Deputy Attorney General Rosen: Companies Like Facebook Are Making Everyone Less Safe By Offering Encryption
from the 'for-the-children'-beats-out-'because-terrorism' dept
The federal government's anti-encryption push is starting to turn into a really weird movement. Yanking pages from the FOSTA playbook, Attorney General William Barr threw an anti-encryption party featuring him, FBI Director Chris Wray, Deputy AG Jeffrey Rosen, and some overseas critics of secure communications.
It was full of loaded language, beginning with the conference's name:
Lawless Spaces: Warrant-Proof Encryption and Its Impact On Child Exploitation Cases
This is how the DOJ and FBI are going to play this game: the specter of exploited children vs. secure communications for millions of Facebook users. Facebook is definitely the target. This conference -- which featured zero tech experts or encryption advocates -- was preceded by the announcement of a data-sharing agreement between the US and UK government that namechecked Facebook's Messenger and WhatsApp.
It was also preceded by Attorney General William Barr's letter to Facebook, asking it to drop its plans to add end-to-end encryption to Messenger. The letter, signed by the participants in this one-sided conference, said the addition of encryption -- without some form of "lawful access" -- would result in massive amounts of undetectable child exploitation.
Now that William Barr has said his piece, the floor has been opened up to DOJ Deputy Attorney General Jeffrey Rosen. Rosen's pitch isn't all that different from the one Barr laid out in his open letter to Facebook. But Rosen does add a bit more color to his in the form of questionable analogies.
Outside the digital world, none of us would accept the proposition that grown-ups should be permitted to mingle in closed rooms with children they don’t know in order to groom them for sexual exploitation. Neither would we ever accept the idea that a person should be allowed to keep a hoard of child sexual abuse material from the scrutiny of the justice system when all of society’s traditional procedures for protecting the person’s privacy, like the Fourth Amendment’s warrant requirement, have been satisfied. But in the digital world, that is increasingly the situation in which we find ourselves.
First off, no one finds the propositions Rosen offers acceptable -- not the digital variety nor the real-world version. However, both versions still happen, with or without "lawful access." It's not that the DOJ and FBI shouldn't go after child exploiters. It's that pretending that undermining encryption will cause "lawless spaces" to cease to exist isn't an honest approach.
To be fair, Rosen isn't saying exactly that. But what he's pitching is encryption backdoors that will result in millions of insecure communications for millions of people. The potential for harm is immeasurable. But we -- and our service providers -- should apparently be willing to take that risk so law enforcement has easier access to these communications. That's the trade-off being demanded, even if Rosen, Barr, etc. aren't intellectually honest enough to use those exact words.
The intellectual dishonesty continues with Rosen's refusal to call backdoors "backdoors."
I am not for a moment suggesting that we should “weaken” encryption. As we confront the problem of “warrant-proof” encryption, nobody is calling for secret “back doors” to communications systems, even though that is often how the issue is misreported. As FBI Director Wray said this morning, law enforcement seeks a front door — that is, access through a transparent and publicly acknowledged system, and only once we have secured the authorization of a court. And we don’t want the keys to that door. The companies that develop these platforms should keep the keys, maintaining their users’ trust by providing access to content only when a judge has ordered it.
If you put an entrance anywhere, the building is compromised. A hole in a wall, floor, roof, wherever, is still a hole. It doesn't matter who holds the keys. The keys exist and can be copied or misplaced. Law enforcement may need a warrant, but criminals and state actors only need access to the key. Dressing it up as an escrow system doesn't magically make this problem go away.
Rosen is calling for more than backdoors. Using another emotional argument, Rosen appears to saying the government should be allowed to eavesdrop on encrypted communications.
Every day, companies like AT&T, Verizon, and Sprint provide law enforcement with targeted lawful access to the content of phone communications in ways that promote public safety — but only after the government has complied with the rigorous requirements of the law, and a judge has authorized access. Why should internet technology companies operate under different rules? For a young girl who is being trafficked for sex, it makes no difference whether her tormenters are communicating via traditional voice calls over a cell phone, or via an encrypted internet app. But it makes a huge difference to the investigators trying to find her, as they can gather the first category of electronic evidence, but not the second. From a policy point of view, it doesn’t make any sense.
