back to article Trump's FBI boss, Attorney General picks reckon your encryption's getting backdoored

US President Donald Trump's pick for his Attorney General and head of the FBI will have security specialists nervous, since both believe breaking encryption is a good idea. Senator Jefferson Beauregard "Jeff" Sessions III (R‑AL) is Trump's pick for the top legal job in the US. In congressional testimony, he outed himself as a …

  1. Brian Miller

    Back to MD5, et. al.

    OK, so instead of a "backdoor," they'll just mandate that outdated cryptography algorithms be used. Hey, it was good enough for 1991, right?

    1. Youngone Silver badge

      Re: Back to MD5, et. al.

      That would be one way to lose I suppose.

      The other way to lose is the way they've already tried. Legislate to make it illegal to export this sort of tech, then watch as the rest of the world shows that they know how to do maths too.

      It was called the encryption wars, and the US Government lost then gave up fighting.

      Some people have short memories though.

      1. Bubba Von Braun

        Re: Back to MD5, et. al.

        Ah the encryption war days.. 40bit unless you were a bank and you could get 56bit and back then UK companies did good trade in encryption alternatives not hamstrung by US law.

        They don't just want to be able to break the encryption its about doing it as easily as possible. There is a reason the NSA has some of the largest computer complexes in the USA.

        Security is also not just around crypto strength but key management, how many folks use the same password for multiple sites.

        1. Anonymous Coward
          Anonymous Coward

          Re: Back to MD5, et. al.

          "Security is also not just around crypto strength but key management, how many folks use the same password for multiple sites."

          Or fundamentally the implementation - choose and manage the right crypto, undertake decent key management and you're in a good place. Not necessarily a perfect place for the paranoid but laziness typically leads to a poor implementation which undermines all the goodness the mathematicians did in the firstplace.

    2. bombastic bob Silver badge
      Devil

      Re: Back to MD5, et. al.

      keep in mind that "it was decided" back THEN that stupid regulations regarding encryption were not only bad for business, they left people at risk for various forms of theft. _AND_ they open the doors for FOREIGN COMPETITION.

      you can't "make America great again" while hobbling its ability to compete. sanity should soon take over any possible hype, FUD, or over-reaction with respect to encryption, on BOTH sides of the argument.

      And EVERYONE knows that a gummint-mandated skeleton key won't cut it, either. There are too many good "foreign alternatives" already, the source files for various forms of encryption are already out there, and mandating back doors would just motivate the open source community to provide 'non-US alternatives" faster than any legislation would pass in Con-Grab.

      I doubt we have ANYTHING to worry about. WATCH OUT FOR, certainly. Hold their feet to the fire over it, ABSOLUTELY.

      Besides, backdoors to encryption is just lazy police work. Tell them to get WARRANTS and do it the 'old school' way.

      1. Seajay#

        Re: Back to MD5, et. al.

        I think you're right that we don't have anything to worry about. So that's good.

        I'm not sure I see your point on old school warrants though. In the San Bernardino iPhone case they had done it the old fashioned way and they did have a court ruling, but it didn't help them. Unless you mean that you want backdoors which can only be used with a warrant.

      2. AndyS

        Re: Back to MD5, et. al.

        Bob, you really are a bit simple, aren't you?

        1. Chemical Bob

          Re: Back to MD5, et. al.

          "Bob, you really are a bit simple, aren't you?"

          Why, he is simply bombastic!

      3. allthecoolshortnamesweretaken Silver badge

        Re: Back to MD5, et. al.

        "... sanity should soon take over ..."

        Well, there's your problem.

      4. gnasher729 Silver badge

        Re: Back to MD5, et. al.

        That can't be repeated often enough: FBI wants to catch criminals, or at least they want to be seen doing stuff, so they want to break encryption. NSA on the other hand has the job to look out for national security, from both sides. It should be obvious that weak encryption makes it easier for the good guys to go after the bad guys, but also makes it easier for the bad guys to go after the good guys (whoever you think "good" and "bad" guys are). And the NSA has concluded again and again, that overall weak encryption is worse for the good guys.

        (The NSA doesn't care about privacy, so when they say weak encryption is overall bad, it means it's overall bad even if you ignore any privacy problems. When you count in privacy, weak encryption is even worse).

      5. Jaybus

        Re: Back to MD5, et. al.

        I'll second the no worries. I don't believe anyone is considering any kind of return to known broken methods. Anyone who believes that there is "unbreakable encryption" is being deceived. They want to try to prevent their own boffins from leaking vulnerabilities that they discover. They want to leave the next heartbleed-like vulnerability undiscovered for as long as possible. So, in other words, the same thing every government (including those in the EU) is already doing.

