back to article A backdoor into Skype for the Feds? You're joking...

Heavyweights of the cryptographic world have lined up behind a campaign against proposed US wiretapping laws that could require IT vendors to place new backdoors in digital communications services. Technical details are vague at present, but the planned law could mandate putting wiretap capabilities in endpoints to cover …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    I wonder what terrorist threat will be dreamt up next to get this legislation over the line...

    1. Anonymous Coward
      Anonymous Coward

      I heard that terrorists are trying to recruit people by using porn!

      Therefore, we should ban porn!

      1. Yet Another Anonymous coward Silver badge

        Or we should mandate a federal law enforcement back door

      2. Thorne

        " I heard that terrorists are trying to recruit people by using porn!"

        No. The Islamic nutters hate porn therefore we have to encourage more porn (plus beer and bacon)...

    2. Wzrd1 Silver badge

      The next threat is that Big Brother's safety is threatened by unknown terrorists who SMS text one another to coordinate their attack that will stop the Oceania from conquering Airstrip One.

    3. Fatman
      FAIL

      RE: get this legislation over the line...

      More likely some bastard will spout "Think Of The Children!!!" as the excuse for this.

  2. Anonymous Coward
    Anonymous Coward

    Time for open source peer-to-peer

    Time for platform independent peer-to-peer instant messaging software, VoIP software, and (for the heck of it) email software, to run on every major PC & phone OS.

    1. Charlie Clark Silver badge

      Re: Time for open source peer-to-peer

      You might want to give Bitmessage a look.

      1. This post has been deleted by its author

    2. Euripides Pants

      Re: Time for open source peer-to-peer

      https://dukgo.com/blog/xmpp-services-at-duckduckgo

  3. Magister

    Almost too damned depressed to think about it

    Call me Mr. Cynical, but I assume that there is always a back door in any given system. It may have been put there for the best of reasons, but it will be exploited and abused; and usually by people that insist it is for our own benefit.

    @ AC 11.11 GMT - if you don't use these systems, you must have something to hide and therefore be a terrorist?

    1. BillG
      Happy

      Re: Almost too damned depressed to think about it

      I agree - and this always makes me laugh, because it's like in poker, weak is really strong, and strong is really weak.

      The FBI argue the net is “going dark” to them, thanks to encryption technologies which render valid wiretapping warrants useless.

      FBI: YEAH, uh, hey look, um, we can't read your encrypted communications, nooooo sir, so, uh, go ahead and write all those messages because we (cough) can't read them. Nope. La de da, la de da...

  4. Mr C
    Black Helicopters

    In the name of the big and bad terrorism threat, where each and every foreign state is perceived as potential (future) threat, all is permitted.

    Everyone opposing this is not very patriotic and must therefore be a terrorist.

    Its a case of 'if you're not with us, you're against us', simple really.

    1. Matt Bryant Silver badge
      Facepalm

      Re: Mr C

      "In the name of the big and bad terrorism threat, where each and every foreign state is perceived as potential (future) threat, all is permitted....." So, are you denying that there is any terrorist threat or that you don't think they use encrypted coms? Try taking off the trendy ideological blinkers and learning a few home truths - they're not just using OTS products like PGP, they're writing their own (http://www.pcworld.com/article/142149/article.html, http://www.wired.co.uk/news/archive/2012-05/03/how-al-qaeda-hid-secret-docs-in-a-porn-video, http://www.schneier.com/blog/archives/2013/02/new_al_qaeda_en.html).

      As to those that think importing foreign opensource software is a good idea, I'm sure the FBI would agree - it would be the equivalent of one person in a crowd wearing a shirt saying "Look at me, I'm doing evil!" All the FBI/NSA have to do is record the encrypted stream (they can claim reasonable grounds), arrest you and then get a court order for you to decrypt it or go to jail for contempt. After the first dozen or so anarcho-liberal twits have gone down "to prove a point" I would suspect the popularity of said opensource software to dip sharply.

      1. Vector

        Re: Mr C

        "it would be the equivalent of one person in a crowd wearing a shirt saying "Look at me, I'm doing evil!" All the FBI/NSA have to do is record the encrypted stream (they can claim reasonable grounds), arrest you and then get a court order for you to decrypt it or go to jail for contempt."

