back to article Strong non-backdoored encryption is vital – but the Feds should totally be able to crack it, say House committees

A bipartisan House working group on encryption has today come to the conclusion that encryption is vital to US national interests, even as it seeks to mitigate the problem the technology can pose for law enforcement. Citing the Federal Bureau of Investigation's effort earlier this year to force Apple to help the agency decrypt …

  1. Number6

    I guess they could copy the UK and give you the option of providing keys and going to jail once they've decrypted your dodgy information, or not giving them the keys and going directly to jail having saved them the bother of the decryption exercise.

    Because we're all guilty of something, right?

    1. gerdesj Silver badge
      Childcatcher

      "Because we're all guilty of something, right?"

      Or: "and they came for me"

      If you enable Perfect Forward Secrecy on your IPSEC tunnels or any other form of encrypted "thing" that supports PFS then supplying the keys does not enable someone to decrypt that stream of data after the event (probably).

      PFS is a thing, so use it if you are that concerned. It has been a part of IPSEC at least for as long as I can remember (20+ years).

      Cheers

      Jon

      1. Bronek Kozicki Silver badge

        PFS is most useful for data in transmit, but it won't help data at rest and this is what authorities are also interested in.

    2. Paul Crawford Silver badge

      Other option is you make it so the phone's key, for example, is held in an accessible manner internally, but that needs hours of careful, destructive, and expensive time to read out using a scanning electron microscope.

      That way if they REALLY need to get in to a phone they can, but the time and cost and physical access needed makes it utterly useless for panoptican surveillance or fishing trips when someone is stopped for a trivial reason.

    3. Roland6 Silver badge

      The UK position does satisfy the two requirements, namely:

      1. It doesn't weaken the encryption being used.

      2. It addresses the legitimate concerns of the law enforcement and intelligence communities - by placing an obligation on those who retain encrypted data at rest, to retain the keys.

      Naturally fun and games commence when you include hardware in the equation - my encrypted drive is only accessible via a password - that I know. However, my understanding is, that password only works with the TPM chip on a specific laptop as the keys are held in the TPM chip...

      1. Cynic_999 Silver badge

        "

        @Roland6 ... by placing an obligation on those who retain encrypted data at rest, to retain the keys.

        "

        There is no such obligation under UK law. It remains a defence to the charge of failing to decrypt data that you do not have, nor could you reasonably be expected to recover, the means of decrypting the data.

        Like many laws, this law is likely to catch out people who intend nothing illegal, whilst being simple to circumvent by those who do.

    4. scrubber

      Because we're all guilty of something, right?

      Not until sufficient evidence is presented to a court and I am adjudged guilty by a jury of my peers.

      Or did something change while I was away?

      1. Number6

        Re: Because we're all guilty of something, right?

        You're thinking of the old rules. Now you can have trial by media, where you're assumed guilty regardless of the evidence, or the government will engage Rent-A-Clue to provide the evidence required to stitch you up.

        Sorry, is my cynicism showing?

  2. elDog Silver badge

    Ouroboros?

    The keys go in, the keys go out. Alice and Bob are part of the solution and part of the problem.

    The academics devise algorithms, they go to work for the taxpayered interests, they go to work for those that work against these interests.

    In the end, we all discover that there is no such thing as randomness - no such thing as entropy. This is all precomputed with a totally unknowable seed.

    Wormsall.

    1. Robert Moore

      Re: Ouroboros?

      I got it!

      The "unknowable" seed is 42.

      It explains EVERYTHING!

  3. Youngone Silver badge

    Calm down everyone

    It's nearly Christmas, and these people have had a couple of eggnogs, then Bill remembered that bottle of scotch in his office, and then you wind up with this.

    Once the hangover wears off they'll realize what they've done.

  4. MNGrrrl
    Facepalm

    Okay, let's just skip the whole trustworthy or not question. There are over 175 other governments on the planet. I have only one question: Why are they any less entitled to their own backdoors?

    -

    Whether you agree with the government or not, the fact is, there are a couple hundred other governments out there too, what do we tell them?

    1. Trevor_Pott Gold badge

      'MURICA! FUCK YEAH!

      What else?

      1. gerdesj Silver badge
        Childcatcher

        Re: 'MURICA! FUCK YEAH!

        @Trev: I've been squirming recently in light of your, carefully researched and genteel, responses to recent events. In the past you have been a bit more forthright.

