back to article 'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

Continuing the US government's menacing of strong end-to-end encryption, Deputy Attorney General Rod Rosenstein told an audience at the US Naval Academy that encryption isn't protected by the American Constitution. In short, software writers and other nerds: the math behind modern cryptography is trumped by the Fourth …

  1. Anonymous Coward
    Anonymous Coward

    F/OSS

    There is no constitutional right to sell warrant-proof encryption.

    Who said anything about sell?

    1. Pascal Monett Silver badge

      Indeed. There's no constitutional right to sell bread either. What kind of effing argument is that ?

      1. DrStrangeLug

        There's a difference

        Or, to make it more plain to the US populace, there is no constitutional right to sell guns.

        1. gibbleth

          Re: There's a difference

          Actually, there is. Since the right to own a gun is a 'strictly interpreted' constitutional right here in the US, all contributory rights are similarly protected, including the right to sell a gun, because prohibiting that right would infringe on the right to own a gun, as you can't own a gun if you can't buy one and you can't buy one if nobody can sell one. There's been actual court cases on this, the last one on gun ranges in Chicago, for instance.

          Anyway, I'd guess that, if the right to encryption is considered protected by the first amendment, the right to sell such encryption would be protected as well, as the first amendment right is also 'strictly interpreted'.

          1. LDS Silver badge

            Re: There's a difference

            You could still build your own gun... a flintlock one is not so difficult... you can also start with a matchlock. And still the 2nd amendment is about generic "arms" - not firearms- a sword or a bow should be enough...

            1. MachDiamond Silver badge

              Re: There's a difference

              "And still the 2nd amendment is about generic "arms" - not firearms- a sword or a bow should be enough…"

              One has to go back to why the right was put in to start with and that was to prevent government abuses. If it ever became necessary to protect oneself agains the military, bringing a knife to a tank battle is a good approximation. I don't advocate the automatic weapons and grenades be sold to the public, but reliable and accurate firearms are fine by me. Full auto is usually a waste of ammo and used mainly to keep heads down while soldiers advance across defended territory. The cat's among the pixies so there is no use crying for a perfect world that doesn't have firearms.

          2. Anonymous Coward
            Anonymous Coward

            Re: There's a difference

            and you can't be given one for free because that would make you a pinko commie?

        2. This post has been deleted by its author

        3. Jaybus

          Re: There's a difference

          That is only partially true. Since the 2nd Amendment does grant the right to keep and bear arms, the right to sell arms is implied. If guns could not be sold, then the US government would be required to supply them.

          1. Mike Ozanne

            Re: There's a difference

            "If guns could not be sold, then the US government would be required to supply them."

            After all they already do it for Mexicans....

            http://edition.cnn.com/2013/08/27/world/americas/operation-fast-and-furious-fast-facts/index.html

      2. Dave 126 Silver badge

        Sending PGP code on disc outside of the USA was considered to be exporting munitions. Sending the code out in hardcopy (a ream of paper) was protected by Freedom of Speech.

        Result was the same, except for someone in Europe having sore typing fingers for a day or two.

        1. DaLo

          "Result was the same, except for someone in Europe having sore typing fingers for a day or two."

          Actually published it as a book with an OCRable font to save the fingers of the intern (although it was 'accidentally' published to usenet before then anyway)

      3. Eddy Ito Silver badge

        @Pascal Monett

        The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

        I think the 9th Amendment does provide a right to sell bread as I believe the intent of the Constitution was designed to place limits on the power of government, not the people.

        I also fully support D.A.G. Rod's right to speak his misinformational opinions as he is easily refuted by the TSA lock backdoor debacle which completely avoids topics that are far over Rod's head, like mathematics. In fact the more Rod speaks, the easier he is disprove. Seriously, "scanning of content, like your emails, for advertising purposes"? Rod's one funny fellow!

      4. Old Handle
        Facepalm

        Indeed. The Bill of Rights does not work like that, as explicitly stated in the 9th Amendment.

  2. Mark 85 Silver badge

    I can see his point of view. Even the US Mail is not impervious to snooping. However, if encryption is backdoored, then not just those "authorized" can open it. There in is the conundrum. For some reason, he believes it's possible and I have to wonder who told him it is. Since he's a lawyer by trade, I doubt he has any clue technically of which he speaks.

    1. Philip Stott

      He's probably been briefed by our clever home secretary Elmer Fudd.

    2. MacroRodent Silver badge

      Backdoors for all

      if encryption is backdoored, then not just those "authorized" can open it

      It is even worse, because the number of governements with access to "authorized" backdoors would be large: If U.S. succesfully demands backdooring, most other governements will follow suit. Information about the backdoors will inevitably leak. At that point we might just as well not bother with any encryption products, they would not really protect anything. People with secrets would use homebrew or "underground" code, and hide its usage with steganography.

      1. Christoph Silver badge

        Re: Backdoors for all

        If encryption has a backdoor known only to the US government, they can read the information of anyone in the world who uses the software. If it is known to other governments, they can read the information of US users. Who is going to use such software?

        Actually it's simple - they just pick the answer from the Magic Technology Tree that can provide them with anything they want, even if it's logically impossible.

        And if the nerds say it can't be done, just keep kicking them until they agree to do it. Ignore all this rubbish about 'the real world'.

      2. boltar Silver badge

        Re: Backdoors for all

        " People with secrets would use homebrew or "underground" code, and hide its usage with steganography."

        I suspect a lot do already making the whole argument moot.

        1. Michael H.F. Wilkinson Silver badge
          Facepalm

          Re: Backdoors for all

          I have said it before, will say it again: One-Time Pad. Not easy to get the key through to the receiver, but certainly not impossible. If I send one-time pad encrypted messages over encrypted or unencrypted comms channels, nobody can crack it. If I send such a high entropy stream hidden in the noise bit of some inane video of cats/dogs/goats/drunks nobody will know it's there.

          So yes, I may not have a constitutional right to do this, but there is no way to forbid, or even police this. Given that one-time pads have been known for a long time, you cannot argue that end-to-end encryption methods (which can be cracked, but require loads of CPU grunt) have changed matters fundamentally (well, of course they can argue that, but they would be WRONG).

          1. Anonymous Coward
            Anonymous Coward

            Re: Backdoors for all

            I have said it before, will say it again: One-Time Pad. Not easy to get the key through to the receiver, but certainly not impossible.

            This.

            BTW, "Warrant-proof encryption" can include these.

            So, by my figuring, "Warrant-proof encryption" has been around since 1882 (or 1917 at the latest - 100 years ago). Another asshat govt offal knows not of what he speaks.

          2. MacroRodent Silver badge
            Boffin

            Re: Backdoors for all

            Just make sure your one-time pads never fall into the wrong hands, and you never, ever re-use them... See Project Venona for one case where this went wrong. https://en.wikipedia.org/wiki/Venona_project

      3. Trigonoceps occipitalis

        Re: Backdoors for all

        Size of crypto software: 25kb

        Size of 47 mandated back doors: 25Tb

        1. John Smith 19 Gold badge
          Unhappy

          "Size of crypto software: 25kb" "Size of 47 mandated back doors: 25Tb"

          Govt archive of everyone's kitty pix 700 EB

          1. MachDiamond Silver badge

            Re: "Size of crypto software: 25kb" "Size of 47 mandated back doors: 25Tb"

            "Govt archive of everyone's kitty pix 700 EB"

            That's the place they built in Utah. I drove past it when I traveled to see the eclipse.

    3. John Smith 19 Gold badge
      Gimp

      "There in is the conundrum. For some reason, he believes it's possible "

      I used to think that.

      But no longer.

      These people simply don't care if this makes every US computer a massive treasure trove if such a system is mandated.

      Their "right to know" trumps everybody else right to privacy.

      At least inside their own heads.

      It's not a sane policy. It's a personality disorder

    4. jmch Silver badge

      I agree. He isn't saying anything unreasonable. Simply that being able to search suspects (whether physically or digitally) WITH A WARRANT BASED ON PROBABLE CAUSE is part of the rule of law, and isn't some newly made-up attack on privacy. On the other hand I fully support everyone's right to privacy, and the importance of strong encryption.

      Here's the thing - It used to be the case that in the physical world, using warrants to force physical access (backed up with coercive force where required) was a well-worked out system with checks and balances that (mostly) worked well to balance privacy and law enforcement concerns. Encryption technology has borked that balance by rendering ineffective the coercive force to back up a legal warrant (in other words, law enforcement cannot brute-force unencrypt suspect's data if the suspect is not cooperative to the warrant). So it's not possible to balance these interests anymore. Either encryption works, in which case law enforcement loses a powerful tool, to the detriment of well-functioning society, or else encryption does not work (which is the net result of any backdoor), also to the detriment of well-functioning society.