        Just business as usual. The quality of the encryption is, and will always be, the responsibility of those using it.

    3. big_D Silver badge

      Re: Back to MD5, et. al.

      The problem is, the good encryption is already out there, so the bad guys will continue to use it and he "good guys" will be forced to use breakable encryption that can be exploited by bad guys.

      If you are already breaking the law, what is another law on the way? Just use unbreakable encryption, at worst you'll be done for using that, if they can't prove anything else.

      1. gnasher729 Silver badge

        Re: Back to MD5, et. al.

        Fact is, anyone with a bit of maths and a 1980's copy of "The Art of Computer Programming" can create an unbreakable implementation of the RSA algorithms. It won't be fast (you need a bit more maths to make it fast), but it's good enough to send text messages that are unbreakable.

    4. Anonymous Coward
      Anonymous Coward

      Re: Back to MD5, et. al.

      If you want to export anything outside the US and europe, you already need to have outdated technology.

      Even openssl is considered export controlled despite it being easily available. Put it in your product and you are limited where you can sell it. This despite the ability for a 12 year old kid being able to set it up and use it on a raspberry pi.

      At some point politicians will understand that encryption is just maths at work and trying to restrict it is self defeating

      1. Roo

        Re: Back to MD5, et. al.

        "At some point politicians will understand that encryption is just maths at work and trying to restrict it is self defeating"

        That is wishful thinking. :)

        These folks have never at any point in their lives had to understand encryption to get what they want. Why would they start learning now when barking orders has worked so very well for them all their entitled lives ?

      2. Doctor Syntax Silver badge

        Re: Back to MD5, et. al.

        "At some point politicians will understand"

        I've spotted a flaw in your thinking.

    5. Christoph Silver badge

      Re: Back to MD5, et. al.

      "Hey, it was good enough for 1991, right?"

      That encryption was good enough for Caesar, it's good enough for you!

      1. Bernard M. Orwell Silver badge

        Re: Back to MD5, et. al.

        "That encryption was good enough for Caesar, it's good enough for you!"

        All I said was that this encryption was good enough for jehovah.

        1. Alister Silver badge

          Re: Back to MD5, et. al.

          All I said was that this encryption was good enough for jehovah.

          Lol!

          "Are there any women here today?"

          <squeaky voice> No! No, no <cough> <deep voice> NO!

    6. Mike Richards Silver badge

      Re: Back to MD5, et. al.

      There's probably a mountain of Clipper chips buried in the Nevada desert that could be dusted off and fitted to the iPhone 8.

      1. Chemical Bob
        Boffin

        Re: Back to MD5, et. al.

        "a mountain of Clipper chips buried"

        One of the salient points about mountains is that they are *above* ground...

        1. John Brown (no body) Silver badge
          Coat

          Re: Back to MD5, et. al.

          "One of the salient points about mountains is that they are *above* ground..."

          That's only the bit you can see!

      2. John Brown (no body) Silver badge
        Coat

        Re: Back to MD5, et. al.

        "There's probably a mountain of Clipper chips buried in the Nevada desert that could be dusted off and fitted to the iPhone 8."

        Rumour has it that they used the same dump as the Atari ET cartridges.

    7. naive

      Re: Back to MD5, et. al.

      What's new here, it will be like the restrictive gun ownership laws in most European countries. Bad guys and bad governments will have boat loads of them, working people will have to be nice like sheep, hoping nothing bad happens to them.

      1. jason 7

        Re: Back to MD5, et. al.

        As a European (even though some want to take that brand away from me) I have no issue with the restrictive EU Gun laws especially those in the UK.

        At the age of 45 I have never or known anyone personally to have been threatened, injured or killed with a firearm.

        I'm more than happy for that to continue.

        Like the folks in the US will ever lift their fat arses and AR-15s off the sofa to 'rise up' and take back what's theirs.

        Yeah they talk the talk...

      2. Rich 11 Silver badge

        Re: Back to MD5, et. al.

        working people will have to be nice like sheep, hoping nothing bad happens to them.

        Yet here we are, half a billion people with a collective annual homicide rate about a third of that of the USA.

      3. Dog11

        Re: Back to MD5, et. al.

        it will be like the restrictive gun ownership laws in most European countries. Bad guys and bad governments will have boat loads of them, working people will have to be nice like sheep, hoping nothing bad happens to them.

        Yeah. Like US gun owners stopped the "Patriot" act from being passed and enforced. Like they prevented Shrub from attacking Iraq. Like they prevented Ruby Ridge and Waco. Like they stopped government torturers. Like they blocked the path to the White House for TV stars with fascist tendencies.