        I'm no legal expert, but I don't think that would pass constitutional muster any better than arresting the guy just for wearing your "I'm doing evil" shirt would.

        1. Matt Bryant Silver badge
          Facepalm

          Re: Re: Mr C

          "I'm no legal expert, but I don't think that would pass constitutional muster....." Please feel free to put it to the test. You could get someone in Pakistan or some other NSA/FBA hotspot to start sending encrypted messages to you and see what happens, and I'm sure helpful types like the ACLU would be racing to your defence. But don't be surprised if that comes after the police have raided your home, your office, interviewed all your friends, colleagues and family, and whilst you're in an orange jumpsuit and sharing a cell with someone probably not too wonderful whilst your family scrabbles to seel stuff to make your bail.

      2. xpusostomos

        Re: Mr C

        There are ways to encrypt stuff so that you can plausibly deny you have the ability to decrypt it any more.

      3. Anonymous Coward
        Anonymous Coward

        @Matt Bryant

        I think he might be arguing that where discussion of 'terrorism' is concerned, truth, reason and proportionality went for a long walk years ago and rarely feature in any current debate on the topic. If the FBI is screaming for something, it doesn't mean that the reason they want XYZ is the one stated, or if it is, that there won't be plenty of mission creep that will leave the population wondering whether worrying about terrorists actually wasn't safer than living in fear of state organs with way too much power. As to the ideological argument; the swivel eyed right wing nutjobs are the arsewipes using 'terror' for everything from getting kids to eat their greens to selling overpriced security kit that doesn't work to stopping Joe Public photographing trains, etc, etc.

        I've spent plenty of time in places where blowing things up as protest is something of a national sport, but it's always the implacable gents with the suits, shades and the weight of the state's ideology du jour behind them that make me really fucking nervous.

        1. Matt Bryant Silver badge
          Stop

          Re: @Matt Bryant

          Whilst I'm generally in agreement with the idea a lot gets passed simply because it has "counter-terror" tones, I have to point out your accusation that " the swivel eyed right wing nutjobs" are the source is simply too silly for words. For a start, in the UK, the years of Tony Blair's and then Gordon Brown's Nu(t)Labour showed the Left is much more determined to trample on rights than the Tories (remeber the ID cards fiasco?). In the US the Dummicrats have proven just as adept at using their powers as any of the Bush administartions (for example, Obambi has upped the number of drone strikes, and where do you think they get the targetting info from?). And let's not get started on the good ol' USSR and friends and their histories of "the end justifies the means, Comrade".

          1. Anonymous Coward
            Anonymous Coward

            Re: @Matt Bryant

            "For a start, in the UK, the years of Tony Blair's and then Gordon Brown's Nu(t)Labour showed the Left is much more determined to trample on rights than the Tories (remeber the ID cards fiasco?)."

            The Blairites were so far right in the Labour party that they made many of the Tories look decidedly liberal.

            That is not to say that extreme left wing of the Labour party aren't conservative ( small 'c' ) about most things. The Labour Party for decades were a bit like the CofE - many of their members had forgotten the original guiding principles of equality and tolerance.

          2. Anonymous Coward
            Anonymous Coward

            Re: @Matt Bryant

            "I have to point out your accusation that " the swivel eyed right wing nutjobs" are the source is simply too silly for words"

            Sorry, perhaps my "silly" bit of childish venting trivialises swivel eyed right wing nutjobbery too much. I think most here would understand who was being referred to, and as my fellow AC commentard points out Blair and crew were every bit as right wing, as Perle, Feith and co. You make the mistake of assuming the simplistic political labels bandied about entirely define the content - politicians seem to use 'left' (especially) and 'right' more as advertising slogans than statements of intent these days.