        I really enjoy your writing and getting in the thick of it in the forums - that's the sign of a good journo. "'MURICA! FUCK YEAH!" is perhaps not one of your best lines but understandable from a Northerner 8)

        I hope that TREVOR IS BAAAAAACK (tit, wank, fuck, etc)

        Cheers

        Jon off of a small island to the right somewhere

        1. Anonymous Coward
          Anonymous Coward

          Re: 'MURICA! FUCK YEAH!

          @gerdesj

          Trev has probably been doing uppers again, as he professed in a previous comment that he was wont to do.

          1. Trevor_Pott Gold badge

            Re: 'MURICA! FUCK YEAH!

            "Doing uppers"? Whaaaaaaaaaaaaa?

            If by "uppers" you mean "stimulants", then I admit to being comfortably addicted to caffeine, and drinking about 2 ups of coffee each day, with 4 cups on a very bad day. I used to (when I was in grade school) take Ritalin, because I have horrible, horrible ADHD.

            I can take pharmaceutical doses of many stimulants (usually some form of amphetamine) without a "high", thanks to said ADHD - they affect us ADHD folks very differently than they do normies - but I haven't had a prescription for those in like two decades. (And have maybe had an out-of-prescription pill an average of once every two years, usually on extreme ADD days.)

            I use a combination of coffee, meditation and tricks I learned from participating in the early 90's trials on what we today call neurofeedback therapy. (Playing videogames with your brainwaves.)

            So I'm not sure where I "take uppers". Unless you're saying everyone who drinks coffee "takes uppers". In which case, guilty as charged. Coffee is life.

        2. Ken Hagan Gold badge

          Re: 'MURICA! FUCK YEAH!

          "a small island to the right"

          To whose right? Trump's? I doubt it. Perhaps turnwise would be a better description.

        3. Trevor_Pott Gold badge

          Re: 'MURICA! FUCK YEAH!

          @gerdesj I think you'll find my El Reg writing restricted to carefully researched technical articles from here on out. If you want more controversial stuff, creative epithets, discussions about emerging technologies or vendors, etc. then you'll have to hunt my writings on other outlets. No more "Chrome, stop being a RAM-gobbling bug dumpster!", reviews or delving into things I learned working with some new company 'round these parts. There will be a lot more "I encountered this problem and solved it in this manner".

          If you actually want to read me screaming at Microsoft or cheering about things that tickle my inner nerd, you'll have to search out the other places I write, or follow me on Twitter. I really don't recommend following me on Twitter though. I'm largely incoherent and I manage to offend, apparently, everyone. You have been warned.

      2. This post has been deleted by its author

        1. Alistair Silver badge

          Re: 'MURICA! FUCK YEAH!

          @ Grade%

          The long term, self centred, global 'view' of the American congress critters results in most non american folks seeing that 'Murrica, Fuck Yeah! as being the only view they have of the rest of the world. Personally I don't fault Trev for that view. Being as those folks are on our southern border, *and* they've tried more than once to invest manifest destiny, we Canucks have a tendency to keep a close eye on them.

          @Gerdesj

          As a result, for most Canucks, you right pondians are usually on our left.

        2. Stevie Silver badge

          Re: 'MURICA! FUCK YEAH! (4 Grade%)

          "Manifest fucking destiny, assholes. [This translation was brought to you by The Spirit of '49 Corporation -- Providing Significant Keywords since 1800 Zulu hour]"

          There were Americans at Rourke's Drift?

          I remeber Burt Lancaster was at Islwanda, but Baker's men were colonial-free as I recall.

          1. Tom 38 Silver badge
            Headmaster

            Re: 'MURICA! FUCK YEAH! (4 Grade%)

            There were Americans at Rourke's Drift?

            Military timezones

      3. Anonymous Coward
        Anonymous Coward

        Re: 'MURICA! FUCK YEAH!

        GOD SAVE THE QUEEN!

        We mean it, man ...

        Sid.

  5. Winkypop Silver badge
    FAIL

    Hokey cokey

    Ya put the encryption in...

    Ya take the encryption out..

    You do ya time in chokey...

    And ya turns around!

  6. a_yank_lurker Silver badge

    Congress Critters

    So some Congress critters are doing what they are best - "subtracting from the sum total of human knowledge". Mark Twain comment: "Suppose you are Congressman and suppose you are an idiot but I repeat myself"

  7. John Savard Silver badge

    Summed Up Quite Well

    In order for business and commerce to function over the Internet they need strong encryption.

    It can't have backdoors, because the very existence of a back door gives hackers something to attack.

    But totally unbreakable encryption will make life easy for terrorists and child pornographers and who knows what!