      No easy solution here

      1. Aladdin Sane Silver badge

        if encryption is backdoored

        then so are you.

      2. AndyS

        > It used to be the case that in the physical world, using warrants to force physical access (backed up with coercive force where required) was a well-worked out system with checks and balances that (mostly) worked well to balance privacy and law enforcement concerns. Encryption technology has borked that balance...

        I would agree with most of this, but actually I believe the wide-spread use of encryption isn't what has borked the system. That was the wide-spread use of domestic spying, tapping every phone line in the world, eves-dropping on every conversation, and data mining every single electronic communication.

        Wide-spread use of encryption has been a direct reaction of the tech companies to that (following the Snowdon leaks), and has not broken the balance, but helped to restore it. Remember how the spooks still managed to break into the single iphone, in their physical possession, in the San Bernando case? That is how things used to work, and is clearly acceptable.

        Nobody every opened every single envelope to read and catalogue every bit of physical mail sent. Why should they have the right or ability to do that now?

        1. Martin Gregorie Silver badge

          Nobody every opened every single envelope to read and catalogue every bit of physical mail sent. Why should they have the right or ability to do that now?

          Well-said, Sir! You've managed to summarize the entire argument in two simple sentences.

          All lawmakers and government spooks should read and understand them.

          They do not have the right to do more than they could do back when mail was sent on paper and a warrant was required for its interception. Since nobody has repealed laws requiring a warrant, interception without one should be penalized appropriately.

        2. Loyal Commenter Silver badge

          Nobody every opened every single envelope to read and catalogue every bit of physical mail sent. Why should they have the right or ability to do that now?

          No?

          Francis Walsingham [Wikipedia]

          1. Ken Hagan Gold badge

            Re: Francis Walsingham

            So from a two-sentence summary of the case against back-dooring encryption we have now progressed to a two-word summary. (Our friend FW may actually be the only case in history of this sort of thing and the resulting society is a text-book example of what the Founding Fathers didn't want for the US.)

            1. Adrian 4 Silver badge

              Re: Francis Walsingham

              But he didn't monitor ALL communication. Only that to/from a specific person. Something easily permitted with a warrant.

              1. Loyal Commenter Silver badge

                Re: Francis Walsingham

                But he didn't monitor ALL communication. Only that to/from a specific person. Something easily permitted with a warrant.

                IIRC, he monitored quite a lot of communication between various people. At the time, there wasn't really the concept of having a warrant to do this.

                If you want a more recent historical example of mass-interception of physical communications, I would encourage you to visit the STASI museum in East Berlin, housed in the actual headquarters of the STASI (also used for the rather good cold-war drama Deutschland 83).

                I would draw your attention to the room on the first floor (second floor if you are American) where they have a section about how the STASI did exactly what is being described, along with examples of the steamers they used to routinely open the mail of ordinary people.

                The STASI were a perfect example of this sort of surveillance taken to the absurd extreme. Some people seem to think that rather than being a warning from history, they should be held up as an paragon.

                1. Loyal Commenter Silver badge

                  Re: Francis Walsingham

                  ...just to add a little more, to illustrate that history is littered with examples...

                  From the wikipedia page on the Royal Mail:

                  In 1653 Parliament set aside all previous grants for postal services, and contracts were let for the inland and foreign mails to John Manley. Manley was given a monopoly on the postal service, which was effectively enforced by Protector Oliver Cromwell's government, and thanks to the improvements necessitated by the war Manley ran a much improved Post Office service. In July 1655 the Post Office was put under the direct government control of John Thurloe, a Secretary of State, and best known to history as Cromwell's spymaster general. Previous English governments had tried to prevent conspirators communicating, Thurloe preferred to deliver their post having surreptitiously read it.

            2. Loyal Commenter Silver badge

              Re: Francis Walsingham

              Don't get me wrong - I think Walsingham was a Machiavellian arsehole, but he is history's prima facie example of data fetishism and illustrates why oversight of state actors is always required.

            3. John Smith 19 Gold badge
              Unhappy

              "the resulting society..text-book example of what the Founding Fathers didn't want for the US.)"

              Perhaps why they fled to "The New World" in the first place?

              Perhaps if more people asked what they would have thought of these "protections" (of the state, not the citizen) they might not be so popular.

      3. Paul 195

        It's still possible to eavesdrop on a suspect - you compromise the device they use and you can read everything they do before it is sent. It's well known that intelligence services have a wide range of tools and exploits for compromising endpoints. But you can only do that in a targeted way (just as you only ever had the resources to wiretap a few people in the old days). What you can't do is read *everyone's* messages that way. Backdooring encryption remains a terrible idea for many, many reasons.

      4. strum Silver badge

        >Either encryption works, in which case law enforcement loses a powerful tool, to the detriment of well-functioning society, or else encryption does not work (which is the net result of any backdoor), also to the detriment of well-functioning society.

        I take your point - but if an encrypted message is the only evidence against the criminal, there isn't much of a case against him. Nearly always, it's just one element in a kaleidoscope of pointers. Which means that investigators nearly always have alternatives, if encryption holds firm. On the other hand, if encryption fails, a great many other things fail along with it - and there are no ready alternatives available.

        The fact is, this desire to crack encryption isn't about acquiring evidence against a target - it's about identifying possible targets. It's the equivalent of breaking into all the homes in a district, because you think one of them is harbouring criminal activity.

      5. John Smith 19 Gold badge
        WTF?

        Encryption..has borked that balance..rendering ineffective the..force to back up a legal warrant

        <profanity filter off>

        Bullshit

        </profanity filter off>

        Every jurisdiction I know of makes failure to hand over passwords or encryption codes under a search warrant issued in that jurisdiction a crime.

        So (maybe) do jail time if you hand over or definitely do jail time if you don't.

        If you've got enough evidence to get a warrant you can definitely put someone in jail regardless of their crypto, and if you've got the computers still on you can probably find the keys in memory.

        They want warrantless spy-on-demand snooping, regardless of the danger to everyone's privacy and money.

        1. hoola Bronze badge

          Re: Encryption..has borked that balance..rendering ineffective the..force to back up a legal warrant

          Yes and here is the real difference, in a supposedly civilised society you cannot beat the shit out of someone (physically, mentally or chemically) to get the key. You can chuck them in jail but the likelihood is that is a minor inconvenience to them if it as a genuine major crime. I don't know what the tariffs are for failing to provide information to the relevant authorities with a court order, but it is probably a lot less that 20 years in the clink.

          I am sure there is always some agency somewhere but in the end it would simply turn into another scandal. In less fussy countries those unfortunate enough to not hand over an encryption key will simply disappear after a lot of effort has been expended.

      6. Anonymous Coward
        Anonymous Coward

        Age of surveillance

        We live in The Golden Age of Surveillance, yet the hallucination/lie of "going dark" is met by some with anything other than derisive laughter. I have no idea if Rosenstein realizes he is really arguing for the apotheosis of Stazi monitoring, but investigations will not become impossible anymore than good op-sec by La Cosa Nostra prevented the eventual destruction of the American mafia by the FBI and friends.

      7. MachDiamond Silver badge

        "Either encryption works, in which case law enforcement loses a powerful tool, to the detriment of well-functioning society, or else encryption does not work (which is the net result of any backdoor), also to the detriment of well-functioning society.

        No easy solution here"

        Tie goes to the runner. In a case where there might appear to be equally valid arguments when it comes to a person's rights, the person, rather than the government should be assumed to have the Right.

    5. Anonymous Coward
      Anonymous Coward

      While politicians are still banging on about the need to access encrypted products then that is a good thing as it means they've haven't broken it or feel they are unlikely to break it anytime soon.

      As soon as they go quiet on the subject and 'admit defeat' is when you should consider whether that encryption is still effective or not.

      1. Spanners Silver badge
        Holmes

        Yet

        ...as it means they've haven't broken it...

        It could also mean that's what they want us to think. For example, they were whining about https long after they found ways around it.

    6. FuzzyWuzzys
      Mushroom

      Simple, let the US do it and then when they world and their dog get access to everything the US publishes in digital format, then perhaps we'll finally start to get some sense from the fecking idiot politicians. The second their entire lives are splashed all over the media because it was a piece of cake to open up their private online datastores, then I'm sure things will change double quick!