            I still fail to see your point though. Anyone with an immutable fixed ideology that requires that they remake the world in the manner in which they THINK it should work ought to be suspect, and in UK terms that covers the entire current political mainstream. All political flavours subscribe to the idea of enabling big business to make pots of cash, irrespective of social consequences or geopolitical fallout, and will happily spin anything that moves to shift public opinion/expectations and make black look like a nice shiny white. Political spokestypes of any hue serving up 'terrorism with everything' is invariably a grotesque distortion of the facts to suit their own ideological ends, with the inevitable punted solution ("That's why we...) either amounting to handing a pile of cash to big business or ratcheting up state intrusiveness. Ideological obsession will kill us all, whether or not its labelled 'left' or 'right'.

            1. Matt Bryant Silver badge
              Facepalm

              Re: AC Re: @Matt Bryant

              ".....Blair and crew were every bit as right wing...." Perfectly true, it is very obvious that Blair was not a die-hard Leftie for the simple fact he was electable, some of the Party having realised they needed to hide behind a veneer of Centralism if they ever wanted to get enough public appeal to get back into No. 10. But they've fixed that and let control of Labour fall back into the hands of the unions, and their puppet Ed will ensure they remain unelectable for a good many years. Enjoy!

              In the meantime, anyone thinking about using an off-the-shelf encryption tool might want to consider a simple fact - The Man (as you no doubt refer to the authorities in your paranoid fantasies) has had the capability to monitor website traffic for years. They can sit there and watch Abdul Wannabe Jihadi logging in from Birmingham to killthekaffir.com and log his every click - do you seriously think they haven't been watching the encryption vendors too? Ever wonder why AQ stopped using PGP and started writing their own encryption tools? DUH!

  5. Anonymous Coward
    Anonymous Coward

    So glad I only use IRC.

    1. Anonymous Coward
      Anonymous Coward

      Yeah, because there is no way that IRC traffic could be intercepted... Err...

      1. Anonymous Coward
        Anonymous Coward

        Perhaps, but at least there I can make a joke about blowing up Robin Hood airport without the Gestapo kicking down my door the next morning.

      2. Suburban Inmate
        Facepalm

        @ AC 12:27

        Yeah, because there is no way that IRC traffic could be encrypted...

  6. Shasta McNasty
    Pirate

    Tin hat

    Given how badly the Government manage the security of their own systems, how long would it be before this access was misused by someone else.?

  7. Paul Crawford Silver badge

    Call me cynical, but I suspect a lot of the moves towards security by Joe Public for communications have been driven by the uncovered abuse of surveillance powers by all sorts of governments and companies/RIAA types.

    1. AdamT

      Well, that's kind of what happened in the UK when the head of the Association of Chief Police Officers wrote to all the police forces to tell them to calm down on the whole harassing people taking photos thing. His motive wasn't that it was wrong or even illegal (in some cases) but that "the public" were actually starting to check what their rights really were ...

  8. DrXym

    Shades of clipper

    A smart phone is more than capable of running an app that offers end to end encryption as well as hiding which two devices a conversation or data transfer was occuring between. Security services might be able to glean some information about the call with traffic analysis but not the actual content.

    Seems like little gain for such an odious law. A law which is bound to encounter serious domestic opposition and one that foreign companies and open source projects would actively circumvent.

    It also reminds a bit of the clipper chip, an encryption chip that used a weak cipher and a key stored in escrow so security services could conduct surveillance of voice traffic. That particular plan fell on its backside after widespread opposition and I hope the latest efforts do too.

  9. InsaneGeek
    Unhappy

    Is this the 90's again?

    Wasn't legalized fed wiretap ability the argument Clinton made about the clipper chip back then? Let it die already.

  10. Graham 32

    And then...

    Of course the next law that will have to be introduced is the one making it illegal to use any communication system that doesn't have a back door. "Oh, you were using that fancy foreign encryption system no back doors. I sentence you to 10 years!"

    1. Anonymous Coward
      Anonymous Coward

      Re: And then...

      "Of course the next law that will have to be introduced is the one making it illegal to use any communication system that doesn't have a back door."

      The precedent for that law already exists in the UK. On certain police investigations - if you can't provide the key to an apparently encrypted file then it's a criminal offence. I believe it is a two year jail term. Doesn't matter if they do not find any evidence of the original suspected crime.

      1. DrXym

        Re: And then...