        Hopefully, it was just a bad analogy.

    8. thomn8r

      Re: Back to MD5, et. al.

      Like 64k of RAM, ROT13 encryption should be good enough for anybody

      1. Joe 34

        Re: Back to MD5, et. al.

        ROT13 applied 2^16 times should definitely be good enough

  2. Andrew Jones 2

    I'm not terribly surprised.

    I was much more surprised by the UK going down this route - now I just weep for the future of technology.

    1. Doctor Syntax Silver badge

      "now I just weep for the future of technology."

      Don't. There are enough countries out there whose technology industries have just been given a boost. What are the advantages of remaining a US corporation?

  3. harmjschoonhoven

    Just saying

    Â(M°^D\Éò%~GÞTmù|®ÓC~Z~IõtÅ-~]¼`@ y´¡H~_^R-Ý6sRØj~]Ð4~åfuôE~@ÜHj­ÂQÎ1Uõ%S»ÖX~G¢D¨^R5³â^[W^M2mÎÐ~Hîk²| %|Ù^^S«^Dy~MH~]Åõ`·õ*~UäSm#r²èF«ÜÍ"Ã)~[øR@´&~J±¡D~U^LvÚCeRùh~NÂ-yîTu^RNuéOyµ^K_Îí~^^@àSw^]X~Pæð©^QzÎÎò~Jû7bÖ^_~R­?²æ^X|è^\P°°BÒ6¢Ò÷^·û%B~R*²^[sb~R*~[Ü^Tk¿.| µ6i~[×>~[®#|É-Þ@ ~F k~VÑé~C| ]¾^PK2ÝE{a^VXÅí©ü0^RÃ^[P~Bîðª^\w~M @W

    1f~B^Es»^U~VîÒzå^WH´õsà>~\Îócvý&~UäIº${¹~^÷~^ÎÁqÅ4~Rù^M~H»$~I®íHP^A~@~U. ~U^Fc~VÊ6~DåQu^OAuâ:x°^T^PÍ.£­7Z¼$ ~Jöð£^\~BÒ^Sò«^EéfÐ^S~R^FeÁé!~E¤É*°°tÕ:M×^D`Êý&~P~PT²(~A©ßF¤âÁ]| ^Dsò^M~TÁ×i®ïC¤^O^?~U^]a¦ _~LÌâ\åN½&^L2~_^Z6~Wö^Y~@5~Z­,SÀ^Z ~P÷D`^U~àÀB¦ 2uË^_~N»^UoÅ zè"Q¶ùoÛõ| Å^Dm»üá~OÑNÆÕ~C¡ÞL~WË^Mgp!~[ù^M~I¿'~E»õC~^^T-åBr¢^Fi~NÔî2| @º S{æD|a^YbÏA~Z»à^T| * ~Jõð¡^Y~HÜÀ5©ÿ=jÅ^Q~L¹^Uµï)|ì^NSn°tÕ6¡~@^@XÊò0~PÑLm(r£çI~_Ý^Z"±.~QµP~R»$^?·âNP {ë2s¦^@]~JÕ1~Bó^M·^R^@sÙBna^V_~@<«ò2UÆ#NAç>£^_~NÝ^T;¦^Dõ!×^^~Dògmì^S~NÜ^^Mbñuá=~\Òûkϵá~YØE»Õ{¥Õ<©Ü^BtÉà¡^D^M~Tº^\6¯öT¤^Hrç.n~Uü^V~XÇâ~áa¾^\Nsãö|¦^EeÒ6©^FàSÅ^Z ~Dô9­^V~CÎ^Lò| ^D?fÕ$~IôVÁé!~Eé×^Cb~Z

    1. David 132 Silver badge

      Re: Just saying

      How dare you say that about my mother!!!

      1. Yet Another Anonymous coward Silver badge

        Re: Just saying

        If anyone in the UK has a copy of this page in their cache and can't provide the key - they get 5years

    2. Anonymous Coward
      Anonymous Coward

      Re: {ë2s¦^@]~JÕ1~Bó^M·^R^@sÙBna^V_~@<«ò2UÆ#NAç>

      I dunno about encryption, it looks to me like another ordinary day on the wrong end of a V.22 1200bits/second dialin modem session. Y'know, in the days of interactive end user computing provided by online multi user access to shared external services. Cloud V1.0, if you like.

      Those weren't the days.

      1. RAMChYLD

        Re: {ë2s¦^@]~JÕ1~Bó^M·^R^@sÙBna^V_~@<«ò2UÆ#NAç>

        Looks more like a baud mismatch.