    7. Eddy Ito Silver badge

      US Mail may not be impervious to snooping but it's also a lot more difficult to automatically scan to see if the contents are encrypted which is often the trigger for raising suspicion. If a letter is encrypted, say with a one time pad or other fairly secure method, there isn't much the government can do about it should it be discovered. Likewise, one could encrypt the contents of a safe and the government would be in the same position.

      The real complaint is that encrypting the entire contents of one's safe is laborious so people won't do it and most won't even bother with the safe. On the other hand encrypting the entire contents of a hard drive or mobile phone is now very easy but decrypting it is still nearly impossible. I also think he does have at least a small clue but he's being cagey and presenting it as if he's only asking for keys to the safe when in fact he's asking for much more. It's a clear case of a little knowledge being a very dangerous thing so while he knows how to light the match he doesn't recognize that we're all standing in the same pool of petrol.

    8. Adrian 4 Silver badge

      The US mail isn't impervious to snooping. But is it illegal to send encrypted messages through it ?

    9. Baldrickk Silver badge

      Even the US Mail is not impervious to snooping.

      If you cared to do so, you could mail everything in a thick lead lined safe with a good lock.

      They could get in, but the safe would be broken in the process.

  3. This post has been deleted by its author

    1. jmch Silver badge

      Re: By the same token...

      "warrant-less mass tapping of communications has been going on since the NSA admitted itWikileaks reported"

      "warrant-less mass tapping of communications has been going on *for a long time before* the NSA admitted it / Wikileaks reported"

      ftfy

      1. This post has been deleted by its author

  4. inmypjs Silver badge

    "has never had a system where evidence...

    of criminal wrongdoing was totally impervious to detection"

    Doesn't the 5th make lots of evidence in people's heads totally impervious to detection? Or does he want legal torture as well?

    Reality is weak or backdoored encryption isn't going to help him. It enables mass surveillance of everyone for the sake of making criminal's and terrorist's lives a bit more complicated because they have to work around it.

    1. Voland's right hand Silver badge

      Re: "has never had a system where evidence...

      If the laws of nature make it impervious to detection (which is the case for fine encryption), the laws of man and their servants stand up to attention, listen and shut the fuck up.

      1. Laura Kerr

        Re: "has never had a system where evidence...

        Well, it has now. Bummer eh, Rod?

      2. John Smith 19 Gold badge
        Gimp

        the laws of man and their servants stand up to attention, listen and shut the fuck up.

        To a data fetishist this is just the Universe acting in contempt of their will.

    2. Ole Juul

      Re: "has never had a system where evidence...

      You are right. He is wrong. There have always been many situations where some kind of evidence is totally impervious to detection. He is deliberately confounding the issue and should probably cut back on the cool aid a bit.

      1. Voland's right hand Silver badge

        Re: "has never had a system where evidence...

        You are right. He is wrong. There have always been many situations where some kind of evidence is totally impervious to detection.

        That one too. To put it bluntly, the police (and the DA) win ONLY if the criminal has made a mistake. Impervious methods for the concealment and destruction of evidence have been known for 20k+ years.

        Sometimes, what is not a mistake today becomes a mistake as new technology is discovered, but that is an exception which proves the rule which is that "To err is human".

        The good DA should concentrate on cracking cases traditionally by looking where did the suspect make a mistake (humans always do), instead of wasting all of his energy on the impossible.

  5. Number6

    Uncrackable encryption has existed for ages, it's known as the one-time pad. Unless you have access to the key then you stand no chance of reading the original plain text. Its big weakness is key generation and distribution, which has to be done via secure channels in advance, unlike public key encryption, which has easier key distribution but is less secure (depending on the amount of compute power available). Of course, one advantage of the one-time-pad is that in theory it is possible to easily create a spoof key to produce a harmless plain text.

    1. Jamie Jones Silver badge

      I agree with most of your post, but question why you wrote "in theory" relating to fake one-time pad keys producing harmless text.

      It's easy to do - it's just like a long bunch of XOR operations after all!

      1. Charles 9 Silver badge

        The point is, the key has to be at least as long as your message and able to be hidden from nigh anything, plus its nature makes it difficult to keep in your head. They'll just go after the hidden key. And if there's more than one, they'll take ALL of them to make sure they have the right one (and so as to discredit any placebos).

      2. Number6

        @Jamie Jones

        It depends on how you're doing it. Older manual methods wouldn't have used xor, more likely it was a book of numbers, to determine which letter to substitute for the one in question.

    2. John Smith 19 Gold badge
      Unhappy

      "unlike public key encryption, which has easier key distribution but is less secure "

      And yet Sky Digital is all distributed by RSA encryption remains unbroken.

      And I think there's a very significant market in breaking that system.

      1. Adam 1 Silver badge

        Re: "unlike public key encryption, which has easier key distribution but is less secure "

        That is a bit of a meaningless statement though. A one time pad (correctly generated) is perfectly secure because it can leak no information about the message. Each bit is equally likely to be flipped as it is to remain constant. It is 0 probability of being deciphered if the key is never discovered and is truly random.

        RSA is considered to be very secure because we don't know of any way to factor the product of very large prime numbers. Not because it cannot be done, but because even if we dedicate the world's GDP to trying all possibilities from now till the heat death of the universe we still couldn't crack it. It is "practically secure" rather then "mathematically secure".

        What you are saying is that

        0 < 1 * 10 ^-someginourmousnumber

        Sure. It is. But both are good enough (at least with classic computers)

        1. Number6

          Re: "unlike public key encryption, which has easier key distribution but is less secure "

          @Adam 1

          Once upon a time DES was good enough, now it can be cracked quite quickly, almost real-time. If computing power continues to increase at the same rate, today's stuff will one day suffer the same fate. We're already recommended to use larger key sizes because 1024 bits can be brute forced. the information being protected may not be relevant by the time it's easy to crack - a bit like the old Playfair cipher used a hundred years ago - it could be cracked in a few hours, but if the message was "attack in 15 minutes" then it would be somewhat out of date by the time it was cracked.

      2. Anonymous Coward
        Anonymous Coward

        Re: "unlike public key encryption, which has easier key distribution but is less secure "

        And yet Sky Digital is all distributed by RSA encryption remains unbroken.

        I have a couple of terabytes of data that would like to disagree with this assertion.

  6. ocratato

    Pick One

    Either you can have

    1/ Financial transactions over the internet

    or

    2/ Encryption that can be decoded by law enforcement

    Please choose.

    1. Anonymous Coward
      Anonymous Coward

      Re: Pick One

      Your in luck, they can have both.

      There seems to be a problem with what they are asking and that is to break encryption. However they can't just come out and say what they really want because then everyone will be against it.

      So it's,

      We want you to break encryption because it stops crimes, terrorists etc...

      or what they really want which is,

      We want the ability to read any messages and data sent between the general population on the internet.

      They already have access to financial data so there is no need to remove encryption.

      1. Muscleguy Silver badge

        Re: Pick One

        The elephant in the room is that WhatsApp is perfectly readable. All you need is one of the devices which either sent or received the message. That is presumably what happened in the London Bridge/Parliament attacker. If you recall plod was all 'we can't read the WhatsApp message'. Then they arrest and question his missus, make her give up her phone pin and et voila! panic over it was just an "I love you, farewell' message.

        As the case over US plod trying to make Apple put a backdoor into iPhones shows, if they have the phone they can get into it, if they need to know enough.

      2. Doctor Syntax Silver badge

        Re: Pick One

        "We want you to break encryption because it stops crimes, terrorists etc."

        Turn it round "We want you to break encryption so criminals will be able to read private data". Then ask "Why are you wanting to help criminals?".

  7. Anonymous Coward
    Anonymous Coward

    May...

    May a flea-bitten camel with diarrhea, defecate loudly on the Deputy Attorney General.

    I promise not to watch, you know, privacy and all that.

    1. Mephistro Silver badge
      Devil

      Re: May...

      I misread that as "May, a flea-bitten camel with diarrhea, defecates loudly on the Deputy Attorney General."

      Bestiality, Scat and Brexit. Who could ask for more?

      ;^)

    2. Eddy Ito Silver badge
      Coat

      Re: May...

      Are you saying Rod has coprophilia?

  8. tfewster Silver badge
    Facepalm

    1 Take control of a small country recognised by the UN

    2 Demand equal rights to decryption backdoors to protect your country

    3 ???