The example Rosen uses is wiretaps. The FBI would definitely like to be the unseen party to any number of conversations, especially now that most of them don't take place over the phone. With this, Rosen is asking for more than unencrypted access to data at rest. He's asking for a "non-backdoor" that allows investigators to intercept communications. This increases the complexity of the government's demands and the insecurity of the targeted app's users.
Rosen says 70% of 16 million child sexual abuse reports Facebook made last year originated from its Messenger service. Once end-to-end encryption is applied, these messages will no longer be visible to Facebook, in addition to being less accessible to law enforcement. He compares the millions of Facebook reports to the very limited number produced by Apple, which has provided end-to-end encryption for a few years now. Apple has forwarded a little over 200 tips over the last three years. As Rosen conjectures, it can't simply be because no child abusers use iPhones.
Rosen isn't wrong. Encryption will result in far fewer reports, if Facebook can't scan messages for child porn. But he's completely wrong in his portrayal of the trade-offs being made.
Some companies have completely favored the privacy of their users over the safety of their users.
This isn't about privacy, even though there is definitely a net privacy gain. It's about security, something even the government realizes is essential for electronic communications. But the government wants less security for everyone, in exchange for an unknown quantity of law enforcement "wins." Rosen actually says users are "safer" when their communications providers scan communications for illicit content -- an argument few outside the FBI and DOJ would make. Rosen is spinning this from the viewpoint of law enforcement riding to the rescue of victimized children. But it won't just be the FBI making use of backdoors or intercepted communications. It will also be governments who treat criticism and dissent as crimes, which definitely makes things less safe for millions of people around the world.
Rosen closes with this last bit of intellectual dishonesty:
If we are to move to a world where even judge-approved search warrants become useless to the protection of exploited children, and to public safety more broadly, our country needs an open discussion of the costs some such technology platforms will be imposing on all of us. If our efforts to make the virtual world more secure leave us more vulnerable in the physical world, that decision should be an informed one.
But Rosen and the agencies he's speaking for don't want an "informed" decision. They've spent years blowing off experts who say what they want will result in less security and safety for users, as well as pointing out the impossibility of creating a "secure" backdoor. You only need to look at the speaker list for this event to see the DOJ and FBI aren't interested in being informed. When the only people being asked for opinions are those who think undermining encryption is a necessity, you're going to come to the conclusion that undermining encryption is a necessity.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, encryption, going dark, jeffrey rosen, security
Companies: facebook
Reader Comments
The First Word
“The real problem is those who would trade liberty for security also destroy liberty for those who would not make that trade.
made the First Word by Ninja
Subscribe: RSS
View by: Time | Thread
The Entire NSA is violating the law why should we trust more?
The constitution gives us lots of rights and promises that the government can't or won't do certain things. The NSA has been violating those since its very beginning and has no obtained enough dirty secrets to start blackmailing the government. Prove me wrong or start over with a new government.
[ link to this | view in thread ]
Privacy is part of Safety
The earliest forms of ciphers were to keep messages private . . . for safety of the sender and receiver of the messages. Alex and Bob want to exchange messages privately, keeping Eve from reading them.
From those earliest primitive ciphers, there are various advances in how to encrypt messages to keep them private, and thus safe, between the sender and receiver. As Eve gets more clever and cunning, Alex and Bob must improve their cipher technology to remain safe.
Everything about cipher technology is now published openly in textbooks. Would the US stop someone from exiting or entering the country with a widely published academic technical textbook under their arm? Let's burn the books!
[ link to this | view in thread ]
Re: The Entire NSA is violating the law why should we trust more
--- BEGIN ROT13 ENCRYPTED MESSAGE ---
Jura cevinpl naq rapelcgvba ner bhgynjrq, bayl bhgynjf jvyy unir cevinpl naq rapelcgvba.
--- END ROT13 ENCRYPTED MESSAGE ---
[ link to this | view in thread ]
"This is how the DOJ and FBI are going to play this game: the specter of exploited children vs. secure communications for millions of Facebook users."
Ah, that repulsive old trick of trying to screw every member of a community and make it look righteous by claiming it's "for the children".
You'd think the law enforcement arms of government should consider themselves above the cheap rhetoric of a third-rate divorce lawyer or copyright troll litigator. Apparently that just isn't the case.