        True story. I once tried sending serial data at 115,200kbps to a 9,600kbps thermal printer with handshake and parity off. The output was more or less something like this.

        1. Sir Runcible Spoon Silver badge
          Joke

          Re: {ë2s¦^@]~JÕ1~Bó^M·^R^@sÙBna^V_~@<«ò2UÆ#NAç>

          Did you just invent a RNG?

    3. wolfetone Silver badge

      Re: Just saying

      "{ë2s¦^@]~JÕ1~Bó^M·^R^@sÙBna^V_~@<«ò2UÆ#NAç>£^_~NÝ^T;¦^Dõ!×^^~Dògmì^S~NÜ^^Mbñuá=~\Òûkϵá~YØE»Õ{¥Õ<©Ü^BtÉà¡^D^M~Tº^\6¯öT¤^Hrç.n~Uü^V~XÇâ~áa¾^\Nsãö|¦^EeÒ6©^FàSÅ^Z ~Dô9­^V~CÎ^Lò| ^D?fÕ$~IôVÁé!~Eé×^Cb~Z"

      I don't know you well enough to do that to you I'm afraid. But I'm open minded. Let's just take it easy, go on a few dates first.

    4. Tinslave_the_Barelegged Silver badge

      Re: Just saying

      With a melon???

    5. Christoph Silver badge

      Re: Just saying

      I'm surprised at you!

      But not half as surprised as the goat.

    6. allthecoolshortnamesweretaken Silver badge

      Re: Just saying

      That's what she said.

    7. Doctor Huh?

      Re: Just saying

      I'm pretty sure this is syntactically valid and extremely tight Perl.

      Or, at least, it is virtually indistinguishable from syntactically valid and tight Perl :^)

      1. Yet Another Anonymous coward Silver badge

        Re: Just saying

        Larry's first law - Any sufficiently advanced Perl is indistinguishable from line noise

  4. Oengus Silver badge

    Adult conversation

    Comey has said that he wants an adult conversation about encryption this year

    They can have an adult conversation when they stop behaving like 6 year olds who can't get their own way.

    1. dan1980

      Re: Adult conversation

      @Oengus

      But they want it!!!!

      Why can't they have it?!?

      The tech community must HATE them.

      (well, yes . . .)

    2. 's water music Silver badge
      Coat

      Re: "Adult" conversation

      Backdoors...

      Oh my.

      1. Anonymous Coward
        Anonymous Coward

        Re: "Adult" conversation

        Backdoors...

        Oh my.

        I saw what you did there :)

    3. Anonymous Coward
      Anonymous Coward

      Re: Adult conversation

      who says they can't get their way with a new president?! Watch this!

      ....

      ok, first we deal with the pipeline, then the Mauer, then the Mexis, then nato, then the paedocryptos...

      Hell, I didn't plan to mention TRUMP AGAIN?! :(

  5. Dave Harvey

    Ad when the Chinese/Russian governments ask for backdoors to spy on Americans

    How could non-US companies who have given such keys to the US possibly refuse?... or are companies supposed to stand-up to some governments, whilst lying down and supplicating themselves before others?

    1. This post has been deleted by its author

    2. Christoph Silver badge

      Re: Ad when the Chinese/Russian governments ask for backdoors to spy on Americans

      Quite. The net is world-wide. And why should governments and people outside the US use software that they know the US government can break?

      It's magical thinking - we want something that works in this impossible way so we demand that you make it for us. We've passed a law, so you've got to do it!

      1. DougS Silver badge

        Re: Ad when the Chinese/Russian governments ask for backdoors to spy on Americans

        Trump only cares about the US. He went on record in his inauguration speech say he's only going to take Americans into account in what he does. If he was told it would cut Apple's overseas sales by 75% forcing the inclusion of an FBI backdoor but legally barring them from putting in a backdoor for any other country, he wouldn't think its a problem. In his mind it would be worth it because he believes it would make us safer.

        I hope if such a law is passed that Apple moves its HQ out of the US to escape the reach of Trump's laws. I'll happily pay the 'tariff' that Trump would no doubt place on iPhone imports if they did that, and I'd love to watch all his whiny 3am tweets after it was announced.

        1. John Brown (no body) Silver badge

          Re: Ad when the Chinese/Russian governments ask for backdoors to spy on Americans

          ""Apple moves its HQ out of the US to escape the reach of Trump's laws."

          Well, most of their cash and manufacturing is already out of reach!

  6. Yet Another Anonymous coward Silver badge

    I'm all for it

    Government has a lot more secrets from me than I have from the government.

