back to article Senator: Backdoor for the Feds is a backdoor for hackers

A US Senator is urging Congress to pass laws forbidding Uncle Sam's spies from forcing software and hardware makers to build backdoors. In an op-ed posted in the LA Times, Sen. Ron Wyden (D-OR) said that there was no safe way to build backdoors into phones, tablets, computers and software without exposing them to hackers to …

  1. Anonymous Coward
    Go

    Hooray for progress!!

    "Sen. Ron Wyden (D-OR) said that there was no safe way to build backdoors into phones, tablets, computers and software without exposing them to hackers to exploit."

    One Senator "gets it"--only 99 more to go!!

    (Then we can start on the 435 guys and gals in the House of Representatives)

    1. asdf

      Re: Hooray for progress!!

      But you see its smart for the US to build back doors because our 3rd world enemies are so much more vulnerable to cyber infrastructure damage than the US is right? Ask Sony if it wants to see more backdoors (though they created plenty of their own). Such idiots.

      1. tom dial Silver badge

        Re: Hooray for progress!!

        As far as I know only FBI Director Comey (in the US) has expressed concern about cell phone encryption that lacks a capability for law enforcement access based on a warrant, most of which would be issued by state or local courts. And the notion that nations outside the US would allow the sale of equipment secured by US mandated encryption is quite absurd.

      2. Ian Michael Gumby
        Black Helicopters

        Re: Hooray for progress!!

        Why try to hack the back door when the front door is usually open and if not, very easy to pick the lock.

        Sorry, the Senator doesn't get it.

        He just took some money from a lobbyist who works for a company that doesn't want to be forced to include a back door for the government...

        The truth is that you could very easily design and implement a very secure 'back door' for the spooks that is more secure than the front end...

        More noise than anything...

        1. Anonymous Coward
          Anonymous Coward

          Re: Hooray for progress!!

          "The truth is that you could very easily design and implement a very secure 'back door' for the spooks that is more secure than the front end..."

          ORLY? The day someone claims that is the day one should abandon that company, because you're discussing a physical impossibility. The problem is quite simple. The mere existence of the door allows for the possibility of someone you don't like taking advantage of it. There are three extreme cases: someone takes explosives to the hinges, someone steals/copies the key(s), or one of the (minimum one) trusted parties is subverted. And this is in a world where just one breach is game over. So IOW, the only way to be "very secure" is to be "perfectly secure". How would you go about it?

    2. king of foo

      Re: Hooray for progress!!

      How about we "rename" stuff like this to make it easier for people to "get".

      E.g. backdoor = arsehole

      "The NSA want to 'tunnel in' through our arseholes to find and catch terrorists"

      (So that's where they've been hiding! Might find some WMDs in there too while they're at it...)

      The tabloids would love this.

      1. LucreLout

        Re: Hooray for progress!!

        How about we "rename" stuff like this to make it easier for people to "get".

        If you also swap "tunnel in" for "gain access" it'll be simpler for the press.

        "The NSA want to gain access through our arseholes to find and catch terrorists"

        Nobody is going to want that, and fewer senators would wish to publicly vote to allow it.

    3. Michael H.F. Wilkinson Silver badge
      Thumb Up

      Re: Hooray for progress!!

      Pleasant and rare surprise to hear this level of sense from a politician (of any nation, I hasten to add)

  2. asdf

    hmm

    Bets here in the next six months poor Ron Wyden is going to find himself in some type of an embarrassing scandal? Noble stand but unless it directly benefits Wall St. financially (actually does but they won't see it) its not going to get passed.

    1. kainp121

      Re: hmm

      I was thinking he was going to have a fatal accidence or some rare form of cancer.

      1. Anonymous Coward
        Anonymous Coward

        Re: hmm

        > ... a fatal accidence or some rare form of cancer.

        Sounds like polonium time!

        1. Ian Michael Gumby

          Re: hmm

          >> ... a fatal accidence or some rare form of cancer.

          >Sounds like polonium time!

          This is America not the glorious USSR!

          The CIA isn't skillful enough to do something like polonium.