    So this really amounts to a statement of the problem; the only difficulty is that it is posed as a statement of the solution, when clearly the three conditions can't be met simultaneously.

    Eventually, though, even Congress will figure out how they can come close to squaring this triangle to get what they want. Yes, the Internet needs strong encryption without backdoors for E-commerce and so that American companies won't have their secrets stolen.

    All right, we'll allow a plug-in for Internet browsers that lets you transmit credit card numbers and things like that using strong non-backdoored encryption.

    And major corporations like IBM will be permitted to use strong non-backdoored encryption for their databases and their internal E-mails so that they can avoid being hacked by the Chinese and the Russians.

    But the great unwashed will not be permitted access to strong non-backdoored encryption for their E-mails or files.

    And how, exactly, is that to be achieved? Well, the good state of South Carolina is pointing the way to the future. Clearly, to prevent unauthorized encryption tools from running on computers, we'll all have to be using an operating system that has an uncanny resemblance to Red Star Linux from the DPRK.

    Oh yes, they can come close enough to getting what they want to satisfy themselves.

    1. King Jack
      Windows

      Re: Summed Up Quite Well

      The OS you need to be running is Windows 10. It key logs and reports directly to M$. If anyone needs to know what is going on a victims computer, just ask M$ nicely. I'm sure any brand of Linux is far safer, Including Red Star Linux.

      1. John Savard Silver badge

        Re: Summed Up Quite Well

        There are two operating systems with the name "Red Star Linux". One probably is safer than Windows 10; it's from South America, and it's a normal Linux distro, just with left-wing wallpaper and stuff like that. The one from North Korea, however, labels every document you create so you can be identified as its source, and does other cute things. Just because it uses Linux source code - probably in violation of some aspects of the GPL - doesn't mean it adheres to the Linux philosophy.

        1. Charles 9 Silver badge

          Re: Summed Up Quite Well

          Last I checked, the fingerprint code is in hardware and separate from the GPL stuff. Compartmentalized, IOW, so all the GPL software is clean but the fingerprints are added on top and in a way that can't be bypassed (thus why it's in hardware).

    2. Pascal Monett Silver badge

      Re: Summed Up Quite Well - But Forgot to Mention One Point

      The point is : America can want its encryption with backdoors, even though it is finally admitting that strong encryption is A Good Thing (TM), but that does not mean that everyone else will follow.

      Actually, you need only one proper, non-backdoored encryption scheme to be available to totally jeopardize every backdoored one, every company connected to the Internet will be under pressure to use that one, because security.

      There are largely enough people on the Internet that are intelligent enough to create a proper encryption scheme and make it available, so that is where we are going whether US Congress likes it or not.

      1. Charles 9 Silver badge

        Re: Summed Up Quite Well - But Forgot to Mention One Point

        They'll just turn to the secret quantum computer in Utah. And no, they haven't developed a practical and robust post-quantum system yet. All the one out now have known flaws or time issues.

        1. Anonymous Coward
          Anonymous Coward

          Re: Summed Up Quite Well - But Forgot to Mention One Point

          "They'll just turn to the secret quantum computer in Utah."

          So in at least one of our futures they will decode the message. What if we live in the others?

          1. Anonymous Coward
            Anonymous Coward

            Re: Summed Up Quite Well - But Forgot to Mention One Point

            Interdimensional communication.

    3. dalethorn

      Re: Summed Up Quite Well

      "But totally unbreakable encryption will make life easy for terrorists and child pornographers and who knows what!"

      Not by a long shot. The existence of an encrypted text by a not-yet-trusted entity raises a red flag, and from there a decision is made whether it's worth pursuing or not. If yes, a sophisticated monitoring goes into effect that gets the data before encryption.

  8. Schultz
    Facepalm

    Why so skeptical?

    All the US Gobmint has to do is offer some multi-million dollar grants to the companies / academics who can come up with that absolutely unbreakable and super-secure crypto that can be only unlocked by the intended recipient and the feds. They'll find many takers for the monies and they can met again a year from now to discuss the progress / shift the goalposts.

    It's called the political process.

  9. SteveK

    Quantum cryptography

    It's both backdoored and non-backdoored at the same time!

    1. bazza Silver badge

      Re: Quantum cryptography

      But only until you observe it, and then it's pot luck as to whether you can read it or not!

  10. Milton Silver badge

    2 + 2 != 5

    I wonder how many times experts have tried to explain the fundamental math of encryption to politicians and law enforcement leaders, and come away shaking their heads in despair?