        "On certain police investigations - if you can't provide the key to an apparently encrypted file then it's a criminal offence. "

        Certain crypto products like TrueCrypt provide a measure of deniability by offering a shadow volume functionality. Basically two keys work on the same data, one leading to the real data and one to the fake data. Providing your data is sufficiently "sensitive" but not incriminating you can disclose that key and the cops and CPS would be hard pressed to convince a judge you had not complied. e.g. fill the phony volume with pictures of your knob, suicidal thoughts, scans of your bank statements or anything else someone might wish to keep secret but of no relevance to the investigation and give it up when requested.

        I doubt it would be easy to do in the context of a realtime conversation on a phone though. The device would have to generate and throw away the session keys so it was utterly impossible for someone to give them up even under duress. Additionally perhaps the app itself could make "phantom" connections between nodes mimicking real traffic, or act as a proxy between other nodes (a la freenet) as another form of deniability.

        1. Anonymous Coward 15

          Re: And then...

          If they suspect you of something and you're using Truecrypt, they will suspect the hidden volume is present.

          1. JimmyPage Silver badge
            Big Brother

            they can suspect all they want

            they can't *prove* it. That's the whole point. Although in the UK, the Home Secretary can lock people up without proof, so it's a redundant exercise.

            1. Matt Bryant Silver badge
              Happy

              Re: JimmyPage : they can suspect all they want

              "they can't *prove* it....." Yes they can. All they need is a surface level scan of the drive and a professional to stand up in court and say "Yes, M'Lud, that pattern does not look randomly generated, therefore I believe the accused has a hidden partition they did not admit to and that they tried to hide, in contravention of the court order issued by yourself to oblige him to do so." Game over, do not pass go, do not collect your £200 in Bitcoins, just go straight to jail.

              1. Invidious Aardvark
                WTF?

                Re: JimmyPage : they can suspect all they want

                So they can look at the randomn data generated by Truecrypt to fill the empty space when the volume was created and tell the difference between that and the random-looking data generated by encrypting a file and writing it amongst that random data?

                That's one hell of an expert you have there.

                With respect, that sounds like a piece of Star Trek "insert technical stuff here" script. You've used a technical phrase and followed it with your required conclusion but it is, in non-geek parlance, utter bollocks.

                1. Matt Bryant Silver badge
                  FAIL

                  Re: JimmyPage : they can suspect all they want

                  "So they can look at the randomn data generated by Truecrypt to fill the empty space when the volume was created and tell the difference between that and the random-looking data generated by encrypting a file and writing it amongst that random data?...." Nope, all they need is an expert prepared to SAY it looks like an encrypted volume, which then makes it your word versus that of the coppers, and guess which way the average judge and jury will lean after the prosecutor has done a good job of slinging mud at your rep? The coppers don't even have to PROVE there is an encrypted drive anywhere, just that they REASONABLY SUSPECT (the actuall RIPA Part 3 Section 49 uses the phrase "believes, on reasonable grounds") there is one. They serve a Section 49 notice and the onus effectively shifts to the accused to prove there is not an encrypted partition or give up the key(s). Any info they can find to make it look like you have played with encryption (such as showing that someone from your IP address visited www.truecrypt.org, for example) just adds to their case. Having an encrypted volume inside an encrypted volume is just asking for trouble as it shows you are actively trying to hide information, giving the prosecution a stick to beat you with in court.

                  You may wish to consider the case of the animal rights activist convicted under RIPA, who insisted she did not even have any encrypted info on her PC (http://www.theregister.co.uk/2007/11/14/ripa_encryption_key_notice/).

              2. DrXym

                Re: JimmyPage : they can suspect all they want

                ""they can't *prove* it....." Yes they can. All they need is a surface level scan of the drive and a professional to stand up in court and say "

                Then you wheel out your own expert who says how full of crap theirs is. That Truecrypt is a popular, free and ubiquitous tool that it's a considerable effort to set up a shadow volume, that they've offered no evidence that there is one, that the effort required to make one renders the presupposition highly questionable and that if there is a shadow volume it would be virtually impossible to test because of the way the software functions.