[ link to this | view in thread ]
Re:
Of course it's for the children, Exhibit A: NSA's LOVEINT!
[ link to this | view in thread ]
Are these the same people who complained about being spied upon?
[ link to this | view in thread ]
Re:
False Dichotomy, amazingly, works on some people.
[ link to this | view in thread ]
16 million reports? That seems.... bad.
US population is about 329 million. So 16 Million reports would be one report for about every 20 people.
If there are no false positive and duplicates that means probably greater than 1 in every 20 adults is an offender (greater because the population count is note entirely adults, and also it's likely not all cases are reported).
My gut reaction is: "Get better statistics".
[ link to this | view in thread ]
Probable Cause and the connection to Parallel Construction
As pointed out n the article, the changes requested will not only impact the US, the only place the 4th Amendment applies (though other countries may have similar rules) those changes will cause impact...everywhere.
In thinking about Rosen's insistence that they will only use their new power when 'judge approved' means that in order to get access to that power they need to provide probable cause. If they have probable cause then they have enough information to investigate. If they have enough information to investigate then why do they need access to digital records, either live or at rest? Go investigate. If the probable cause thingy is actually valid and not made from smoke and mirrors then they would likely be able to build a case without a warrant for communications. It just take something that seems an anathema to them, hard work.
And, about that at rest part, if the alleged perpetrators have illegal stuff on their computers, it will likely be encrypted, and nothing Facebook, or Apple, or any other service provider do will impact that. Which leaves us to predict that OS level encryption is the next target on their list.
Then again, the actual purpose of these demands likely have only a small part based in sex trafficking or child porn which is an artifice to achieve unprecedented access in the furtherance of power and control over the entire populace. There are too many examples of law enforcement 'creating' probable cause scenarios that have little to do with any truth to believe that the requirement for 'judge approval' has significant reality as a protection. Judges can be snowed, and have been snowed, and will be snowed again.
Do these people really believe that the concept of parallel construction is unknown to those outside of law enforcement? I think they do realize that while parallel construction has not been found illegal (yet), it is certainly immoral, and they don't care. Listening in on what they consider 'juicy bits' will lead them to charging anyone they don't like with something, whether it has anything to do with the original 'probable cause' or not.
This entire discussion is a parallel construction for the eventual total surveillance state, and antithetical to democracy in general. Just because it might be good for law enforcement does not mean it is good for democracy (yes I know we are a democratic republic and not a true democracy which has nothing to do with my statement).
[ link to this | view in thread ]
Let's not forget...
It's true that these back doors are very dangerous from a technical security point of view. But they are also bad ideas when they're working as intended.
If these companies give that kind of access to "the authorities" in the US, they have no leverage to not give it to "the authorities" in $insert_hellhole_dictatorship_here. And even in places like the US, "the authorities" routinely break the rules, overstep their bounds, and create giant unjustifiable oppressive programs. It's stupidly dangerous, to children and everybody else, to concentrate that kind of power.
They shouldn't have that power, period, even if it could be secured, which of course it can't.
[ link to this | view in thread ]
Re:
Or, interpret the statistics you have based on reality rather than in support of your position. The article does not say that those 16 million reports were about US based users, so 1 in 20 is probably wrong on that alone. Then I would think there is a high probability that there are repeat offenders, who offend often rather than a greater number of offenders.
So two things. Get better statistics, AND, interpret them better.
[ link to this | view in thread ]
"As FBI Director Wray said this morning, law enforcement seeks a front door — that is, access through a transparent and publicly acknowledged system."
Deputy Attorney General Rosen,
I'll tell you what, you show us that you can do government business in a transparent way, and we might consider this. The government has proven again and again that we cannot trust it, and it continues to avoid transparency like the plague, through the use of NSLs, and various bulk collection programs at the NSA.
What exactly is it you don't want us to see? After all, "if you have nothing to hide, you have nothing to fear", right?
Additionally, the government needs to prove it can be trusted with our data. As a former clearance carrying victim of the OPM hack, I don't think you've earned that trust.
[ link to this | view in thread ]
I don't care
An increase or decrease in child safety is not a good enough reason to deny a nation its Rights.
[ link to this | view in thread ]
Re: Re: The Entire NSA is violating the law why should we trust
For better security you should really use DOUBLE ROT13.