          The senator is a democrat so its either going to be a sex scandal (with a male page) or one of graft.

      2. Anonymous Coward
        Anonymous Coward

        Re: hmm

        I was thinking he was going to have a fatal accidence or some rare form of cancer.

        Why? As they say in Polonium producing countries: "А Васька слушает да ест".

        There is no direct English translation - this refers to the cat from the La Fountaine (Krylov's retelling) cat and cook fable. The cook may continue to chastize the cat which has stolen some bacon. The cat will, however listen while continuing to eat. And do it again.

        1. Anonymous Coward
          Anonymous Coward

          Re: hmm

          While I concur with your sentiment, the main polonium producing country is largely English speaking. Those atom bombs don't regenerate their polonium/beryllium gadgets all by themselves, you know.

    2. veti Silver badge
      Holmes

      Re: hmm

      The threat isn't that great.

      If the feds can't "mandate" back doors, they'll just have to go about other ways of creating them. Such as subverting the design teams making the products. You know there's always a zillion "reasons" to create a backdoor in any tech product, right? - and it's an exceptionally strong-minded company that turns down all those temptations. It would only take a slight weakening...

      Or alternatively, it could buy them. Make a list of companies who co-operate and those who don't, and make sure those multi-billion-dollar gov't contracts go solely to the A-list. That wouldn't be difficult, heck it wouldn't even be underhanded, and it would be extremely effective.

      Really, Wyden is trying to whack a mole here.

      1. Anonymous Coward
        Anonymous Coward

        Re: hmm

        "Such as subverting the design teams making the products. You know there's always a zillion "reasons" to create a backdoor in any tech product, right?"

        And if the design team's stationed in a country the US can't influence?

        "Or alternatively, it could buy them. Make a list of companies who co-operate and those who don't, and make sure those multi-billion-dollar gov't contracts go solely to the A-list. That wouldn't be difficult, heck it wouldn't even be underhanded, and it would be extremely effective."

        A security-savvy company could turn that against them and turn it into a selling point: "We do not do government business. We're outside their jurisdiction. That way, they can't interfere with us."

    3. Turtle

      @asdf

      "Noble stand but unless it directly benefits Wall St. financially (actually does but they won't see it) its not going to get passed."

      They see it perfectly well. You have maybe missed the various articles on this site about cloud service providers complaining that the Snowden leaks have damaged their business? Or that various countries are passing laws that their citizens' data must be stored in country and not abroad?

      Did you miss that stuff?

      And considering that this is Ron Wyden, a Google hireling, be sure that his essay and remarks were cleared with Google before being made public. Irrespective of what you think about what he is saying, the *reason* he is saying it, is that it will benefit Google.

      "Bets here in the next six months poor Ron Wyden is going to find himself in some type of an embarrassing scandal?"

      I will take any odds that nothing of the sort will happen. Unless you want to give me some real life examples...

      1. asdf

        Re: @asdf

        >Unless you want to give me some real life examples...

        It was said tongue in cheek but if you want some examples there are plenty of examples of one party waiting until right before an election to drop a bomb shell concerning embarrassing private information about a candidate from another party. Mark Foley being a more recent example. Granted you don't always know how they come about the information but been plenty of shenanigans done inside government over the years including the Pentagon papers (black balling), Watergate, Iran Contra, and even the whole silly Monica Lewinsky business (on both sides). The ultimate example though of the CIA and intelligence apparatus bringing down a president was when they got pissed at Carter and arranged for the Iranians to bargain directly with Reagan to not release the hostages until after he was elected. Granted though Carter wasn't winning that election anyway.

  3. Anonymous Coward
    Anonymous Coward

    Every single company will officially say yes "we have stopped"

    And meanwhile with a secret FISA court order will keep on doing what they were told to do. America as a technical provider and producer of anything involving privacy or security is ending, apart from the internal US market.

    1. tom dial Silver badge

      Re: Every single company will officially say yes "we have stopped"

      What you suggest has no basis in the law, and neither the FISC nor any other court has the authority to do it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Every single company will officially say yes "we have stopped"

        Who says they need the law to legitimize their work. So long as things are kept under wraps in black projects, the law as far as they're concerned is merely ink on a page.