                Then you get your defence to reiterate that the defendant has been completely forthcoming during the whole investigation and the only reason he initially refused to disclose his password was the highly personal nature of the "my genital wart pictorial diary" content on the volume which he subsequently relented to show and he knows nothing about the arms smuggling allegations the prosecution is on about.

                1. Matt Bryant Silver badge
                  FAIL

                  Re: JimmyPage : they can suspect all they want

                  "......Then you wheel out your own expert...." DUH! Apart from the fact you don't get the chance to with a Section 49 notice until AFTER it hits court, you are forgetting that they are not going to come at you with nothing, they will have a REASON for turning you over, such as your dim-witted association with types like the Anons, Lulzsec, ALF, or other dross, or your habit of visiting certain websites. They do not randomly turn up and accuse anyone of having an encrypted drive, it is usually a case of "during our investigation of a serious crime we came upon information leading us to suspect that Mr X was involved, the nature of his involvement including safekeeping information in an encrypted partition on his PC". By the time they get round to requesting a notice they will have enough info to get the notice in the first place, which means they already have dirt or the inference of dirtiness on you. It will not be a case of "dear Mr Clean, please give us your keys", it will be "the accused, suspected of crime X (paedophilia/terrorism, delete as required)". If you have a history of visiting AQ-sympathetic or ALF-linked or padeophilic websites then your pretence of a genital wart pictoral diary will be a very obvious attempt at deception. Please try and understand that the coppers are not as stupid as you may want to believe.

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: JimmyPage : they can suspect all they want

                    "Please try and understand that the coppers are not as stupid as you may want to believe."

                    It isn't their intelligence that is suspect. It is the corrupting nature of their environment that makes them believe the worst of anyone who crosses their path. Once they fixate on a name then they tend to become convinced that "no evidence" means it's a very clever criminal. Accordingly there is then a very human tendency to spin anything they can. At worst they "find" some specious evidence in the hope that something more solid will appear.

                    There is also a tendency when the stakes get high to coerce suspects and witnesses in ways that PACE doesn't catch. Veiled threats ensure that law-abiding people in their right minds don't complain to the authorities - especially about "false arrest". After much frustration with the protections for innocent people in our laws - then "the end justifies the means" mindset starts to take hold.

                    How many times have you seen a developer or an engineer flailing about on a problem because they are convinced they already know the answer? Their mind becomes a narrow focus that doesn't see contradictory indicators - or worse they discard conflicting facts. They grasp at straws. Fortunately you can't lie to machines or Nature. The Laws of Physics won't change just because it would be nice for a theory.

                    The Courts of Justice are no so deterministic and can be persuaded that 2+2=5.

          2. DrXym

            Re: And then...

            "If they suspect you of something and you're using Truecrypt, they will suspect the hidden volume is present."

            They can suspect all they like. Convincing a judge is another matter, which is why it might be a good idea to make the fake volume as sensitive and personal as possible. Just not incriminating.

  11. heyrick Silver badge

    Time to introduce protocols that actually ask you to verify...

    ...that the site you are connected to really is the site you think it is.

    SSH to my server does, https to my bank doesn't. Sure, it has the name in green, but for how long can we trust this?

    1. Michael Wojcik Silver badge

      Re: Time to introduce protocols that actually ask you to verify...

      SSH to my server does, https to my bank doesn't.

      What advantage do you think SSH has over SSL/TLS in verifying the identity of the peer?

      I've seen plenty of people accept SSH fingerprints without doing anything to verify them, in which case they have no verification of peer identity at all. Even if you do verify the fingerprint against some record, all you're doing is relying on the security of the channel that delivered that record of the fingerprint for confirmation of identity.

      The X.509 certificate chain used to verify identity has many problems, particularly given 1) the dreadful state of public PKI, and 2) the way OSes and applications are stocked with root certificates from all sorts of untrustworthy CAs. But it's not an inherently less-secure mechanism than SSH, and in fact it has a wide range of potentially useful features and is significantly more flexible, as well as enabling a far more scalable infrastructure.

      As for asking the user to manually verify the peer's identity - there's no reason why an application using SSL/TLS couldn't always display the certificate chain and ask the user whether it should proceed with the conversation. None do, because users would just be annoyed and click through without checking. But it'd be easy enough to create, say, a Firefox add-on to do this, if you really want to.