    When everyone from the local mayor to the president has email and a cellphone that can be remotely hacked from Russia/China/Craggy Island - I'm looking forward to reading the daily wikileaks

    1. Cereberus

      Re: I'm all for it

      "When everyone from the local mayor to the president has email and a cellphone that can be remotely hacked from Russia/China/Craggy Island - I'm looking forward to reading the daily wikileaks"

      Not going to happen if the UK snoopers charter is anything to go by. Everyone in the world (or at least in the U.S.) will have to use backdoor encryption with one select group given an exemption - anyone in public office in the US of A who will have totally leak proof encryption.

      That is basically what they have done with the snoopers charter. Everything has to be tracked for everybody everywhere in the UK, except those in government linked roles because of course they would never do anything to harm the country or it's citizens - honest guv, would I lie to you. How about a new watch, genuine Rolex it is, got is from a friend after it fell off a lorry. Special deal today only - don't worry about the Made in China sticker, that's only to reduce the import tax.

  7. dan1980

    Just like the anti-pornography bills doing the rounds in the US and the UK - they are essentially attempting to legislate an end result, rather than a process.

    Why am I reminded of this?

    The Expert

    1. Anonymous Coward
      Anonymous Coward

      re: the expert

      this is... good.

      p.s. why do I think of brexit and Trump while watching this? :(

    2. Sir Runcible Spoon Silver badge
      Flame

      Re: The Expert

      Thanks for the flashbacks, not!

  8. Winkypop Silver badge
    FAIL

    Because.....

    ....they don't understand these darn 'puter thing-a-ma-jigs!

    Maybe they should just publish their bank account details and be done with it.

    1. Doctor Syntax Silver badge

      Re: Because.....

      "Maybe they should just publish their bank account details and be done with it."

      And their tax returns.

      1. Christoph Silver badge

        Re: Because.....

        Once Trump has weakened all the encryption, how long will it be before someone hacks in and publishes his tax returns?

        1. Yet Another Anonymous coward Silver badge

          Re: Because.....

          This is the IRS - all you would get is a lot of pictures of punched cards

  9. Anonymous Coward
    Anonymous Coward

    You can shield FBI directors from American politics, but the converse is a bit more problematic evidently.

  10. JJKing Bronze badge
    Facepalm

    Comey is really following in the heals of that weirdo J. Edgar Hoover. Probably explains why Comey is a fan of the backdoor.

    1. bombastic bob Silver badge
      Trollface

      "Comey is really following in the heals of that weirdo J. Edgar Hoover. Probably explains why Comey is a fan of the backdoor."

      and the way they keep 'skirting' around the issue

    2. allthecoolshortnamesweretaken Silver badge

      And I bet he looks fabulous in a floral dress.

  11. anoco

    Here's a solution

    Owhay aboutway eway ivegay away ackdoorbay otay ethay ackdoorbay?

  12. Richard 12 Silver badge

    Simple solution

    Tell Comey yes, he can have his backdoor - on one condition.

    If anyone outside of the FBI ever demonstrates that they can decrypt any of these backdoored encryption techniques, Comey and all his successors will be immediately executed for treason.

    No waiting in Death Row, and no defence possible at trial. Instant death.

    Such a demo would prove he or a successor must have leaked his key and personally made the bank accounts of all Amercians insecure.

    Comey, do you bet your life on nobody ever finding that extra key? Eg by torturing one of your staff?

    Because that's what this suggestion does. It bets the data security of your entire nation on your personal ability to make sure the backdoor key is never found.

    1. James 51 Silver badge

      Re: Simple solution

      There is already a physical version of the encryption backdoor. The TSA theft facilitation locks on all luggage. They have zero legal responsibility for all theft and damaged caused by them or facilitated by them. I doubt the pro-stupidity laws will be any different.

      1. Yet Another Anonymous coward Silver badge

        Re: Simple solution

        >There is already a physical version of the encryption backdoor. The TSA theft facilitation locks on all luggage.

        This would be a good way of explaining this to voters.

        Your house, car, and your daughter's dorm room at college are going to have locks which every cop, TSA, fire, paramedic, DEA, IRS, FCC, MMB agents have a key for.

        Do you feel safer ?

        1. An nonymous Cowerd

          Re: Simple solution

          and hi-res images of the TSA backdoor key were published, meaning that anyone can get in . . .

          do you feel even safer?

          similar to the FBI/NSA bulk personal dataset super profiled databases of our overcollected private stuff - where it is presumed the crims/vlad have third-party access to it all . . . or have crims/vlad stopped paying & perverting (several/hundreds of) the million squirrels with secret access . . . sigh

    2. ChrisDe

      Re: Simple solution

      How about this - the government gets a different encryption protocol (they'd want that anyway, the security services aren't _that_ stupid). However, this also has a backdoor, and the skeleton key is given to the press. I'll bet the government skeleton key leaks first....