Sincerely,
DOJ
[ link to this | view in thread ]
like so many other highly important positions in the USA, this one is held by a cunt who has no idea what he's talking about! before the Internet, were letters and parcels treated as if anyone from any of the security services or elsewhere could access them? no, they weren't! the only difference between then and now is the speed information can get to anywhere and everywhere! that's called 'progress'!
[ link to this | view in thread ]
So, this is Crypto Wars 3.0?
I see no reason to worry. Look at their track record; the US government doesn't know how to win wars.
[ link to this | view in thread ]
Those who would trade liberty for security deserve neither.
[ link to this | view in thread ]
Why not demand we use resealable envelopes for snailmail?
One can send childporn through mail on a microSSD, so the next logical step is to go full Gestapo mode and open all snail mail.
[ link to this | view in thread ]
Re: Re:
yeah I was assuming that a US agency primarily gets reports about US cases (which may have actually been a terrible assumption)
[ link to this | view in thread ]
Re: Re: Re: The Entire NSA is violating the law why should we tr
--- BEGIN ROT13 ENCRYPTED MESSAGE ---
--Backdoor--
Dear Mr. Rosen, careful what you wish for. Trump is reading what you are texting
--- END ROT13 ENCRYPTED MESSAGE ---
[ link to this | view in thread ]
Re:
The real problem is those who would trade liberty for security also destroy liberty for those who would not make that trade.
[ link to this | view in thread ]
I feel SO comforted
Rosen: " The companies that develop these platforms should keep the keys, maintaining their users’ trust by providing access to content only when a judge has ordered it."
That would be a judge who is a member of the largest and most corrupt criminal organization in America, the U.S. government? My trust level is so low it can't be charted.
The good news: we the people, which is we the good guys, are winning and will will win the encryption war, one way or another. The thugs in government simply can't stop its use, in secret through steganography if by no other means.
[ link to this | view in thread ]
I just had a thought
If there are back doors, well, front doors. Does that not get around privacy? As the third party has access to the info. And if they claim it's info traveling , would they not claim it's same as overhearing a plot? And from there, just easy to search people with the front door as it's held by third party, and the users know said key exists so no 4th ammendment rights?
[ link to this | view in thread ]
Re: Privacy is part of Safety
It's spelled "Alice".
[ link to this | view in thread ]
A Random thought about encryption...
[ link to this | view in thread ]
Neither would we ever accept the idea that a person should be allowed to keep a hoard of child sexual abuse material from the scrutiny of the justice system when all of society’s traditional procedures for protecting the person’s privacy, like the Fourth Amendment’s warrant requirement, have been satisfied.
But we quite literally do accept this idea. People are allowed to own safes without master keys, people are allowed to encrypt their own hard drives, people are allowed to write coded letters, people are allowed to burn documents or toss them off a bridge in the middle of the night. There is literally no aspect of society in which people are not allowed to "keep a hoard of child sexual abuse material from the scrutiny of the justice system."
[ link to this | view in thread ]
Trumps Lacky is Right
Without a governmental "back door" you and everyone you love WILL DIE!
[ link to this | view in thread ]
I'm starting to think this is just a ploy for law enforcement officers that want to look at child porn. I mean, this administration is full of pussy grabbers. Amirite?
[ link to this | view in thread ]
The people carrying out child trafficking and child porn etc. already use the dark web, and so forcing Facebook etc. to provide lawful access does not tackle the problem that they claim it tackles.
[ link to this | view in thread ]
Re: Re: Re:
My guess is that Facebook are over-reporting anyway. Given the international nature of a lot of these criminal networks, the ease with which competent criminals could obfuscate location data and the tendency to be used as a scapegoat when things go wrong, I dare say that Facebook will be forwarding anything remotely suspicious.
[ link to this | view in thread ]
Never argue with a man whose job depends on not being convinced.
As long as law enforcement defines their own job as "catching the bad guys," they have a vested interest in the continued supply of "bad guys." Strong (aka, effective) encryption disrupts that.
If people can't be easily victimized, the whole law enforcement industry becomes less important.
[ link to this | view in thread ]
Still not seeing how law enforcement backdoors would keep anyone safer, especially children.
For the government to get their judge approved warrant, they would already have to be investigating the person. Investigations don't start before the criminal act, but after. So the harm to the children or anybody else has already been done.