    The basic problem is that these idiots think mostly in terms of style, appearance and spin - they're like the very definition of anti-scientists - and they become childish and resentful when confronted with simple unassailable facts.

    Politicians: stupid is as stupid does.

    1. Ken Hagan Gold badge

      Re: 2 + 2 != 5

      Nah! The basic problem is that the voting public let them get away with this sort of ignorance in a way that wouldn't be tolerated in other fields. Saying "we want no back doors except for when we do" is really no less idiotic than saying "you can't get pregnant if you're raped, so you must have enjoyed it actually, you slut" and you really can't imagine a politician getting away with the latter statement.

      (Yes, I know, in an ideal world you wouldn't be able to imagine a politician even making the latter statement, but ...)

      1. Andrew Beardsley

        Re: 2 + 2 != 5

        Actually 2 + 2 = 5 (for some values of 2)

        2.4 + 2.4 = 4.8. Working to 0 decimal places, this gives 2 + 2 = 5

        It is always fun puting that into a spreadsheet to show people. Everybody trusts Excel, right?

        1. Charles 9 Silver badge

          Re: 2 + 2 != 5

          "Actually 2 + 2 = 5 (for some values of 2)"

          Or it could just be a gestalt, meaning the end result is greater than the sum of its parts.

      2. Pascal Monett Silver badge

        Re: "you really can't imagine a politician getting away with the latter statement"

        Well I don't know about that. Seems that Trump has already got away with things that are at least similar.

        Let's say we revisit this theme in a year from now, shall we ?

        1. smudge Silver badge
          Facepalm

          Batshit doolally

          Saying "we want no back doors except for when we do" is really no less idiotic than saying "you can't get pregnant if you're raped, so you must have enjoyed it actually, you slut" and you really can't imagine a politician getting away with the latter statement.

          On this side of the pond, they are saying things like "we are leaving the EU, but will retain many of the benefits". Or "there will be no hard border between Northern Ireland and the Republic", even though that will be an EU edge border.

          An analyst in The Times described it well yesterday, by noting that the proposals that even mainstream politicians come up with nowadays are "batshit doolally". Concise, pithy, and 100% accurate.

  11. Doctor Syntax Silver badge

    Pantomime

    "A narrative that sets government agencies against private industry, or security interests against individual privacy, does not accurately reflect the complexity of the issue."

    Oh yes it does.

  12. nijam

    We want to have *your* cake and stuff our faces with it.

    FTFY

  13. Alistair Silver badge
    Windows

    CamelCryption

    It is imperative that we observe the overall circumstances of the variety of US government entities that are expressing positions on encryption. The FBI and "Law enforcement" agencies are running about saying that they *must* have access to encrypted data immediately. The NSA, CIA and other spookgency groups have most definitely not come down the aisle singing the same hymns. Certainly not publicly.

    Many news articles have been written about "KIDDIEPORNPEDDLER" and "TERRORIST" and "ENCRYPTION" and "YOURCHILDREN" and "BOMB" to bolster the FBI and LEA positions about "ENCRYPTION". In fact there was a massive effort when "TERRORIST PHONE ENCRYPTED" by the FBI to have "CORPORATION DECRYPT THE PHONE". Legally they pretty much lost that battle, but they did indeed "FOUND BACK DOOR". Said back door yeilded...... *nothing* of value.

    The FBI, and numerous LEA, have YET to do the one thing that congress will need to have in hand to mount sufficient imperative to change the overall will of the people. That is, to clearly catalogue the cases where terrorists, child rapists and foreign shoe bomb wearing agitators have had to be released without charges because "ENCRYPTION".

    Because. There *are* no such cases.

    Good basic police work, investigation, collation of data, corroboration of evidence will suffice to charge someone in a case. The need to decrypt encrypted data in such cases is to bolster or refine the charges.

    Some have raised the "we know this person kidnapped a child, and hid the kid" issue - the encrypted phone is no more valuable than cell tracking data. And trust me, they can find out where the phone was, and when. Once more, thorough investigation, proper technique and the encrypted information on the phone ceases to be "CRITICAL TO INVESTIGATION" and becomes data presented to the court to bolster the position.

    There are almost no reasons outside of the miracle movie hero situations that are acceptable reasons to give a police officer on the ground the ability to decrypt anything. And THIS is precisely what the FBI and LEAs are asking for.

    As a result the American political system is going to create an encryption solution by committee. Thus the title.