    4 PROFIT!

  9. Brian Miller

    CIA wants better encryption

    There was some article years back about the CIA extolling the virtues of better encryption for corporate data. I would hope that the CIA would pipe up again, but I doubt they'd do it under this administration.

    Oh, yeah: anybody remember the Clipper chip? I still have one of those t-shirts...

  10. solo
    FAIL

    No fundamental right of privacy

    Equifax and Yahoo must be pleased to hear that..."We leaked only as per the law of the country..."

  11. Anonymous Coward
    Anonymous Coward

    Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection, especially when officers obtain a court-authorized warrant. But that is the world that technology companies are creating.

    No, that is how the universe is. Gravity pulls things down. Entropy increases. The ratio of the circumference of a circle to its diameter is not a rational number. If you stop breathing for long enough, you'll die. Certain encryption systems require an unfeasible amount of work to break.

    You could express a wish that the world would be different. You could scream and tell the world that it is being unfair to you. You could pass a law demanding that the sea parts and lets you pass unimpeded. The universe does not care and is not going to be any different after you do any of these things.

    1. Anonymous Coward
      Anonymous Coward

      Try telling that to a Ruddite and they won't believe you.

    2. Adam 1 Silver badge

      > Gravity pulls things down.

      Nope. In the immortal words of my second favourite accordian player

      "My pancreas attracts every other

      Pancreas in the universe

      With a force proportional

      To the product of their masses

      And inversely proportional

      To the distance between them"

      -wise words to live by

      1. cosmogoblin
        FAIL

        Oh dear. Should be inversely proportional to the SQUARE of the distance between them.

    3. Aqua Marina
      Trollface

      Gravity pulls things down.

      No it doesn't, the earth is flat and moving upwards at 32 feet / second squared!

      1. Sir Runcible Spoon Silver badge
        Headmaster

        Re: Gravity pulls things down.

        No it doesn't, the earth is flat and moving upwards at 32 feet / second squared!

        I think you meant 'accelerating', rather than 'moving'.

        1. Aqua Marina

          Re: Gravity pulls things down.

          Pfffft. It’s all maths, science and damned statistics!

        2. David Nash Silver badge

          Re: Gravity pulls things down.

          Gravity *does* pull things "down" because that's pretty much what "down" means.

          OK on a sufficiently large scale and from an outside observer it does other things, but locally, yes, it pulls things down.

          1. Adam 1 Silver badge

            Re: Gravity pulls things down.

            > but locally, yes, it pulls things down.

            Noʇ poʍu ɥǝɹǝ ᴉʇ poǝsu,ʇ

            1. David Nash Silver badge

              Re: Gravity pulls things down.

              "Noʇ poʍu ɥǝɹǝ ᴉʇ poǝsu,ʇ"

              Yes, your down is just the other way than mine...from the point of view of an outside observer!

  12. Charles 9 Silver badge

    I think part of the problem is that current encryption technology is rapidly making the situation black-and-white: all-or-nothing, with consequences. The way things are, either the data is safe or not: there's no middle ground. At the same time, subversive elements are becoming bolder and more brazen, placing governments and even civilization itself under serious threat. Basically, if the fate of the world depends on breaking an unbreakable message (a little extreme but more plausible in this day and age), then civilization itself may not last long, and that's REALLY scary.

    1. Anonymous Coward
      Anonymous Coward

      ... subversive elements are becoming bolder and more brazen, placing governments and even civilization itself under serious threat.

      Aren't you just a little too harsh on Mr. Putin, Ms. May, and Mr. Trump? I know many people don't like them (either in part or in toto), but I still think calling them subversive isn't fair: they are just doing exactly that they promised they would when you voted for them (or against them, or just watched the train wreck unfold in fascinated horror, due to not being eligible for a vote).

      1. Spanners Silver badge
        Big Brother

        ... they are just doing exactly that they promised they would when you voted...

        No. They promised they would make the world, or their country at least, a better place. Ell three are doing the exact opposite.

        Mrs May is overseeing things that are making us all less free, less secure, more likely to be unemployed (or zero hours contracted) and so on.

        The Chito in Cheif is working hard to make everyone except his friends poorer etc.

        Puting is doing his best to destroy free speech in his country and outside it. I don't think Russias economy is that well either.

    2. Pascal Monett Silver badge

      Re: "if the fate of the world depends on breaking an unbreakable message"

      Um, theoretically the issue is about crime and terrorism, not James Bond-level evil geniuses.

      For that level, you have James Bond and his unbreakable-encrypted-message cracker : the spanner on the kneecap.

      1. EnviableOne Bronze badge

        Re: "if the fate of the world depends on breaking an unbreakable message"

        FTFY: https://xkcd.com/538/

        obligatory XKCD reference

        Off to the black site for torture till you cough up the key

      2. cosmogoblin

        Re: "if the fate of the world depends on breaking an unbreakable message"

        Obligatory xkcd

        1. Charles 9 Silver badge

          Re: "if the fate of the world depends on breaking an unbreakable message"

          "Obligatory xkcd"

          Like I said, what if he's 's MASOCHIST (as in, "Yeah! HARDER!" Wrench turns him on)?

          Or what about a total wimp who, if you show or even threaten the wrench or anything like it, promptly faints?

    3. grizewald

      Don't be foolish.

      "Subversive" is defined as "disagreeing with the government" these days. There are countless reasons why privacy and anonymity are essential to a society where the elected can be held to account and removed from office if required. Denying the governed the right to anonymity and privacy is another step along the road to the police states that most countries are becoming.

      Anyway, the encryption genie is well and truly out of the bottle and the code that implements encryption is freely available. Mandating backdoored encryption will only mean that those who really do need to protect data (whether for good or bad reasons) will simply use encryption that does not have a back door.

      Encryption is encryption. It either does what it's supposed to do or it doesn't. You imply that "current encryption technology" is the problem which indicates that your understanding of encryption is fundamentally flawed. Any new "encryption technology" which allows third parties to decrypt what is encrypted is, by definition, not encryption.

      Your "subversive elements are becoming bolder and more brazen, placing governments and even civilization itself under serious threat" tells me that you watch far too much propaganda disguised as news.

    4. LDS Silver badge

      "if the fate of the world depends on breaking an unbreakable message"

      You watch too many movies. Anyway it will be cracked by a teenager 1 second before the end.

    5. jmch Silver badge

      "if the fate of the world depends on breaking an unbreakable message"

      That hypothetical is a straw man much-loved by the extremists on the law enforcement side. The fate of the world most certainly never has, does not, and will never depend on breaking an unbreakable message.

      1. Charles 9 Silver badge

        You Bet Your Life?

        And as for the spanner to the kneecap, what if he's a masochist with no famly?

        1. John G Imrie

          You Bet Your Life?

          yes, because the odds are such that I'm far more likely to die of old age first. In fact I'm more likely to die from cancer brought on by the fact I smoked when I was 17 than this scenario.

  13. Anonymous Coward
    Anonymous Coward

    “Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection.”

    On the contrary, in the 19th century that was the norm. This was why they needed such harsh punishments, because so many crimes were unsolvable.

    1. LDS Silver badge

      Even now, there are evidences there are totally impervious to detection - i.e. any information hold by categories that have a "professional secret" privilege.

      Also, if I was a US AG, I would be more worried about the absolute right to keep weapons, including war-designed ones. After all even the 2nd Amendment was written when weapon technology was far more primitive than today. You wouldn't be able to shoot 600 people at 500 yards alone in a few minutes with a 1789 gun.

      It doesn't look the Las Vegas killer kept long encrypted transmissions before starting its massacre, nor bought his 42 guns and rapid fire accessories hiding everything in heavy encrypted communication. Everything was under the law enforcement agencies nose.

      But in the Land Of Freedom your are more suspect if you use encryption than if you buy tens of guns...

      1. Voland's right hand Silver badge

        After all even the 2nd Amendment was written when weapon technology

        Nothing wrong with the second amendment EXACTLY as it is phrased.

        It says "Right To Bare Arms". I am all for that (including in countries which have presently prohibited anything upto and including the kitchen knife).

        It says nothing about the right to own fecking arsenals. That is the problem. Owning an arsenal sufficient to arm a small private militia is not a right enshrined anywhere in the US constitution. Show me how the f*** can you bare 35 automatic weapons at the same time. Show me how you can even lift them so you can bare them.

        1. Alister Silver badge

          I have bare arms quite a lot in summer.

          Not so much now, though, it's too cold.

          I think you meant bear.