The only way the government's encryption backdoors would work to protect anyone is if they started arresting and charging people before the crime was committed.
[ link to this | view in thread ]
Re: Re: Privacy is part of Safety
Then why is Trent, the trusted third party, such as for example a certificate authority, a male name?
:-) Don't take it too seriously.
[ link to this | view in thread ]
Re: Re: Re: Privacy is part of Safety
Why does it matter what Trent is called? Alice's name is Alice.
[ link to this | view in thread ]
Lawful Encryption
Even an (awful) idea like lawful encryption were to exist that would give 'authorities' a way to view encrypted messages, there's absolutely no reason to think that someone already breaking the law is going to use 'lawful encryption'... they'll simple start using 'black market encryption'...
[ link to this | view in thread ]
There,s plenty of apps that have encryption built in ,the fbi is afraid because a service that has billion,s of users could provide an messaging app thats easy to use by the public.
End to end encryption means even if facebook hands over data to the fbi
it would be of no use to them.
The messaging systems used by social media service,s now
probably have weak encryption or else are sent like a sms message ,ie the messages might be recorded
by facebook or other social media platforms .
The uk government want to be provided with a third key,
so if 2 people send a message it would also be recieved by the police
or the uk equivalent to the NSA .
this profile would be invisible to the 2 people who are sending message,s
to each other ,
like a phone call is recorded without the public knowing about it.
[ link to this | view in thread ]
How about a different name ...
Instead of backdoor... how about greek entrance?
[ link to this | view in thread ]
Re: Why not demand we use resealable envelopes for snailmail?
Who says that there are not already scanning the contents of all private mail already?
If I can already do a full penetration scan in the lab, albeit slowly, who says they are not already doing it now with higher end hardware now?
[ link to this | view in thread ]
Re: Re: Re: Re: Privacy is part of Safety
[ link to this | view in thread ]
Re:
Sure it's for the children, like climate change is for the children. And like every slippery slope that one can't get up again easily.
[ link to this | view in thread ]
Lawful access?
They want lawful access. The solution is simple: Get a warrant; Force the device owner to unlock access to the messages. Can't do that? Then tough shit. Do your jobs as LE has done since forever.
The only reason to want "lawful" (read: "open") access to all messaging is to setup dragnets with watch-words and triggers so the computer can do their jobs for them. This kind of thing isn't legal in traffic enforcement and it more than likely isn't legal here.
I'll take liberty, thanks.
[ link to this | view in thread ]
Re:
Actually, law enforcement job is precisely to do proper investigative work and get evidence against such people even if they take many measures to keep their communications, files and papers well hidden, locked or destroyed.
[ link to this | view in thread ]
Re: Re: Re: Re: Privacy is part of Safety
Alice switching to Alex was his right and his choice. Stop the hate speech
[ link to this | view in thread ]
Re:
That's not quite true, the vast majority of child sexual abuse material is unprotected speech and they aren't really "allowed" to do those things. There are laws against production, distribution, possession and destruction of those things. People do it like they rob banks or shoot up bars. I do not know exactly what you are supposed to do with stuff you're not allowed possess or destroy but there are laws regulating that unprotected speech.
[ link to this | view in thread ]
What he does not say is how many criminals were arrested, tried and convicted because of those reports, which means the number may be close to zero.
[ link to this | view in thread ]
Re: Re:
What he is saying is that you cannot be compelled to produce evidence against yourself. And you can hide content on safes, illegal or not. Safes are not illegal, destroying evidence if there's no legal probe on you is not a crime per se.
[ link to this | view in thread ]
This entire fight between Facebook and the DOJ feels simulated. Both sides would benefit from a lack of encryption.
[ link to this | view in thread ]
Analysts
“I’m not saying we weaken security”
You can’t even keep conspiracies under wrap for your boss man. Your a temp lol
[ link to this | view in thread ]
Strange Question..
What did they do BEFORE smartphones??
To monitor and intercept information..
I know...
They bypassed the law and asked the phone company to install monitors...
[ link to this | view in thread ]
Re: Strange Question..
AND still the crooks got away.
[ link to this | view in thread ]
Yes, you do. It's called a church.
Who is he kidding there? After all the news we got about how the warrant requirements are so low, some judges just rubber-stamp them. Sometimes, it's not even a judge, not even an attorney general, but some random assistant.