  4. Christoph

    "building a back door into every cellphone, tablet, or laptop means deliberately creating weaknesses that hackers and foreign governments can exploit"

    It also creates a weakness in equipment used by citizens of other countries that the USA government can exploit.

    But the USA has anointed itself world policeman (being so scrupulously honest itself) so those funny foreigners will just have to put up and shut up.

    1. asdf

      >It also creates a weakness in equipment used by citizens of other countries that the USA government can exploit.

      Whole argument seems a bit like chemical warfare and praying the wind doesn't shift.

  5. Anonymous Coward
    Anonymous Coward

    Some hopes

    From my UK viewpoint, great that at least someone in a government on this earth seems to have a half-decent grasp of technology (unlike that grandstander of a Prime Minister of ours) but it looks very much like a voice in the wilderness - and, unfortunately, not a very loud one if it gets drowned out by all the raving idiots advocating "back doors" into all our stuff. Thought this would happen. Introduce encryption. Government then makes encryption illegal. They're supposed to be serving US, aren't they? Doh!

    1. Captain DaFt

      Re: Some hopes

      "They're supposed to be serving US, aren't they?"

      Oh, but they are!

      Serving it on a silver platter to the greedy, the paranoid, and the short sighted.

  6. Marty McFly Silver badge

    This sucks....

    As an Oregonian who is represented by Wyden, I would have expected to see a bit of this on my local news sites. Not a word. I need to go to an overseas news source. It shows just how in-the-dark our media keeps the masses.

    1. asdf

      Re: This sucks....

      Moral of the story: Don't try to engage in a national debate when Sony gets hacked and masses are getting their Hollywood gossip fix from the leaks. Wasn't it great of the FCC to allow three companies to own our media?

    2. Mark 85

      Re: This sucks....

      Marty is right.. no word here in Oregon about this. Pity...

      If ammo is needed about "keeping everyone secure and safe", just look to Sydney. Hell, he was well known by the cops... So what exactly have these agencies stopped? Or are they more like the Department of Homeland Security? They provide every one with a warm fuzzy feeling, poke their noses in everywhere, and have results that are at best, iffy.

      I can understand keeping a eye on the "bad guys", but is every person in the world now considered a bad guy? Or are we all just targets of opportunity. The analogy of a building with a hole in the wall is a pretty good one, IMO.

      </rant>

      1. Ian Michael Gumby
        Devil

        Re: This sucks....

        Sydney?

        Guess what. Police can't be shadowing that nutter 24x7 because he's a nutter and might do something.

        Lone wolfs are dangerous because they are lone wolfs.

        But that doesn't mean that the agencies haven't stopped plots. You have some in the UK that were recently stopped and others in Australia.

        The police and agencies need actionable intelligence. How do you think that they get it?

        As to the hacking of Sony... I guess its one more reason to go see the movie "The Interview". ;-)

        I guess a lot has changed in North Korea since the release of Team America!

        Why hellwro Hans Brix...

        1. strum

          Re: This sucks....

          >The police and agencies need actionable intelligence. How do you think that they get it?

          Mostly by talking to people.

          1. asdf

            Re: This sucks....

            >Mostly by talking to people.

            Bah the US sucks as that in general but especially outside the country because of our arrogance. It so much easier and lucrative to push for high tech signal intelligence and listen in on everyone's business. All about the contracts.

          2. Anonymous Coward
            Anonymous Coward

            Re: This sucks....

            "Mostly by talking to people."

            And if the people who would know about the plot (and who you need to reach) are highly insular and paranoid?

      2. asdf

        Re: This sucks....

        >They provide every one with a warm fuzzy feeling, poke their noses in everywhere, and have results that are at best, iffy.

        Long sentence to say two words - security theater.

  7. Allan George Dyer

    That most rare of species...

    an intelligent, informed politician.