  12. Christoph
    Black Helicopters

    Watch out for foreign governments

    "any backdoor would be open to abuse by hackers, including foreign governments"

    The government of the USA *is* a foreign government. Why should they have backdoors into software used in other countries, which judging by their past performance they are guaranteed to massively abuse?

    1. nuked

      Re: Watch out for foreign governments

      *cough* .. Autorun .. *cough* ... Siemans ... *cough* SCADA....

    2. Thorne

      Re: Watch out for foreign governments

      "The government of the USA *is* a foreign government. Why should they have backdoors into software used in other countries, which judging by their past performance they are guaranteed to massively abuse?"

      Cause the Chinese are beating them at their own game. If you can't beat them, cheat...

  13. Kevin Johnston

    I despair

    Once again the low hanging fruit is selected because the more probable routes (PAYG mobiles etc etc etc) are too hard or too numerous to deal with.

    Do they really expect us to believe that the real terrorists are even less intelligent than their Hollywood representation? Just how hard is it to work out that if you use real names and objectives then you may get caught?

  14. Tom 35

    I thought that was why they said not to buy Chinese network gear

    Oh, it;s not that it has a foreign government mandated back door, they just think it's the wrong foreign government.

    It will work as well as when the US was trying to block export of encryption. You had to fill out a form to get 128 bit IE. A joke and a pain for US companies at the same time.

  15. Anonymous Coward
    Anonymous Coward

    It's a shame there is no longer any way to convey secret messages

    Incidentally, the yellow dog howls at the new moon. I repeat, the yellow dog howls at the new moon.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's a shame there is no longer any way to convey secret messages

      And the primroses are blooming in spring...

      1. Kevin Johnston

        Re: It's a shame there is no longer any way to convey secret messages

        but I thought the great whale waketh in the deeps, are you sure about those primroses?

  16. Miek
    Big Brother

    "We are, therefore, living in a golden age of state surveillance."

    1. Rattus Rattus

      Re: "golden age of state surveillance"

      And that lovely golden colour is accompanied by a soft trickling sound.

  17. sandman

    Speechless (it's safer)

    Somewhere the ghosts of Beria and Eichmann are laughing and laughing and laughing...

  18. Anonymous Coward
    Anonymous Coward

    Trust who ? ROFL

    " .. those who trust US government agencies not to abuse increased wiretap powers. " Anyone ? All i hear is crickets in the back of the hall .. For those of us who are sane and have been keeping with recent events , IRS , AP wiretapping and now FOX reporter events , trusting the US gov and agencies is a no go from the start. Some days i wonder if the only way to have a secure communication won't be to start using dial-up like in the old days ,machine to machine directly and using as strong encryption as it's possible. The internet as per such is as far as privacy is concerned , a nightmare that will only get worse. Maybe the real future lays in old tech revisited . Strongly encrypted peer to peer over a wired telephone network.

  19. Sir Runcible Spoon

    Sir

    "The FBI argue the net is “going dark” to them, thanks to encryption technologies which render valid wiretapping warrants useless."

    Perhaps they shouldn't have abused the power so much that encryption has become widespread to the point where my Mum has heard about it and knows how to use it.

  20. FreeTard
    Thumb Down

    Won't work in the EU

    We have a little thing called data protection. Any company that has a back door which snoops on personal data will not be allowed to operate in the EU. No company in their right mind would kill their biggest market.

    Not to mention the lost good-will. Craziness.

  21. Anonymous Coward
    Anonymous Coward

    I for one, am quite relaxed about all this ...

    personally, my view is if they want more data, let them have it. Masses and masses. And then let them drown in it. Even with the most sophisticated algorithms and fastest machines, it's going to take some time, hours, then maybe days[1] to query the petabytes upon petabytes that the state is hoarding. And that is if it was all in one place, which it isn't.

    My prediction ? If they keep on slurping data at this rate[1] then we will start seeing more successful terrorist outrages[2]. The law of unintended consequences. If only someone had warned them - oh, hang on, they did.