        2. Baldrickk Silver badge

          Right to bear arms?

          http://orig15.deviantart.net/25b4/f/2008/090/c/f/the_right_to_bear_arms_by_usoppthegreat.png

        3. Mike Ozanne

          "It says nothing about the right to own fecking arsenals. That is the problem. Owning an arsenal sufficient to arm a small private militia is not a right enshrined anywhere in the US constitution. "

          And yet in it's history, since the constitution was adopted , the US government has relied on privately owned arsenals to equip privately raised regiments and militias, and to equip for example,the 518 vessels to which Congress issued letter of marque and reprisal during the war of 1812. Vessels that were equipped with privately owned weapons equivalent to those issued to the US Navy...

        4. apveening Silver badge
          Boffin

          The right to arm bears

          I will always uphold the right to arm bears.

          That aside, the second amendment also mentions a well regulated militia, something missing from all quotes (and all communication from the NRA).

  14. Pete 2

    Missing the first basic step

    Before demanding that someone hands over a password or decryption key for an "encrypted" message, it should be incumbent on law-enforcement to prove that the message is indeed encrypted,

    A block of random data looks identical to an encrypted message. Yet it cannot be decoded (or cracked) since it contains no information. ( Undergraduate philosophy course question: How do you know when you have successfully decoded a message?)

    So if you were to generate (say) 1MB of random data and send it to someone, could you then be required on pain of punishment to provide the means to decrypt it - even though the authorities have not demonstrated that there is anything to decrypt.

    Similarly, entering certain autocratic countries with a TB or two of random numbers on a lappy could lead to the grammatical howler - and possibly recursive statement - of "I'm going to need you to decode that" from someone in a peaked hat. Explaining that there is nothing to decode and therefore no pass-key is unlikely to get you past the government checkpoint.

    1. Charles 9 Silver badge

      Re: Missing the first basic step

      As the saying goes, you're screwed. That's why you can't really have "plausibly deniable" encryption a la TrueCrypt/VeraCrypt. Produce something capable of hiding something and the plods simply assume you're hiding something and lying about it (because if they take your word for it and there's a massacre, it's their heads). Not even staganography is immune to serious content analysis to reveal there's hidden content there combined with pervasive media mangling to reduce its possible flow to a trickle.

    2. This post has been deleted by its author

      1. Paul Crawford Silver badge

        Re: Missing the first basic step

        "The problem with that is that a block of encrypted information does not look the same as a block of random data"

        Only if the encryption is utterly incompetent.

        Sure there might be systems where the encrypted file/partition has the odd header / magic number for file type identification, but those are not really a good idea and it does not change the statistics of encrypted block(s).

      2. Anonymous Coward
        Anonymous Coward

        Re: Missing the first basic step

        You could encrypt the phone book, but then it’s entropy would show it was not random

        If you use ROT13 as your cypher, it will. For any real encryption - no, it won't. Which is a rather large fraction of the whole point.

        1. 's water music Silver badge
          Coat

          Re: Missing the first basic step

          You could encrypt the phone book, but then it’s entropy would show it was not random

          If you use ROT13 as your cypher, it will. For any real encryption - no,

          This is why I always use ROT14, because it is one more.

          You ain't seen me, right?--->

      3. patrickstar

        Re: Missing the first basic step

        There are some differentiation attacks against various ciphers and operation modes, but at worst you have to add a whitening step to prevent any chance of this.

      4. Anonymous Coward
        Anonymous Coward

        Different entropies

        Do this:

        Take an electronic phone book.

        Create a file of completely random data of an equal size to the electronic phone book.

        XOR the two together.

        Compare the entropies of the random data and the phone book that has been encrypted with random data.

        Continue this discussion now that you know what you're talking about.

        1. Charles 9 Silver badge

          Re: Different entropies

          Okay, how about you compress the phone book, THEN apply the one time pad?

          That's just one way to no destructively whiten the data. Other systems are designed to whiten incoming data known to be easy to analyze otherwise.

      5. Loyal Commenter Silver badge

        Re: Missing the first basic step

        ... a block of encrypted information does not look the same as a block of random data...

        Haha! No.

        As noted by other posters, if you 'encrypt' your data with something that does not give it the same entropy as random data, you have not encrypted it. You have probably used a substitution cipher, or XORd it with a repeated fixed-length string. Those things are not generally considered to be encryption.

        Folks who are much cleverer than you, for example Bruce Schneier, have spent large potions of their lives learning about the mathematics and theory behind encryption to design things that do result in sufficient entropy for the result to be statistically random.

        1. Anonymous Coward
          Anonymous Coward

          Re: Missing the first basic step

          Folks who are much cleverer than you, for example Bruce Schneier, have spent large potions of their lives...

          See! I knew encryption was all done by magic...

  15. hplasm Silver badge
    Big Brother

    No right to privacy?

    If the 1st amendment fails to protect in this case, surely such government overreach is what the 2nd is for?

    Or is it just to have guns for the sake of them?

    1. Anonymous Coward
      Anonymous Coward

      Re: No right to privacy?

      I'm not entirely sure of this, but I *think* the 2nd amendment was intended to provide the *states* with the ability to resist an authoritarian central government (that "well-regulated militia" clause the courts so studiously ignore). Of course, none of that is relevant any more in the 21st century, as technology and the organization of society have changed the game entirely, making that protection moot.

      As far as warrant-proof encryption goes, I rather think the signatories to the US Constitution would be purely tickled by the ability of individuals to limit the reach of an intrusive, authoritarian central government, as such a central government was one of their biggest worries. Oh, wait, we have those all over the place now.

      Anon for the obvious reasons

      1. Charles 9 Silver badge

        Re: No right to privacy?

        Where is the word "state" in the Second Amendment? Militias were and can remain private organizations. After all, the STATES can become corrupt, too. It's meant to ensure government (ANY government within the borders) doesn't try the confiscation approach. Now, there's still the "nuke a town and dare anyone else to try" approach, but that's a different story and still has counterexamples in places like Vietnam and Iraq.

  16. 27escape
    Facepalm

    and key recovery when a user forgets the password to decrypt a laptop.

    Well normally 'they' have kept your plain text password in an unencrypted file or database to allow 'them' to do this

    1. Adam 1 Silver badge

      Re: and key recovery when a user forgets the password to decrypt a laptop.

      The user is not obliged to keep their recovery key. They are free to destroy it / never write it down. If they take that approach, then key recovery is not possible. If he is offering a TLA recovery key for each message that we can opt to not record, I think that is a compromise that we can live with.

  17. Anonymous Coward
    Anonymous Coward

    I consider encrypted data to be auxiliary brain storage. Please adjust the law to reflect this.

    (This will also be future proof when we become cyborgs.)

  18. Anonymous Coward
    Anonymous Coward

    If they remove encryption from built in software like imessage, i’ll just build my own and distribute it to my family for communication. Would find a way to encrypt all important data or if not possible I’ll go to extraordinary lengths to use obfuscation through different IPs, locations and VPNs and who knows what. But that would suck for me, because it would eat up my precious time. Also, if there is no encryption it becomes a tower defense game: delay the compiling of data on my activities till it’s not actual anymore so it’s useless, so that’s what will happen - lots of people taking non-value-producing steps in protecting themselves on the nets.

  19. Pascal Monett Silver badge

    "encryption isn't protected by the American Constitution"

    It doesn't have to be.

    Encryption is protected by encryption. And that's the best protection there is.

    For the rest, if all law enforcement agencies have is an encrypted message, then I demand they show what proof they have that that message is so important. If they have done their job, then they have suspect location and time, witnesses and DNA evidence (flawed as that may be) and a host of other clues that point to guilt. In that case, the message is supplementary evidence and they should be able to do without it to obtain a conviction.

    1. Charles 9 Silver badge

      Re: "encryption isn't protected by the American Constitution"

      Cart-before-horse argument. What if decrypting that message is the KEY to getting or supporting all the other evidence? And supposing the suspect is a masochist to boot?

      1. Pascal Monett Silver badge

        Re: "What if decrypting that message is the KEY to getting or supporting all the other evidence?"

        In other words, what if the message is the only proof ?

        In that case, I'd argue that the suspect hasn't done anything yet, in which case why is he suspect ?

        Oh, and before you go on about preventing terrorism, the 9/11 guys were known by the CIA and that prevented fuck all.