  13. depicus

    Fools

    A few years ago India blocked access to Github for a few days over the site hosting encryption code, it's reported that Syrian developers had released an app that was written using open source encryption for fighters in that country to securely communicate.

    The horse has already bolted and all backdooring will do is make the US less secure and its tech companies less competitive.

    1. Doctor Syntax Silver badge

      Re: Fools

      "A few years ago India blocked access to Github for a few days over the site hosting encryption code"

      And they'd be wise to reflect on why it only lasted a few days.

    2. Anonymous Coward
      Anonymous Coward

      Re: Fools

      "The horse has already bolted and all backdooring will do is make the US less secure and its tech companies less competitive."

      That sounds like the Trash Administrations Primary Goal; "get back at anyone and everything from California that opposed them! Starting with those nasty computer companies! Excuse me while I draft a threatening electronic letter to a colleague using my PowerBook laptop contraption."

      I must remember to send the local FBI office a bag of dogshit labeled "Terrorist Treats. Do NOT sample!" for their anniversary. If they're as stupid as the FIB agents in GTA V, they will bite before checking. Then I will steal their FIB sedan and joyride it until the wheels fall off! HAHA! Hacking people is easy!

  14. Ken Hagan Gold badge

    The irony

    Soon, the only way to have secure email in the US will be to run your own server.

    1. bombastic bob Silver badge
      Devil

      Re: The irony

      "Soon, the only way to have secure email in the US will be to run your own server."

      like Mrs. Clinton? (I couldn't resist, heh)

      Seriously, though, PGP has been around for long enough. If we don't want to get sniffed, we can just PGP every e-mail from this day forward. So post your public key "wherever", and tell everyone to encrypt all mail sent to you using that key. Simple, really.

      /me already has my own mail server, muahahahah!

      1. Anonymous Coward
        Anonymous Coward

        Re: The irony

        Seriously, though, PGP has been around for long enough. If we don't want to get sniffed, we can just PGP every e-mail from this day forward. So post your public key "wherever", and tell everyone to encrypt all mail sent to you using that key. Simple, really.

        There are aspects to PGP that don't make it a good tool for security, especially not when taking in data from informants. Read the book "Hut 6" by Gordon Welchman and you'll know what PGPs' problem has been from day 1: meta-data.

        1. rh587 Bronze badge

          Re: The irony

          There are aspects to PGP that don't make it a good tool for security, especially not when taking in data from informants. Read the book "Hut 6" by Gordon Welchman and you'll know what PGPs' problem has been from day 1: meta-data.

          That depends what you mean by "security" though.

          If security involves protecting content and/or verifying source, then it does that very well. The actual contents of a message and it's integrity can be encrypted and signed. This is what De-mail sought to do - allow people to send legal documents electronically.

          By contrast if you want anonymity, then that's a related - but distinct - kettle of fish.

          The needs of someone wanting to leak evidence of war crimes to Wikileaks (securely and anonymously connect to Wikileaks and then run like hell) are different to those of a business wanting to protect trade secrets and/or create an audit trail of correspondence.

          In the former case, PGP is a terrible idea (in fact in the former case, e-mail full stop is a terrible idea. E-Mail is a fundamentally leaky system and you're better off with TOR or a Signal-like P2P solution). But in the latter case, it has a lot of potential.

          You can't anonymously verify the integrity of a message (unless you have already established an out-of-band comms channel).

          1. Cynic_999 Silver badge

            Re: The irony

            "

            You can't anonymously verify the integrity of a message (unless you have already established an out-of-band comms channel).

            "

            You most certainly can. That's what PGP signatures are for.

            1. Doctor Syntax Silver badge

              Re: The irony

              You most certainly can [verify the integrity of a message]. That's what PGP signatures are for.

              Making such verification routine would cut down on a lot of fraud, ransomware etc. Email protocols ought to be moved onto something which incorporates PGP for this reason. There may even be some additional advantages....

            2. John Brown (no body) Silver badge

              Re: The irony

              "That's what PGP signatures are for"

              Yes, an established "out of band comms channel". Send an email, but keep the key somewhere where else.

              1. Cynic_999 Silver badge

                Re: The irony

                Your private key cannot be described as a "comms channel" because it is never communicated to anyone in any form.

      2. Truckle The Uncivil

        Re: The irony

        I had my own mail server nearly thirty years ago. The effort required was never worth the cost. Managing email securely is something that has to be amortised over a number of people.