    1. Robert Helpmann?? Silver badge
      Childcatcher

      Re: CamelCryption

      The FBI, and numerous LEA, have YET to do the one thing that congress will need... That is, to clearly catalogue the cases where terrorists, child rapists and foreign shoe bomb wearing agitators have had to be released without charges because "ENCRYPTION".

      I thought that just saying it was so over and over again, very loudly would get the job done. It certainly has worked well in the past. At what point has a passing acquaintance with the facts been a requirement in ramming one's agenda through in a political discussion?

    2. gnasher729 Silver badge

      Re: CamelCryption

      "Some have raised the "we know this person kidnapped a child, and hid the kid" issue - the encrypted phone is no more valuable than cell tracking data. "

      I wonder if there was ever a case where a child was kidnapped, the kidnapper and his victim were in an unknown location, and the kidnapper's phone was found, and it contained information that allowed to help the child. Because that is the scenario where you would legitimately want to be able to decrypt the phone.

      Normally if the kidnapper and his victim disappeared, the kidnapper's phone would be with him.

      For some use cases there would actually be a simple technical solution. An app that produces a random key X which is stored by the phone manufacturer. If you type your passcode into the app, it creates a number Y by combining the passcode with X, and you give that number Y to a person you trust. If there is good reason for the phone to be decrypted and you can't (let's say you are a missing school child), the police asks the manufacturer for the random number X, asks the trusted person for code Y, and the app spits out the passcode. No passcode if the trusted person doesn't trust the police, or if a thief finds Y and cannot convince the manufacturer to hand over X. And all that voluntarily.

  14. Stevie Silver badge

    Bah!

    A perfect synthesis of the two diametrically opposed viewpoints.

    I see no problem funding furher work by this bipartisan working group.

    What?

    1. Anonymous Coward
      Anonymous Coward

      Re: Bah!

      Relax, it's merely a symptom of the conflicting requirements for The Internet.

      No one wants the bad guys to be able to read the good guys' stuff. Yet everyone wants the good guys to be able to read the bad guys' stuff, hopefully stop the bad guys doing something nasty to the good guys.

      The conflict is that all the technology is available to good and bad guys alike...

      One way we as a species have to resolve that conflict is to control who gets to use the technology. If you're a registered good guy - fill your boots, help yourself, just don't lose it or get robbed. If not, no PC/mobile for you. Obviously, that's a wholly unrealistic proposition.

      An alternative is to have carefully managed control of the infrastructure with deliberately weakened comms / golden crypto keys / etc, along the lines of Clipper chip. But that almost certainly means physically isolating a national network from the rest of the Internet to stop foreign bad guys taking advantage.

      Really the only practical move is to make it so that the content at the comms endpoints is accessible (on warrant) to the right good guys.

      1. Dagg

        Re: Bah!

        Really the only practical move is to make it so that the content at the comms endpoints is accessible (on warrant) to the right good guys.

        The issue is "who are the good guys" outside of america it is NOT the FBI, CIA various merician state agencies etc...

        Even inside merica who really trust the government?

        1. Charles 9 Silver badge

          Re: Bah!

          IOW, good and evil are subjective, making the problem intractable. One man's nemesis is simultaneously another's savior, and since access is a black-and-white issue, there's no solution possible; it'd be like trying to figure out if 0.499999.... rounds to 0 or to 1, it's irrelevant because in trying to make infinite shades of gray a coin flip, you lose the essence of the source.

          But at the same time, human instinct gets pretty ugly, and this ugliness can result in existential threats to large chunks of the population, if not the whole race, and our instincts drive us to stop existential threats (survival instinct). What can you do when you have an existential threat you really can't do anything about?

  15. Anonymous Coward
    Anonymous Coward

    what's so confusing about this? it's perfectly clear.

    they see themselves as your masters. masters always want power over the slaves. masters also dont want slaves to damage each other.

    so yes, you slaves should not be able to hurt your fellow slaves. but you should be vulnerable enough to be hurt by your master.

    is this a clear enough metaphor? they speak about liberty and democracy but what they really want is tyranny and dictatorship. the cognitive dissonance results in these stupid policy decisions.

  16. Zippy's Sausage Factory
    Facepalm

    My bet is they'll bring back the idea of the Clipper chip...

    1. Charles 9 Silver badge

      Until someone cracks the Clipper Chip. Then what? Ban all but state-sanctioned encryption and start the Great Firewall of America to sniff out any attempts to subvert?

  17. NonSSL-Login
    Coat

    Oxymorons

    Nuff said.