  20. Dan 55 Silver badge

    Wrong wrong wrong wrong

    Examples include the central management of security keys and operating system updates; - no third party involved, the key to verify and decrypt the OS update is held by both the OS supplier and the OS itself.

    the scanning of content, like your emails, for advertising purposes; - wrong, email is held at rest as plain text.

    the simulcast of messages to multiple destinations at once; - usually wrong, if it's encrypted the message is sent multiple times and multicast doesn't work over the Internet anyway.

    and key recovery when a user forgets the password to decrypt a laptop. - again wrong, no third party involved, the key to verify and decrypt the recovery key is held by both the OS supplier and the OS itself.

    1. LDS Silver badge

      Re: Wrong wrong wrong wrong

      1) OS updates: what is important here is the signature, not the payload "secrecy". That's why they are signed by the manufacturer private key, and not encrypted with the receiving party public key (or they will need to encrypt each update separately). The AG doesn't understand the difference. Updates may be delivered over a TLS encrypted channel - but that's the transport only.

      2) Email is never considered secure unless end-to-end encryption is used. That, of course, hinders also any attempt to process them for advertising. Of course, Gmail and the like has no reason to promote end-to-end encryption. SMTP delivery using TLS is not secure, because no real certificate validation happens, and encryption is removed on delivery.

      3) Key recovery is usually optional, and systems like the AD recovery key are exactly backdoors available to system administrator, and to anyone who p0wned a system. They are good if you are the owner of the information - a company may not like to be kept out from data it owns, even if an employee had encrypted them-, and it is correct to be able to access them without accessing them using the employee account (because of accountability) - but of course they are bad when used to access data you don't own - because they can leak, you can be p0wned, and it would give a too big power of easy snooping with too little control.

      1. patrickstar

        Re: Wrong wrong wrong wrong

        Clearly he hasn't heard (or doesn't care) about why forward secrecy is important, and none of his examples are scenarios where it could actually be used.

        It can, by definition, not be combined with key recovery. I suppose the closest you could get would be if you established two sessions, one with the actual intended party and one with some master government server...

  21. Fred Flintstone Gold badge

    Actually, I think he is right

    I agree with him that backdoored crypto is essential in the modern word - for government use.

    Any nation with politicians that dare to use the word "democracy" when referring to their activities should mandate backdoored crypto with keys that become public after a set period, say 2 years for regular operations and 20 years for whatever is deemed National Security so we can finally have the kind of transparency that establishes accountability.

    For alleged democratic governments, there should not even be another option. For citizens, not so much.

    1. Charles 9 Silver badge

      Re: Actually, I think he is right

      What about ongoing black projects which have to be denied they even exist, whose revelation could bombshell major government relations if not start a war?

      1. AndyS

        Re: Actually, I think he is right

        > What about ongoing black projects which have to be denied they even exist, whose revelation could bombshell major government relations if not start a war?

        You like your bullshit hypothetical situations, don't you?

        The whole point of a suggestion like this is to prevent a scenario like you describe. So, don't get your "democracy" doing things which could bombshell relations and start a war when they become public. Because, you know, a democracy should be working for the people, not against them? And since it often needs pointing out, "people" isn't limited to "Americans".

        Or maybe, as per your other comments, you're a masochist?

        1. Charles 9 Silver badge

          Re: Actually, I think he is right

          I've learned from firsthand experience that edge cases don't stay edge cases and that truth is stranger than fiction (see Edward Snowden).

          1. AndyS

            Re: Actually, I think he is right

            > I've learned from firsthand experience that edge cases don't stay edge cases and that truth is stranger than fiction (see Edward Snowden).

            OK, so what happens when someone has a super-encrypted message which can save the world if it's delivered to the right person, but he's arrested by an enemy state who have the back-door keys to the encryption protocol?

            See, typing nonsense scenarios doesn't help an argument. What helps is to look at the history of how things have actually happened and, very roughly, it has gone like this:

            1. Government can snoop on specific people, with a court order.

            2. Communications go digital. US government (imitated by many others) discovers it can freely ignore law and intercept all communications of everyone, everywhere.

            3. Snowdon leaks reveal extent of illegal government spying. Government does nothing about it.

            4. Tech companies and consumers move to apps and platforms which encrypt communications by default. Back to step 2 (via bugs, covert software, and hardware attacks against specific targets)

            Most likely, any attempt at banning encryption will be entirely unworkable. Either in the physical sense (and it will be ignored), or the legal sense (and courts will rule against it).

            Additionally, people who are going to commit attacks still will, either using unencrypted platforms (as per the Paris attacks, which were discussed and coordinated over SMS) or, if they are going to take serious planning (eg 9/11 attacks), over proper secured channels. Or even in person.

      2. Loyal Commenter Silver badge

        Re: Actually, I think he is right

        What about ongoing black projects which have to be denied they even exist, whose revelation could bombshell major government relations if not start a war?

        What about not having those?

        1. Charles 9 Silver badge

          Re: Actually, I think he is right

          Do you think any military could survive having the enemy know everything about them? We still haven't figured out a way other than secrecy to deal with sheer overwhelming force.

    2. jmch Silver badge

      Re: Actually, I think he is right

      I wonder if it is mathematically possible to devise an encryption system that has a generic key that will only work after X time period, like a safe that unlocks automatically at a given time??

      Or else use FOI-like mechanism to publish encrypted government documents, and they would automatically enter the public domain after a number of years once the encryption can be broken in reasonable time.

      1. patrickstar

        Re: Actually, I think he is right

        The closest you can get is by deliberately making the crypto system breakable given X amount of work, and this is actually occasionally done. The various crypto currencies and other blockchain systems basically work by this principle.

        However, even employing algorithms that you know won't be possible to implement in hardware so you know the attacker has to use something very much resembling actual computers to crack it, it's still very difficult to get it right.

        This has become easier now that the CPU development has slowed down when it comes to raw number crunching speed, but it's still very hard to predict actual performance and the number of cores an attacker can commandeer in the real world.

        Your calculation for the time required can easily end up being off by an order of magnitude,or more.

  22. ratfox Silver badge
    Megaphone

    Die Gedanken sind frei, wer kann sie erraten,

    sie fliegen vorbei wie nächtliche Schatten.

    Kein Mensch kann sie wissen, kein Jäger erschießen

    mit Pulver und Blei: Die Gedanken sind frei!

    1. Anonymous Coward
      Anonymous Coward

      Full version here.

      Sometimes I'm glad I also speak German, this one is worth it. Thanks for that.

      1. Zimmer
        Big Brother

        ..on that note.

        Tom Paxton fans will be remembering this offering:

        www.azlyrics.com/lyrics/tompaxton/thethoughtstayedfree.html

      2. allthecoolshortnamesweretaken

        Some of the classics are just never out of date.

  23. Bernard M. Orwell

    Immune to Prosecution

    "Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection"

    Yeah it has. The Federal Reserve and a large slice of Wall St. to name but two.

  24. Anonymous Coward
    Anonymous Coward

    when crime is afoot

    ah, then it's all right to fuck everybody, just in case. Cause, if you do that to 100% people, you WILL catch the wrong-doer. Well, maybe not the wrong-doer of this evil crime, but a wrong-doer of SOMETHING. So - SUCCESS, you see, told ya!

    1. Charles 9 Silver badge

      Re: when crime is afoot

      The Patrician felt the same way, IIRC.

  25. TechDrone
    Big Brother

    Backdoors are a smokescreen.

    Years ago I set up PGP for corporate use, and one of the features was the Additional Decryption Key - each file or message would be encrypted as normal for sender & recipient, but also for the ADK too. In the event that somebody left, was taken ill or somehow managed to lose every copy of their key it meant their messages and files could be recovered. PGP always warned recipients that an ADK was in use, but it was seen as a strength once you understood what was going on. The data was still encrypted, and the ADKs were under tight control and no single person could use one thanks to key splitting.

    I currently use Bacula for backups with encryption. That also has a "master key" that allows me to recover any file for any client even if the client key has been lost. Again this is configured in the client so its use is not a secret.

    In both cases data remains encrypted and there is no need for a backdoor in the encryption scheme.

    There are good reasons for others apart from the original sender and recipient to gain access to encrypted material when the original parties may be unwilling or unable to assist, and that includes law enforcement, auditors and other inspectors/investigators and I suspect this is going to end up with communication service providers - which may well include corporate email admins - being mandated to implement ADKs that can recover messages.

    Many people with more clue than myself have pointed out the problems with central key repositories, but if an application can be created that manages per-user keys without users having to care about it, then it is also possible to manage ADKs, what we need to sort out is the legal framework for using them to recover the plain-text data. This does not mean that law enforcement or any government need to be in possession of the keys themselves either.