        1. Anonymous Coward
          Anonymous Coward

          Re: The irony

          "Managing email securely is something that has to be amortised over a number of people"

          over a number of *trustworthy* people, surely?

          Which given that the authorities have proved themselves untrustworthy in public, and that Big Business is definitely untrustworthy, and that the dark corners of the authorities have shown themselves to be untrustworthy in private e.g. they're perfectly happy to break the law (e.g. undercover agents in perfectly legal organisations) it kinda sorta leads back to DIY. Which is indeed a bit awkward, if it takes lots of effort.

  15. Potemkine Silver badge
    Trollface

    Believe me

    It's a well know alternative fact, all people using encryption are terrorists, they are threatening the Great America. Thanks God the Unpresidented will protect the US by authorizing to torture these people who are probably alien or muslim anyway.

    1. Anonymous Coward
      Anonymous Coward

      Re: Believe me

      The irony is that their president's public utterances are encrypted too - it's IMHO far too garbled to be mistaken for plaintext.

    2. Anonymous Coward
      Anonymous Coward

      Re: Believe me

      A ha! I have found the terrists! This website and indeed this very page use encryption, so all of you are the terrists! I shall now be forced to report you to the terrist authority.

      ...But, now that I've posted this here, that means I'm a terrist too. And when the terrist authority comes to look for evidence, they'll use encryption to verify the authentication of the page as well, so they too must be terrists... </sarcasm>

      Within five minutes of being born we're pretty much all criminals, do we really want to extend that to calling us all terrorists?

  16. Slx

    There's a bit of a lack of comprehension of how the Internet actually works.

    Without strong encryption, the internet would become as secure as a chaotic market market in a bazaar somewhere with everything just sitting there in easy reach of shop lifters.

    It's effectively like removing the walls from your house.

    Fundamentally, the problem is the political debate is about as IT savvy as a bunch of 60-70 year old guys having a drunken bar conversation about it. They're totally clueless but highly opinionated and think they can solve everything.

    1. Anonymous Blowhard

      "It's effectively like removing the walls from your house."

      Not at all; you're overreacting.

      It's like giving a key to all the locks in your house to every member of the FBI, DEA, NSA, CIA and they might loan it to the Sheriff's Department, the State Police or the County Dog Catcher.

      And if the lock maker sells in Russia or China they might give a copy to the FSB and the FSS

      What could go wrong?

    2. Doctor Syntax Silver badge

      "60-70 year old guys having a drunken bar conversation about it. They're totally clueless but highly opinionated and think they can solve everything."

      Yup, these youngsters in their 60s think they know everything.

    3. Graham Hawkins

      Hey!! Less of the bashing 60-70 year old guys! (Guess who's just had a significant birthday...)

      The problem is not their age, it is that they are wilfully thick, stupid politicians(*) pandering to the lowest electoral denominator.

      (*) Other types of politician are available, but are becoming difficult to find in this post-truth, post-science, post-expert age.

      1. Roo
        Windows

        "The problem is not their age, it is that they are wilfully thick, stupid politicians(*) pandering to the lowest electoral denominator."

        There is no evidence to indicate that the lowest electoral denominator gives a flying fig about encryption. There is more evidence to indicate these clowns just want a competitive advantage over the proles baked into law.

    4. Anonymous Coward
      Anonymous Coward

      the political debate is about as IT savvy as a bunch of 60-70 year old guys having a drunken bar conversation about it

      I think you have pretty much described the political process in the UK and the US here, and thus the root problem..

    5. David Roberts Silver badge
      Windows

      60-70 year olds?

      Probably arguing about how all this wonderful global IT infrastructure we designed and built has gone to shit because of all those brain dead Millenials.

  17. Anonymous Coward
    Anonymous Coward

    Encrypted Emails?

    Oh, how quaint.

    How many millenials use emails these days? don't they all use Social Media for everything?

    I guess the Feebs etc need to realise that 2020 is not that far away.

    Oh wait. 2020? Oh yes, when the USA is formally declared a 3rd world country and Trump gets thrown out of office.

    Perhaps they are going to keep their heads down and wait for him to go away.

  18. Velv Silver badge
    Pirate

    "We're going to remove regulation. Regulation is killing industry, killing business. Sad"

    What he gives with one hand he takes away with another. You can make it law, but that doesn't mean companies will comply.

    You can fine those that don't comply, but at some point the cost of doing business in the US outweighs the profits, and the tech giants will relocate to a less regulated jurisdiction.

    1. Christoph Silver badge

      Simple. You just announce that the tech companies won't relocate. Problem solved.