  18. Cynic_999 Silver badge

    Genie & bottle

    The idea that releasing a new encryption application or standard that has a backdoor will prevent people from using an existing encryption application that does not have a backdoor is a bit daft. Sure, casual users who have nothing (seriously) illegal to hide, and are perhaps concerned about their wife finding stuff on their PC or their list of passwords will use the default OS encryption software (e.g. "bitlocker") or whatever other encryption software comes as default or has been pushed as the "go to" solution.

    I thought that governments might have learned a lesson from (1) the export ban on encryption that was completely ineffective or (2) the clipper chip fiasco - but it looks like instead they are doomed to repeat history.

    Most people who are involved in anything seriously illegal will ignore any prohibitions and will be using applications that they trust not to have any back-door. Or steganography so that the authorities will not even know that there is anything that needs to be decrypted.

  19. dalethorn

    1) If our government can read my stuff, so can the Chinese.

    2) If I use a self-erasing program that encrypts data so that either of two keys decrypts it - one key decrypts to the secret text and the other to "Mary had a little lamb" etc. - then someone is going to have to be really, extremely smart to break the code. Question is, given that the average schmo wouldn't be clever enough to do this on his own, and even the average crook/spammer would struggle with it, how are the feds going to locate and break up servers who provide such clever services?

    1. Alan Hope

      Yes, I wondered about this type of encryption. Where every key used to decrypt produces a perfectly plausible decryption text, however just 1 of these keys produces the actual decrypted text. How would they find it hidden in a vast and almost infinite sea of plausible alternatives.

      Too simple so I must be missing something.

      1. Charles 9 Silver badge

        Simple. They just assume the placebo is just that and keep grilling you. That's why plausible deniability doesn't work against a paranoid state; they'll just assume you're hiding something else.

  20. Marketing Hack Silver badge
    Unhappy

    Well, at least they admitted that encryption is vital...

    The British House of Commons didn't even get that far....

  21. GrumpyKiwi

    Missed one small thing

    I like laughing at stupid politicians as much as the next bloke - more probably.

    But this article seems to have completely missed an important and highlighted paragraph in the report:

    =======================================================================

    Encryption technology is free, widely available, and often open source.5 Law enforcement stakeholders acknowledged to the EWG that a Congressional mandate with respect to encryption—requiring companies to maintain exceptional access to data for law enforcement agencies, for example—would apply only to companies within the United States. The consequences for such a policy may be profound, but they are not likely to prevent bad actors from using encryption.

    ========================================================================

    In fact the whole report is an acknowledgement of how difficult (if not impossible) the LEO requirement is - not to mention a dig at dribbling idiots like Feinstein and Burr and their incoherent demands for magic encryption.

  22. DerekCurrie Bronze badge
    FAIL

    TechTardiness Is Rampant

    When will #MyStupidGovernment learn?

    To govern tech you have to understand tech. They (mostly) don't and don't care to. Thus they FAIL.

  23. Nimby
    Devil

    Government is as government does.

    I hate to be the voice of sanity (I really really do) but the answer is simple. Feel free to encrypt whatever you want, as much as you want, with whatever technology you like.

    And the government (US at least) will do what it always does: secretly spend gigantic chunks of money to build ridiculously powerful systems and employ countless experts, on projects which do not exist. (Until someone leaks that they do.) Many algorithms have vulnerabilities that experts either know or can discover and log. And then there is brute force, which most "bad guys" won't have access to, but an over-funded secret government project can easily supply.

    No data is safe from a sufficiently funded and knowledgeable "hack". It's why encryption keeps evolving. And why we keep paying higher taxes without solving problems like hunger, housing, or medical care.

    1. Charles 9 Silver badge

      Re: Government is as government does.

      "No data is safe from a sufficiently funded and knowledgeable "hack"."

      What about one-time pads owned by wimps or masochists?

    2. MachDiamond Silver badge

      Re: Government is as government does.

      They® don't want to have to bring all of that hardware to bear on the meanderings of the hoi poloi through cyberland. They use the Big Iron to spy on members of government, most particularly the committees that control their funding.

  24. MachDiamond Silver badge

    Cloud storage

    Provide personal keys to be stored in "the cloud"?

    Oh yeah, that's going to work. Anything stored online is vulnerable…. Office of Personnel Management, anybody?. One would think that the US congresscritters and spooks learned something from that little leak.

    I guess that anybody that thinks it's a good idea to put access to a national power grid online isn't going to worry about much of anything. Besides, their bribes and kickbacks are stored in physical assets on a convenient island that doesn't have extradition treaties with anybody.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019