    Screaming that life as we know it will end is not going to work as clearly there is a technical solution already available. We need to shape the argument so a workable implementation is achieved that prevents the worst abuses and provides visible checks and balances.

    1. Anonymous Coward
      Anonymous Coward

      Re: Backdoors are a smokescreen.

      I can see where you're coming from and what you are trying to achieve and that is laudable, but I'm afraid it's based on a belief that law enforcement and other agencies only act in a benign fashion.

      Sadly, there are reasons they avoid transparency, accountability and overall scrutiny.

    2. allthecoolshortnamesweretaken

      Re: Backdoors are a smokescreen.

      Sure, just use everyone's SSN as their ADK. Boom, done. Perfectly safe.

    3. Sir Runcible Spoon Silver badge

      Re: Backdoors are a smokescreen.

      @Techdrone

      Even if that system were mandatory, there are still many options for people to employ a system without it enabled. At this point you are back to square-one. It's still a question of trust.

      As has already been mentioned, this situation was provoked by the wider public becoming more aware of the unfettered data collection by various agencies. This issue didn't just appear out of thin air just to piss off the law.

      1. TechDrone

        Re: Backdoors are a smokescreen.

        Exactly right, and I was thinking more in the public / corporate world where organisations are being requested to hand over huge amounts of data and/or their keys, or change the systems to create keys that can be handed over rather than for example private individuals who will always be able do do their own thing and ignore rules and laws they don't like until they get fired or arrested.

        Any system based on ADKs still needs to be based on trust that those doing the investigation and those holding the keys are doing the right thing, and there needs to be a way to dispute any unreasonable access requests.

        By creating a method where it is possible to gain access to only the targeted data and that access needs the co-operation of independent people/organisations then just maybe enough of those demanding unfettered access to everything in the name of security to calm down a bit. Of course, you can't stop the zealots on any side of the debate, and I include those who insist that not even a partial solution is possible in that.

        Sadly I have very little confidence in the current political climate - across many jurisdictions - for such powers and the demand for ever greater ones to be rolled back to allow something like this to be an option.

        1. Sir Runcible Spoon Silver badge

          Re: Backdoors are a smokescreen.

          Sadly I have very little confidence in the current political climate - across many jurisdictions - for such powers and the demand for ever greater ones to be rolled back to allow something like this to be an option

          You and me both.

  26. Anonymous Coward
    Anonymous Coward

    Right to priva...

    Sorry, but the argument should start from the right to freedom of speech.

    Let's put in the statement that your message is your speech, your expression.

    With that the government should not be controlling your right to your speech and expression.

    Thus the government should not have the power to stop you from locking or encrypting your speech.

  27. Wile E Coyote

    There has never been a right to absolute privacy'

    Really?

    Oh okay if that's the case please kindly explain your presidents tax records

    1. EastFinchleyite

      Re: There has never been a right to absolute privacy'

      I'd love to see someone get a copy of The Donald's tax returns and place them in an encrypted file openly on the internet. They could then use the same encryption keys for all their own private information knowing that the publication of the keys would give the President yet another Bad Hair day.

    2. Ken Mitchell

      Re: There has never been a right to absolute privacy'

      Wile E Coyote says:

      "There has never been a right to absolute privacy'

      Really?

      Oh okay if that's the case please kindly explain your presidents tax records"

      Or Barack Obama's college transcripts and publications.

  28. Edward Clarke

    In any case his comment that "There has never been a right to absolute privacy" is wrong. The Bill of Rights is considered part of the constitution and -

    Amendment IX

    The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

    Amendment X

    The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people.

    I guess that fat hairy arsehole can't count beyond two and never read the rest of the constitution.

    1. Charles 9 Silver badge

      Or they simply state standing law prohibits a right to privacy, satisfying those Amendments' conditions.

      1. Francis Boyle Silver badge

        "they"

        can state what they like and make whatever laws they like but until the Orange One suspends the Supreme Court it won't do them any good.

        1. Charles 9 Silver badge

          Re: "they"

          One SCOTUS now favors him. Two, note the Amendments allow the government to forbid things by law. Otherwise, things like tobacco control would be struck down as against those Amendments.

  29. Velv Silver badge
    Boffin

    So if someone wants to get legal, technically there is no encryption available today that cannot be broken.

    What there is however is strong encryption that makes the breaking sufficiently complex and expensive to make such a breaking impractical.

    1. Sir Runcible Spoon Silver badge
      Facepalm

      technically there is no encryption available today that cannot be broken.

      https://en.wikipedia.org/wiki/One-time_pad

      1. Charles 9 Silver badge

        You can still break it by recovering the key, which is normally too complex to commit to memory, meaning there WILL be a trace.

        1. Justicesays

          "You can still break it by recovering the key, which is normally too complex to commit to memory, meaning there WILL be a trace."

          As it's a one time pad, once you have used it to encrypt or decrypt the message, you would delete (the segment used) using whatever method will make it unrecoverable, along with the plaintext if necessary.

        2. Sir Runcible Spoon Silver badge
          Paris Hilton

          You can still break it by recovering the key

          That isn't breaking it, that's decrypting it. That might sound like semantics, but it's the difference between sneaking into a bank and being invited to meet with the bank manager.

          1. Charles 9 Silver badge

            And if the latter was made under false pretense.

            As for stealing the key, you get it BEFORE it gets used. OR you can induce enough panic to make them burn their keys, breaking the communication chain which can be a desirable outcome in itself.

  30. DougS Silver badge

    Sounds like he wants to be able to force people to give up passwords & keys

    Not attempt the impossible trick of making secure encryption with a government backdoor.

    1. Afernie
      Coat

      Re: Sounds like he wants to be able to force people to give up passwords & keys

      "Sounds like he wants to be able to force people to give up passwords & keys

      Not attempt the impossible trick of making secure encryption with a government backdoor."

      For the last 18-odd years the government here in Blighty has had the legal means to force the surrender of encryption keys on pain of imprisonment (RIPA 2000). I'm pleased to report this has prevented all terrorism and we live a life of unfettered bliss in these Sceptred Isles, secure under the watchful gaze of Big Brother.

  31. EastFinchleyite

    Encryption and the Fifth Amendement

    The deputy AG says that there has never been an absolute right to privacy. This is a firm statement by someone in authority and it needs to be examined in the context of the Fifth Amendment.

    The Fifth includes the requirement that “nor shall be compelled in any criminal case to be a witness against himself,”

    The contents of an encrypted file could well include information that could lead to prosecution of the witness, either directly or through association with others (known or unknown) through the wide ranging conspiracy laws. The whole nature of secret information is that it is not known to the examiner. Only the holder of that information knows its true nature which is why invoking the Fifth is difficult to challenge. Grand Juries can grant immunity but only under local jurisdiction. What happens if declaring that information makes you a criminal outside the USA. Immunity is limited. Extradition complicates matters. Can a Grand Jury grant immunity for any and all crimes that it won’t know about until the information is exposed. It is a Catch-22.

    So what is the difference between the contents of an encrypted file and knowledge in a witness’s head? Imagine if you will that rather than place information in an encrypted file, the witness chose to memorise it. The actors playing Hamlet have to memorise roughly 1500 lines (about 12,000 words) and deliver them in public. That is a lot of information.

    I can envisage a slightly humorous scene in a courtroom where the deputy AG is enforcing the handing over of encryption keys. After much objection by the witness and lawyers, the Judge rules that the file must the decrypted on pain of nasty punishment and witness hands over the keys. The file is decrypted and reads “Everything you need to know is in the witness’s head.” I suppose the deputy AG would claim the fifth doesn’t apply any more.

    1. Charles 9 Silver badge

      Re: Encryption and the Fifth Amendement

      Memory Theater and other mnemonics tend to rely on sequences to establish relations. It doesn't work so well when the recall is more random in nature.

      As for extradition, that's up to the country currently housing the suspect. Generally, it has to be a crime in that country first before they'll even consider extradition. Differences in law provide an angle for political refugeeism.

  32. Mike Ozanne

    what a mahoosive ignorant tool......

    "Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection, especially when officers obtain a court-authorized warrant. But that is the world that technology companies are creating."

    A messenger carrying a memorised message concerning criminal activity is not obliged to reveal it, is obliged to be told they can keep their trap shut, and is protected by the constitution against attempts to force them to reveal it.

    Being compelled to use crypto that has a government backdoor doesn't gel very well with the actual text in question.. "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated" that's before we note that a government back door is a few bribes threats and hacks away from being a back door that sees more passing trade than a Bangkok brothel....