      The same way the UK government decided that the banks won't relocate due to Brexit. The trivial detail that they are now jamming the exits is irrelevant. Announcements by ministers obviously outweigh reality.

    2. lglethal Silver badge
      Joke

      Well the majority of Apple's money is already sitting in Ireland, so the head Office might as well be too!

      1. Doctor Syntax Silver badge

        "Well the majority of Apple's money is already sitting in Ireland, so the head Office might as well be too!"

        Are you sure you're just joking?

  19. Doctor Syntax Silver badge

    "The finest minds in cryptography have repeatedly pointed out the impossibility of building a backdoor for law enforcement into secure encryption"

    It makes no difference how fine their minds are. It's politicians' minds on the receiving end.

  20. Jonjonz

    Guns and Infowar

    I think it is pretty funny that the same folks who whine against gun control want to take everyone's information power security away.

  21. allthecoolshortnamesweretaken Silver badge

    Those faint pop...pop...pop...noises in the background?

    Champagne corks in Moscow and Beijing.

  22. Anonymous Coward
    Anonymous Coward

    Contemptuous prick

    "Coming from a law enforcement background, I believe this is a more serious issue than Tim Cook understands,"

    Love this part. Not a single ounce of contempt, here.

    See, dude is from lawe inforchment, so obviously has a clue about cryptography, and how Grace and Eve do/don't need any gov. authorization to share any backdoor, when, even in the IT filed, few people have ...

    What a douchebag ...

  23. Anonymous Coward
    Anonymous Coward

    Of course Trump is keeping Comey on.

    Think of it as a reward for his help in getting Trump elected with those timely Hatch Act violations-I-mean press conferences. The primary qualification for an administration position is obviously personal loyalty above all, and competence is a distant runner-up.

    Anon for obvious reasons.

  24. MJI Silver badge

    I get the feeling he is a crook anyway

    So need to make sure no back doors at all.

    That said I would be more bothered by US reading my stuff that Russia

  25. netminder

    Congratulations!

    All you tech fanbois in the US who were so happy to stump for this tangerine tantrum because you were not smart enough to recognize a fascist when he speaks are in for a jolly good rogering. You richly deserve what is about to happen to you. The rest of us, intelligent Americans and the whole world, do not. So congratulations assholes.

  26. Marketing Hack Silver badge
    Stop

    About the only thing that is going to stop this is that if Trump the businessman...

    Who dislikes ineffective, business-hobbling regulations defeats Trump the terrorist fighter.

    There's some hope, but I think his fear of all things Islamic is going to win out.

    So, get ready to buy your encryption solutions from non-U.S. vendors.

    1. Anonymous Coward
      Anonymous Coward

      Re: About the only thing that is going to stop this is that if Trump the businessman...

      Trump doesn't hate ineffective, business-hobbling regulations. He hates any regulation that prevents him or his friends from making a quick buck. Any regulation that helps them do so, is a good one though.

  27. Anonymous Coward
    Trollface

    Should've voted for her

    If only a Clinton were president again, our encryption wouldn't be getting backdoored again...

  28. lsatenstein

    Encryption with backdoor is not encryption

    Once there is a encryption algorithm backdoor (as exists with AES), a computer challenge to hack the algorithm to determine the methods used would be offered and that backdoor entry will be known to everyone. What will happen, in my view, to circumvent that problem is that there will be pre-encryption of information perfomed on a second system and that data is walked across to a physically separate separate system before it hits the storage and transmission software.

    Computers are now fast enough to encrypt voice before it hits the packetizing software. Your conversation could be monitored, but that's it. The voice message can be encrypted live before leaving the computer.

    Of course, the government would want access to your hardware. But what if the encryption was done by a service out of reach of the government?

    As well. One could use a random interspersal of several algorithms to do encryption, where for example, some group of bytes are encrypted with one algorithm, and the other group with another. It could be the same algorithm, but with different encryption keys.

    Treat encryption like a mamal being pregnant. Its either yes, or no --secure or backdoored.

    You can't have security if the government wants to have access to your hardware and transmissions.

  29. Son 1

    Does not matter...

    Anyone that has real important secrets to hide does not use off-the-shelf encryption software. Instead, they us one time pads and double encrypt this into stenography to prevent attention. Only amateurs use off-the-shelf encryption.

  30. David Roberts Silver badge

    Decryption

    If you are trying to break encryption, how do you know that you have succeeded?

    Presumably by confirming readable content.

    Just checking; if so double encryption would seem to be a no brainer.

  31. David Crowe

    Trump is going to make encryption experts' teeth grate again.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019