    Anyway, as a sage observer pointed out years ago, if you want to defeat the massed ranks of spook eavesdropping, then faxing handwritten Arabic notes is a good start.

    [1]Of course the amount of data will just grow and grow as a function of time.

    [2] Remember the 7/7 bombers were already in the frame when they blew themselves up. How many more are being missed, whilst HMG farts around with IP logs et all.

  22. Pirate Dave Silver badge
    Pirate

    YEAH, BABY!!!

    "The FBI argue the net is “going dark” to them, thanks to encryption technologies which render valid wiretapping warrants useless."

    That's Liberty at work. Warrant is useless because of encryption? Boo-hoo, I'll cry you a handful of tears.

  23. Don Jefe

    Realistically

    If you are or become a person of serious interest your communications are already severely compromised no matter what precautions you take. Putting in mandated 'back doors' only enables fishing expeditions for fairly petty things like drug trafficking and school district fibbing and provides a massive weak spot for serious bad guys to exploit.

    If the back door is mandated is it still a back door? Wouldn't it be more of a service entrance or side door?

  24. johnck

    one for the fraudsters

    Think about this for a second. A transaction appears on your credit card statement that you don’t recognise, so you call your bank only to be told it was authorised by PIN so you must have done it. Now you have to fight to get your money back as even though we know it’s possible to hack chip and pin all banks deny it. With this new law there must legally be a hole in all encryption methods used, the bank can’t say chip and pin can’t be hacked as legally it must have a hole in it so they must refund the transaction.

    Of course this law will only apply in America and they haven’t got chip and pin yet, but if the American system legally must have holes then the whole worlds baking system is broken, unless the rest of the world cuts America off.

    1. Sir Runcible Spoon
      Coat

      Re: one for the fraudsters

      " the whole worlds baking system"

      isn't that where they keep the dough?

      Doh! ...going

  25. silent_count

    I can see the future

    Schadenfreude: (n) the reaction from the rest of the world after the Yanks start crying about "hostiles" using US government-mandated backdoors against them.

  26. Jerky Jerk face

    If you are worried about that, what about firmware coded remote desktop/stream chips in your motherboards - its already happening.

    If they can stream your HD screen at any time - what you use to encode the actual data packs in whatever program is completely irrelevant!

    /tinfoilhat/

  27. Puzzeled European
    Black Helicopters

    Skype gives me the creeps!!!!

    True story.

    A couple of days ago, I get this call from a client whining that is printer wasn't working, "a friend has tried it and said it was ok, but I still cant print"

    So there I go and to my utter surprise and horror after 20 min of puling nobs and pushing wires realize that whenever skype was turned on and logged in the printer would freak out and stop printing, just to restart printing the moment you turned skype out.

    Was skype calling home? I have no idea, nor did I have wireshark with me to check out, but as we say here “No creo en brujas, pero que las hay, las hay"

    So when something fishy happens in your computer, just check if skype is on before you call the PC repairman.

  28. Jim Wilkinson
    Black Helicopters

    Precedence for this?

    I recall that during the London street riots, mobile security was lowered specifically for BBs so the bobbies could track the rioters. Also, it produced evidence for the prosecuters to use in court.

    1. heyrick Silver badge
      Stop

      Re: Precedence for this?

      There's a difference between a network and the police reacting together in the midst of a mass disturbance...

      ...and baking in back doors as standard.

  29. flibbertigibbet
    Devil

    The sooner the better

    Introducing this legislation won't change anything, any more than introducing legislation allowing the NSA to put mass taps into AT&T's exchanges didn't change anything. They were already doing it.

    Likewise anybody who thinks communications that passes through a central choke point (Microsoft, I'm looking at you with Skype traffic) that can decrypt it won't be decrypted is living on a different planet to me.

    To put it another way, Companies that advertise snake oil like secure communications will have a new road block in their path. If this legislation passes they effectively have to claim they are breaking the law. Hopefully that will make a debacle like Hushmail a lot less likely.

    That's got to be good, surely.

    Oh, if you really want secure communications, it isn't hard. You just need end to end encryption implemented in open source software. That's another thing this legislation will make plain - at least to those who think about it.

This topic is closed for new posts.

Other stories you might like