  8. tom dial Silver badge

    Senator Wyden is quite right: a back door is (eventually) a back door for those who pose more actual, as against imaginary, risk for those who use (or should) cryptographic systems in the course of life or business. That said, major data exposures rarely result from cryptographic vulnerabilities or failures; there are plenty of other exploitable vulnerabilities, and one or more of them has been implicated in nearly all of the major incidents. Furthermore, government communication surveillance is not much dependent on cryptographic vulnerabilities, and would not be helped greatly by introducing back doors in cryptographic systems used in the US.

    Senator Wyden's opinion piece is built upon straw men. His recently introduced bill does nothing particularly significant: it explicitly excludes CALEA, which appears to be an open door to law enforcement searches of cell phones and computers. This bill would forbid a practice that has no legal basis now, and is unnecessary. No law that I am aware of limits the use of cryptographic systems in the US, or limits the systems that people may use to those approved by the government, with possible exceptions in commerce or banking. Most users, if not all, are free to choose ciphers as they like, including those developed and analyzed outside the control of any Federal agency or, indeed, outside the US (and Five Eyes).

    Senator Wyden is correct, but nonetheless is a normal grandstanding politician. He may be one of the most vocal on the subject at hand, but it is unlikely that the Congress in the present would enact a law mandating encryption systems with back doors any more than the Congress of 20 years or so ago would mandate use of the CLIPPER and CAPSTONE chips.

  9. james 68

    Mind....Blown....

    Common sense - from a politician no less, I never thought I would live to see this day.

    Especially from an US politician, the majority of which seem to have watched "America: World Police" and thought it was a documentary on best political practice.

  10. Suricou Raven

    A bignore computery generic image from the stock library? Looks like something off BBC news.

  11. Jes.e

    Meanwhile over in processor land..

    I couldn't help but notice a several days old review of the upcoming Snapdragon 810 processor, there is a baked in kill switch as one of its exciting new features..

    "The last big feature of note is an OS-independent kill switch baked in at the hardware level. Legislators are already passing laws that will require smartphones to support remote data wiping and locking to deter both physical device theft and data theft. Android, iOS, and others all support this kind of feature in software, but Qualcomm's "Safeswitch" will add another layer of protection."

    http://arstechnica.com/gadgets/2014/12/a-quick-look-at-snapdragon-810-2015s-first-flagship-mobile-chip/

    There was further mention that this feature was OS independent... [cue chilling chord on soundtrack]

    Flashing your own OS on a device will no longer make it yours.

    1. tom dial Silver badge

      Re: Meanwhile over in processor land..

      Presumably the "kill switch" feature would require OS support for its operation, so the notion that reflashing a device will not make it yours probably is overstating things. The feature, or course, would have been included at the behest of (primarily) state legislatures like those in Minnesota and California who were in a panic over things like cell phone robbery and texting while driving.

      Still, no users, statistically speaking, actually will reflash their devices. Like much technology, this can be used for good or bad, and by either government or private actors, and nearly everyone will remain vulnerable even though the intent was to protect them and the use in nearly all countries will be to do that.

  12. Tom 35

    Almost

    "These agencies spied on huge numbers of law-abiding Americans, and their dragnet surveillance of Americans' data did not make our country safer."

    Substitute People for Americans. Even the people in US who think it is wrong to spy on everyone, seem to think only US citizens have any rights. Every one else is fair game.

  13. LucreLout
    Black Helicopters

    A question...

    ... not a statement.

    Putting all tin foil to one side for a moment, is it legally possible for a nation to have laws that it's public don't know about and courts to enforce them that the public don't know exist?

    It's just a question. Could a closed session of parliament/the senate pass a law that allowed them not to disclose that law or any piggy backed legislation, then set up a court to hold trials which the public are then not informed of?

    I assume not, but why not?

    1. Irony Deficient

      Re: A question …

      LucreLout, speaking entirely hypothetically, the answer is yes, though the response to a writ of habeas corpus (for those nations that have it or its equivalent) would reveal any secret law that the accused was charged with breaking. If habeas corpus were suspended, or the response to such a writ could be evaded or obscured, then the secret law could well remain secret. Historically, I doubt if all trials in the Court of Star Chamber were a matter of public record.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like