Not to mention "secret warrants" and cases of parallel construction...
His "rigorous requirements" have been a joke for years and are getting worse by the day. Or the direct access some communication providers offer to government agencies.
He shouldn't be surprised that people and private companies decide to take the matter of securing privacy into their own hands when the government actively fights security and privacy.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Privacy is part of Safety
Everyone who has studied encryption knows the story and the names used included Alice and Bob. I do not recall an Alex but there is always an Eve.
[ link to this | view in thread ]
Re: Re: Re:
destroying evidence if there's no legal probe on you is not a crime per se
I am not sure that's true but IANAL. I think it's only true as an "innocent until proven guilty" situation.
[ link to this | view in thread ]
Re:
Are there no cell site simulators?
Are there no cell phone connection records?
For a young girl being trafficked for sex, you're not trying to find her by listening in to cell phone traffic, you're trying to make a case against her captors.
Or "captors". Perhaps you are trying to avoid making a false accusation after some meddlesome "see something-say something" reported suspicion. After all, it's not like the girl is staying with her (insert race here) grandparents, or with a relative in The Big City to get access to (insert big city service/opportunity here).
[ link to this | view in thread ]
Re: Re: Re: Re:
Do you throw your mail away once it is no longer relevant to you? That is destruction of evidence.
"Innocent until proven guilty" is irrelevant here. Destroying documents is a protected act and a necessary function of every day life. In fact, for some businesses it is REQUIRED BY LAW that they destroy documents in certain situations.
Now, if you have been served and are under legal investigation and been told to keep all your documents, yet destroy them anyway, then yes, that is a crime. But destroying documents or hitting the delete button is not a crime in and of itself.
[ link to this | view in thread ]
Re: Re:
If you know who is trafficking children, you can use their mobile phone, and the IP addresses they are using to locate them. If you do not know who they are, whose communication are you going to intercept?
[ link to this | view in thread ]
... then we will also move to a world where warrentless searches excused as "national security" will become harder.
And Tim,
Have periodically included the United States and its territories.
[ link to this | view in thread ]
Re: Re: Re:
And the best part of TXT communication, is that MOST isnt Scrambled/encoded/anything..
Its not worth the time to do anything complicated. Asking FB to do the deed and allow it to be monitored is abit stupid.
Its a Step into asking all the others to do the same thing.
BUT,
If you were really into this type of thing and wanted to keep it private and hidden, WHAT would a (somewhat) Smart person do?
Make a Private Chat/msg program...THAT DOES ensoding, based on the specific phone. And each person has to share a Code to be in that system, and to decode each msg.
OR..
You goto a System ont he net with TONS of Chat/msg and talk all you want.. It is so Busy, and complicated that Locating the group/person is Impossible...With hidden groups, private servers, Passwords(that work)(you would need 1 system from 1 of those people to get into it) that tracing their locations and soforth is ridiculous trying to get thru the VPN rerouting..
But, if you could get a major corp to say...OK, we will open it... Then you could demand ALL THE REST to follow suit.
AND make laws that demand a backdoor, to monitor Everything.
"Everything" is a big word.
How many of us have seen games that have chat rooms? Easy to find chat rooms? There are games that if you dont know the names, you will NEVER find them. From all the FB games/chats to Major Company Games and chats.. i will bet there are at least 5-10 names we could all say about Chat programs.. not including ones you have never heard of that are REALLY private and hidden.
Said before..
Monitoring the net, is Hard to do...You DONT have the man power to even Sort 1 days worth of Chats, using a computer...Let alone Private chats. Chats with programs that Dont need a central server. OR even to record voice chats. It would take 90% of the USA population to cover the world....IF you even tried.
[ link to this | view in thread ]
I’m not sure that the DOJ understands, despite the fact that it has been explained many times to them, that any attempt to add some sort of “lawful access” to an encrypted, secure system will necessarily, by definition, require weakening that encrypted system.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Privacy is part of Safety
I suppose Adam and Bob wold work.
[ link to this | view in thread ]
Re: Lawful access?
"Warrant Proof" -- no such thing.
Big Brother is merely wanting to serve the warrant upon the wrong party. Some unrelated third party in between the two parties doing the actual communicating.
