internet.
[ link to this | view in chronology ]
Oh, this has bullshit written all over it. Remember those gangster movies where they turned the radio way up in the backroom and then spoke softly ... yeah - that was only a movie and did not/does not actually happen ... or anything remotely similar.
[ link to this | view in chronology ]
Re:
Encryption backdoors are the equivalent of the good old rubber hose. Whether or not they get evidence using it, they get what they want.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
That's next. The argument will be "if you don't want people to know what you're thinking, maybe you shouldn't be thinking it."
[ link to this | view in chronology ]
Re: Re: Re:
That's next.
No, that's now. With more than zero courts holding that forcing someone to provide a password to decrypt/unlock a device is not a violation of their rights in a very real sense it is legal to force someone to provide the contents of their mind(and punish them for refusing to do so), at least as it extends to particular facts.
[ link to this | view in chronology ]
Let us imagine the impossible...
This is still only the first third of the problem... I have heard no mention at all about what they are ever going to do when the rest of the worlds governments are going to require access to the same data. I am guessing that they would try to make it illegal to give access to foreign countries, but that would put every company in a position where they would have to chose between the US market and the rest of the world.
The last third is what they are going do about foreign encryption or self-made encryption? I am guessing that they would try to make that illegal as well, which would mean that all software would have to be approved by the government and then locked down to prevent tampering... bye bye open source.
I might be wrong here because I am not an expert in encryption and how it is implemented but it is surely a loosing battle no matter what they want to call backdoors.
These subjects are often brought up here, but it is the lack of recognition from the politicians of the whole process that I am missing.
[ link to this | view in chronology ]
Re: Let us imagine the impossible...
[ link to this | view in chronology ]
2 out of 3
[ link to this | view in chronology ]
This is BULLSHIT
[ link to this | view in chronology ]
Code-signing versus key-breaking keys
Code-signing keys are extremely dangerous in the wrong hands. For a given provider and given key, they're also legitimately used very rarely (comparatively speaking): needing it once a week, every week, is probably rare, and most are more in the range of once a month or once every few months. Compare that to the warrant submissions we know about (thus excluding all the gag-order protected warrants), which number in the dozens or hundreds per day. When access is once a week (or less), it's viable to have some fairly onerous procedures associated with using the key:
Not all companies use all, or even most of these, but at the frequency involved, they could. Now picture trying to use that type of procedure to protect a key that is needed every time the government shows up with a decryption warrant. There'd be no way to process all those warrants in a sufficiently timely manner (using the government's definition of "sufficient", of course) and still follow the onerous procedure. The only "responsible" way to handle it (again, government's definition) would be to streamline the process so that decrypting the material is much less onerous. If we streamline away from the onerous security-focused procedure, then we're no longer securing the master decryption key(s), so the comparison to code-signing keys is no longer appropriate.
[ link to this | view in chronology ]
Re: Code-signing versus key-breaking keys
[ link to this | view in chronology ]
Re: Code-signing versus key-breaking keys
Or you can split keys, and recombine them only when needed. Bonus: if using the Merkle signature scheme you'd be safe from quantum computers.
It's not terribly expensive to make sure the key is offline, and never held in one place. It could be as simple as passphrase-protected keys stored in employee's cars, with any small subset needed able to sign. You don't need guards with nuclear-submarine-style key-turning but you do need to plan ahead.
[ link to this | view in chronology ]
"We're not asking for the impossible, we just want you draw 7 invisible lines using red ink that are all perpendicular."
https://www.youtube.com/watch?v=BKorP55Aqvg
[ link to this | view in chronology ]
No
No, I am absolutely done giving them the benefit of the doubt on this subject.
Anyone of any notable rank/position calling for compromising encryption at this point should be assumed by default to be either grossly irresponsible in deliberately not researching the subject enough to understand what they are talking about, or grossly dishonest in knowingly asking for something that that they know is impossible and that will have significant negative impacts on the security of the general public.
At this point there is no justification for people of his rank not having done their research on the subject before speaking, so the assumption should be malice and/or willful ignorance by default.
[ link to this | view in chronology ]
Re: No
1. They are seen as doing "something". This is of course false since we know that what they are asking for is impossible, so they are just wasting time they could have spent on better issues, but fighting terrorism is all the rage.
2. It is a Win-Win situation. Whatever the outcome, their career or life is not going to be impacted much because they can just blame the tech industry for not coming up with a good enough solution that was broken or for not coming up with a solution at all. They will play the ignorance card because who can expect them to understand the "magic of tech".
3. They are trying to make it seem like it is a David-vs-Goliath kind of fight. They are the underdog who is fighting the big and bad tech industry. I am quite sure that those of us who are interested in the subject or work in tech see it the other way around.
4. They are trying to use peoples fear of change, where tech is one of the fastest provokers of change, to fuel the fire. Nobody really likes things to change too much and unless you are very aware, changes are easy to see as bad. I work in the industry and it can be frustrating to not being able to keep up and understand the new technology that comes out every day, so I can imagine how everyday Mr. and Ms. Jones feels. Just this point alone is probably the most dangerous because it can drive people to do stupid and dangerous things just to feel like they are in control.
[ link to this | view in chronology ]
Reality: If we get our tech companies to do what we want, people will soon stop using our tech companies.
[ link to this | view in chronology ]
Sure! Right after you demonstrate 'Responsible Government.'
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Speaking of clueless DAs...
It turns out that he's done quite a good job sabotaging his own cases -- when he was well-paid to do so. As has been reported multiple times in the last week, most recently by the Daily Beast, when he was bribed by filth like Donald Trump Jr, Harvey Weinstein, and Ivanka Trump -- some of the world's most vile, disgusting pieces of filth in human form -- he let them walk.