[ link to this | view in thread ]
Create a common, publicly known point of failure, but it's not weakening encryption if we also tell you to nerd harder! /facepalm
If you really want to look into "lawless spaces", maybe don't back out of having the DoJ look at local PDs and enforcing consent decrees?
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
“In fact, for some businesses it is REQUIRED BY LAW that they destroy documents in certain situations.”
True dat. Anyone who’s involved in medical records for instance will (hopefully) have HIPPA document destruction requirements drilled into them.
[ link to this | view in thread ]
Re:
Either he very clearly does not understand that or he does and is just hoping someone will "nerd harder" and come up with something despite every security professional on Earth telling him he's wrong.
And nobody coming up with anything in the years since this brain-dead "war on encryption" began is sufficient evidence that it can't be done. If there's one thing science likes more than doing the right thing, it's a challenge; If this were a solvable problem it would be solved by now.
[ link to this | view in thread ]
Re: Re:
To be clear, I meant that “Nerd Harder” wouldn’t work. It’d be like, “Make this red truck greener without reducing its redness.”
[ link to this | view in thread ]
Re: Re: Privacy is part of Safety
Alex and Bob. The original, generic characters. Generally, Alice and Bob want to exchange a message or cryptographic key.
Carlos or Charlie. A generic third participant.
Carol. A third participant, usually of malicious intent.[11]
Cindy. A password cracker, often encountered in situations with stored passwords.
Dan, Dave or David. A generic fourth participant.
Eve. An eavesdropper, who is usually a passive attacker. While they can listen in on messages between Alice and Bob, they cannot modify them. In quantum cryptography, Eve may also represent the environment[clarification needed].
Faythe. A trusted advisor, courier or intermediary. Faythe is used infrequently, and is associated with Faith and Faithfulness. Faythe may be a repository of key service or courier of shared secrets.[citation needed]
Grace. A government representative. For example, Grace may try to force Alice or Bob to implement backdoors in their protocols. May also deliberately weaken standards.[citation needed]
Heidi. A mischievous designer for cryptographic standards, but rarely used.[12]
Judy. A judge who may be called upon to resolve a potential dispute between participants.
Melony. A malicious attacker. Associated with Trudy, an intruder. Unlike the passive Eve, Melony is an active attacker (often used in monkey-in-the-middle attacks), who can modify messages, substitute messages, or replay old messages. The difficulty of securing a system against Melony is much greater than against Eve.
Oscar. An opponent, similar to Mallory, but not necessarily malicious.
Pat. A prover, who interacts with the system to show that the intended transaction has actually taken place. Pat is often found in zero-knowledge proofs. Similar to Victor.
Rupert. A repudiator who appears for interactions that desire Non-repudiation.
Sybil. A pseudonymous attacker, who usually uses a large number of identities. For example, Sybil may attempt to subvert a reputation system. See Sybil attack.
Trent. A trusted arbitrator, who acts as a neutral third party.
Trudy. An intruder.
Victor. A verifier, similar to Peggy or Pat.
[ link to this | view in thread ]
Re: Re: Re:
“Make this red truck greener without reducing its redness.”
Okay, someone said "nerd harder" so I have to point this out.
You can make a red truck greener without reducing its redness technically. You need to get its body to emit more photons in the green wavelength without reducing the number of photons emitted in the red wavelength. This means the truck body must be made brighter but it is actually possible to do.
[ link to this | view in thread ]
Re: Re: Re: Re:
Smart ass. :P
[ link to this | view in thread ]
The 'ignorance' excuse was thrown out YEARS ago
They know, it's been explained to them more than enough times for them not to know and it's not like they're blithering idiots, it's just they refuse to accept what people have told them because it's contrary to what they want, and they aren't honest enough to admit that they are willing to have the public pay the price that deliberately weakened encryption would cost.
[ link to this | view in thread ]
Know-Nothing Nincompoops, Data Encryption and DoJ
Deputy Attorney General Rosen: Companies Like Facebook Are Making Everyone Less Safe By Offering Encryption
Its is clear Deputy Attorney General Rosen and his DoJ ilk are know-nothing nincompoops posing as serious people.
Mayhap Deputy Attorney General Rosen would like to lead by example?
Dear Deputy Attorney General Rosen - lets conduct an experiment where we pretend to remove all forms of data encryption from your stupid phone. Then you get to take your stupid phone out into the great wide expanse of the world and see how long it takes before all the personal information stored in your stupid phone is exploited.
Sound like fun?
[ link to this | view in thread ]
Re: The 'ignorance' excuse was thrown out YEARS ago
I’m not saying it’s an excuse. Willful ignorance is no excuse, but it is still ignorance.
[ link to this | view in thread ]
Liar
A lawless, unaccountable government agency that routinely breaks what few laws apply to them with impunity. When they don't get what they want, they lie. They want easy access to everyone's communications. They will do everything by the book this time, they pinky swear. Hmmm. What should we do?
[ link to this | view in thread ]
Re: Re: The 'ignorance' excuse was thrown out YEARS ago
That's the thing though, they are almost certainly not ignorant, as while they may not have known about the subject before they starting talking by this point so many people have pointed out how and why they are wrong it's almost literally impossible to believe that they are still ignorant rather than dishonest.
[ link to this | view in thread ]
Re:
Some of them would have come up considerably just to meet that level.
[ link to this | view in thread ]
Re: I feel SO comforted
Corruption is only bad when it happens in other countries.
[ link to this | view in thread ]
Re:
Ever seen a TSA lock? You know, the kind that the government has master keys for?
For how much longer? And within 100 miles of a border?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Privacy is part of Safety
don't be an asshole
[ link to this | view in thread ]
Re: Re:
Report != unique offender
[ link to this | view in thread ]
Re: Re:
And never actually get that purported security upgrade.
[ link to this | view in thread ]
Re: The 'ignorance' excuse was thrown out YEARS ago
[ link to this | view in thread ]
Re: Re: Re:
Report != any kind of offender, until the person has been investigated, charged and convicted. I do wish people would remember that.
[ link to this | view in thread ]
Fireman's key box for Rosen
Since only firemen have the key and would only use it lawfully, Rosen should show his respect for the law by having the key to his house in a fireman's key box right next to the door of his personal house. WCGW?
[ link to this | view in thread ]
Re: A Random thought about encryption...
Citizen, you are sacrificing the safety of children nationwide by posting your message in a warrant-proof format.
[ link to this | view in thread ]
Re: The Entire NSA is violating the law why should we trust more
Not that you're wrong, but that isn't how burden of proof works.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Privacy is part of Safety
Yep there is always an Eve...
https://lyrics.fandom.com/wiki/MC_Plus%2B:Alice_And_Bob
[ link to this | view in thread ]
Re: Re: Re: Privacy is part of Safety
This looks like a Wikipedia list but isn't, must be from some other wiki. I've always seen it "Mallory", as in malicious actor, not Melony.
https://en.wikipedia.org/wiki/Alice_and_Bob#Cast_of_characters
[ link to this | view in thread ]
Re: Re:
"False Dichotomy, amazingly, works on some people."
It's honestly become so bad that today if I hear about a proposal meant to stop or mitigate child abuse I automatically assume it's an attempt to push through malicious legislation meant to further the cause of bigots, control freaks with dictatorial aspirations, and/or copyright cultists.
I say anyone in public service found to invoke emotive aerguments as part of deceptive practice needs to be publicly flogged, blacklisted from future government service, and have the bullet point "LIAR" added to their public record.
[ link to this | view in thread ]
Re: Let's not forget...
"...they have no leverage to not give it to "the authorities" in $insert_hellhole_dictatorship_here."
They won't have to give it. A master key will be such a precious commodity the one in the position of holding it will receive a phonecall offering him the choice of handing over the master key and receive a few million in cash, or watch a video of his children being tortured and killed.
And that's assuming it isn't just silently lifted by the same team of crackers who released the wcry ransomware.
The master key will quietly leak almost instantly and become the property of anyone willing to pay hard cash for it. This is given.
[ link to this | view in thread ]
Re: Re: Let's not forget...
Stuff like that is super easy to lift too. You can download the software for free off the internet.
[ link to this | view in thread ]
Last time we gave them keys....
Example number one of why the government cannot be trusted with the keys to anything, be it your luggage or the encryption on your phone:
https://lock-picking.wonderhowto.com/how-to/is-why-your-tsa-approved-luggage-locks-are-useles s-0164446/
[ link to this | view in thread ]