See for an introduction: https://www.thedailybeast.com/prosecutor-threw-away-slam-dunk-cases-against-weinstein-and-trump-kids ?source=twitter&via=mobile
So any previous and any future comments from Cy Vance on the subject of encryption should be flushed down the toilet, just like he should be.
[ link to this | view in chronology ]
256 Bit Advanced Encryption Standard for All!
This is a gutless, stupid, dishonest speech -- one that deliberately misconstrues the issues and lays all the blame, along with all the culpability on companies unwilling to sacrifice users' security just because the government feels it's owed access in perpetuity.
It appears the intellectually bankrupt statist turds (ie Deputy AG Rod Rosenstein) at DoJ (HaHa) also believe unicorns that poop golden eggs exist.
Perhaps the statist turds demanding compromised encryption algorithms should lead by example?
Let these know-nothing idiots put their personal information out into the electronic jungle (ie the intertubes) using the defective data encryption methods they have suggested.
How soon until their personal data has been exploited?
Access to all data at all times is the wet dream of every petty authoritarian tyrant that has ever lived.
[ link to this | view in chronology ]
"Responsible encryption" is a great term!
"I am responsibly in love with you."
"I'll keep what you said in responsible confidence."
"I'll carry out your orders in responsible manner."
I mean, it insinuates a second overriding agenda perfectly well. "responsible" is pretty much the definition of "backdoored" or "compromised", just with a tinge of "by nominally good people". And, well, that's sort-of what the government considers itself to be. Or at least entitled to.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Clueless Deputy AG
is our nation's operating system."
Perhaps it's time for open-source for all components ?
"But increasingly, the tools we use to collect
evidence run up against technology that is designed
to defeat them." -- e.g., *flush toilets* ?
"In 2016, an attack launched against domain name
servers illustrated a significant problem. The
attack made it effectively impossible for many
users to access certain web sites for several hours."
Bad example; DNS is vulnerable precisely because it
doesn't use strong encryption; "the grid" is similarly
vulnerable.
[ link to this | view in chronology ]
Not just wrong, not just fractically wrong, but maliciously fractically wrong
Encryption is a foundational element of data security and authentication. It is essential to the growth and flourishing of the digital economy, and we in law enforcement have no desire to undermine it.
Calling a shit-sandwich anything else does not change what you're trying to force the public to eat. Blatantly lying like this does not help the credibility of the one doing so.
Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection, especially when officers obtain a court-authorized warrant. But that is the world that technology companies are creating.
Why yes as a matter of fact, it has. It's this pesky thing called 'Privacy', where people are allowed to talk and hold conversations that are not recorded, even if those conversations involve criminal activity, and even if they would have made for a guaranteed conviction if recorded.
Police and government agencies have never had access to everything, they have never had a right to everything, and they sure as hell don't have a right now just because people are increasingly changing how they communicate.
Responsible encryption is achievable. Responsible encryption can involve effective, secure encryption that allows access only with judicial authorization.
In that case do it yourself.
If you want to claim that the companies won't do it because they care more about profit than security, then surely a government with pools of money available and who does care about the public, and who knows that you can cripple encryption without sacrificing security can put together a magical unicorn gate secured by a leprechaun gold gate key.
That explains why the government’s efforts to engage with technology giants on encryption generally do not bear fruit. Company leaders may be willing to meet, but often they respond by criticizing the government and promising stronger encryption.
No? It's all on the companies to do it? The same ones that are 'criticizing' you for demanding the impossible and idiotic, who have repeatedly pointed out that stronger encryption protects the public better? Yeah, that's what I figured.
We use a different measure of success. We are in the business of preventing crime and saving lives.
In that case do your damn job and stop trying to make crime easier.
Anyone calling for compromised encryption is flat out lying if they then turn around and claim that they are in the business of preventing crime, or at the very least demonstrating that they are so grossly incompetent at it that they need to be fired immediately and blacklisted for life from ever working at any job involving security.
That would present a huge potential security problem, if those keys were to leak. But they do not leak, because the company knows how to protect what is important. Companies can protect their ability to respond to lawful court orders with equal diligence.
It takes some almost impressive willful blindness to say something like this, after the string of high-profile leaks/hacks of companies and government agencies in the past few years, and that was without companies being forced create and maintain databases filled with security keys that everyone would want to get their hands on.
If they can't secure their data before having to keep something that valuable, they would have no chance to do so afterwards, but I suppose when you don't have to do anything, and you have disclaimed any responsibility for any leaks/hacks, then anything is possible.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
It’s Like The Unclassified Sector Has A Monopoly On Encryption
After all, wouldn’t they jump at the chance to prove that the continual insistence by the unclassified research community, that it can’t be done, is just so much hot air?
[ link to this | view in chronology ]
Re: It’s Like The Unclassified Sector Has A Monopoly On Encryption
Missed a step
All they have to do is ask those boffins to come up with a workable scheme, personally use it long enough to demonstrate it's security and continue to use it, then show it to the rest of us and say “I told you so”.
If they believed it to be secure enough for their own use, then I might start to think that they'd managed to accomplish the impossible(well, probably not, because the 'Trust the NSA/GCHQ' ship has sailed, hit an iceberg, and sank years ago, but it would be a start).
[ link to this | view in chronology ]
Re: Missed a step
[ link to this | view in chronology ]
[ link to this | view in chronology ]
thy're the good guys
But lets just focus on the good guys. They wouldn't deliberately open the backdoor to the baddies. Although thinking about it they have already shown how little they understand about cyber security.
look the point is they are the good guys, and won't compromise our security on purpose, and we need to remember that.
[ link to this | view in chronology ]
Analogy
AS
Trump is to president
[ link to this | view in chronology ]
[ link to this | view in chronology ]