    "There is no constitutional right to sell warrant-proof encryption. "

    There's no constitutional right to sell a cheese sandwich or a car either WTF has that got to do with anything...

    The technical trend is clear and in the direction of ephemeral session keys that even the user doesn't possess the key for... time to stop being fat and lazy and start doing proper police work again....

    1. Charles 9 Silver badge

      How can the police do their work when hostile sovereignty gets in the way? The Internet makes using hostile sovereignty as a shield much easier.

    2. EastFinchleyite

      Constitutional rights

      "There's no constitutional right to sell a cheese sandwich or a car either WTF has that got to do with anything..."

      Quite so. The rights are no in selling, rather in owning and/or using.

      The solution to this problem is in the second amendment. All some bright spark has to do is find a way of building encryption into a gun and there is no way that the US government would be able to challenge it. The NRA would never have it.

  33. Stripes the Dalmatian

    If...

    ...you're not already interested in the persons at either end of the encrypted communication, why do you want to decrypt the message? If you are interested, why not capture the message before it's encrypted or after the recipient has decrypted it?

    1. Charles 9 Silver badge

      Re: If...

      One end may be outside your jurisdiction and you don't know enough about your end to establish probable cause.

      1. jmch Silver badge

        Re: If...

        "One end may be outside your jurisdiction and you don't know enough about your end to establish probable cause."

        Not knowing enough about your end to establish probable cause, (meaning you wouldn't get a warrant) is EXACTLY the reason why law enforcement should not have access to the decrypted message

      2. Loyal Commenter Silver badge

        Re: If...

        One end may be outside your jurisdiction and you don't know enough about your end to establish probable cause.

        And this, my good man, is known as a fishing expedition. If you think one of those is a good thing - well, you are just wrong.

        1. Charles 9 Silver badge

          Re: If...

          It's wrong to get something to eat? It's wrong to try to find out if someone's about to blow up your capital and there's no other way to find it because hostile sovereignty is in the way? Frankly, with attitudes like that, civilization hasn't got a prayer.

  34. Anonymous Coward
    Anonymous Coward

    TL;DR all comments, but in science v. "the law" ...

    science can't lose.

    Even if (snopes alert) the law declares Pi to be "3".

    Starting with a OTP, there are several ways to render plaintext unreadable - forever - without the key.

    If I were really worried, I would look towards a system which required (say) 9 people to each provide a fragment of a key before the ciphertext can be read.

    If each of those people lives in a different jurisdiction (India, China, Australia, EU, Mexico etc) then good luck with that.

    Tolkien needs to be read as a metaphor.

    1. Charles 9 Silver badge

      Re: TL;DR all comments, but in science v. "the law" ...

      But then they have to get together to actually get things done. Just make it hard for them and they'll be forced to change methods.

      As for the one time pad, continual pressure could force them to keep ditching their pads in a panic, breaking communication chains. Remember, keeping them from communicating can be as effective as intercepting them.

  35. scrubber
    Flame

    “evidence ... was totally impervious to detection.”

    So we're going to ban fire in case anyone tries to burn evidence.

    1. Francis Boyle Silver badge

      Well come on

      Why would an honest citizen need matches?

  36. GnuTzu Silver badge
    Big Brother

    Outlawed Encryption and More Creepy Surveillance

    This whole thing totally creeps me out.

    I only skimmed the comments, but I didn't see anyone discussing what it will mean when people are permitted only to use "approved" encryption. They'll want a way to hunt down anyone using illegal encryption. Wouldn't this require more surveillance? How else will they be able to verify that everyone is complying with the law?

    And, you know criminals will just end up finding ways to hide encrypted data; it's just too easy a thing to do. So, what this is really going to do is give them a new law to prosecute on, a law mandating "registration" of backdoor access, and very little else. They aren't going to actually get much in the way of back doors to real criminals. The mathematics aside, they're in fantasy land if they think their efforts will yield any meaningful results without hurting society. And if they do it wrong, the worst case scenario is Cybergeddon--just imagine the wholesale draining of banks and markets crashing left and right.

    1. Anonymous Coward
      Anonymous Coward

      Re: Outlawed Encryption and More Creepy Surveillance

      Just imagine the glee of the 0.0001% since their wealth isn't in banks but in gold, silver, other intrinsic valuables, and of course land.

  37. fluffybunnyuk

    Cryptic :)

    ∃p : ¬p∧Bp nuff said

  38. ma1010 Silver badge
    Pirate

    There are ways around encryption without magic back doors

    Obligatory XKCD here.

    1. Charles 9 Silver badge

      Re: There are ways around encryption without magic back doors

      And then there's the obvious counters: the suspect is either a masochist (WANTS to be hit) or a wimp (faints at the sight of it). THEN what?

  39. Mahhn

    Making more criminals

    The only thing his laws would do is make more people classified as criminals. Just by having a program that does encryption that does not have a backdoor. You may not even know you have one, but that's no excuse under the law. Like banning all knives over 4", does your kitchen knife count? a hatchet, a chainsaw, wood saw, sheep shears.. To the law - Yes. (the analogy is based on a law of knives you could have in public at one time in some US states.)

  40. elgarak1

    This discussion, and Rosenstein's arguments, should be dead in the water. Here's the thing: It is, technically, possible for anyone, including criminal and terrorist groups, to employ unbreakable encryption. The math and algorithms are out there.

    Outlawing unbreakable encryption does not change this fact one bit. Why should a criminal or terrorist care if he breaks one more law?

    It stands to reason, therefore, that a demand to backdoored, breakable encryption by law will not achieve its stated goal, namely catching criminals and terrorists, in particular not the smart and therefore most dangerous ones.

    QED

  41. strum Silver badge

    >Warrant-proof encryption defeats the constitutional balance

    What 'constitutional balance'? If, in 1783, I burned all my subversive letters, no court could order me to reconstruct them (even if I had perfect memory of what they contained).

    There is no 'balance'.

  42. captain_solo

    I'll agree to this as soon as the government agrees to only use backdoored encryption also and gives we the people the keys so we can see what the elected and unelected ruling classes are doing

    If they aren't doing anything wrong, they shouldn't have any reason to hide it.

  43. Tubz

    All I can say, he is cockwomble !

  44. Anonymous Coward
    Anonymous Coward

    Second Amendment

    It's comments like this that almost make me wish that Crypto was still classified as a weapon. Break out the 2nd amendment at them and see thire heads explode.

    1. Allan George Dyer Silver badge

      Re: Second Amendment

      Well, it's still classified as a "dual use technology", see the Wassenaar Arrangement:

      http://www.wassenaar.org/wp-content/uploads/2016/12/List-of-Dual-Use-Goods-and-Technologies-and-Munitions-List-Corr.pdf

      page 86.

      Your local laws may or may not be based on this, Hong Kong's (https://www.stc.tid.gov.hk/english/checkprod/cat5A002.htm) follows the wording so closely that I'm surprised it isn't a copyright violation.

  45. Ken Mitchell

    They never can get enough

    I _might_ be inclined to believe the government when they said that they needed complete access to all communications to prevent or punish terrorism, if only the creeps making those claims hadn't already demonstrated that EVERY police power that they claim will prevent terrorism is immediately used for petty crimes like tax non-compliance or divorce or child custody disagreements. EVERY tool that the police obtain will be used in EVERY case in which it might be useful.

    Cops demand the use of "Stingray" cell site simulators to catch terrorists - and then use them to find low-level drug dealers and cigarette smugglers.

    No! Police, you have abused EVERY tool that you've ever been given. NO MORE!

  46. Kimo

    Who's warrant?

    As I understand the AAG's position, he wants to be able to serve a warrant on a third party (the hardware/software company) to get access to information. Right now, there is a mechanism to compel defendants to comply with a warrant (contempt of court). But it isn't 100% effective, and trying individual cases is time consuming. Why serve individuals when you can serve tech companies and get lots of cases resolved at once? It also eliminates that pesky problem of individuals challenging the warrant instead of putting a gag order on the warrant so the subject never knows until they are hauled into court.

    We have never required safe manufacturers to create a master key for law enforcement. Why should electronic devices be different?

  47. sisk Silver badge

    The law recognizes that legitimate law enforcement needs can outweigh personal privacy concerns.

    Key word: legitimate. I absolutely agree that law enforcement should be able to gather evidence of crimes, especially in a system that places the burden of proof on them. The problem is that they've not limited their searches to areas where they have a reasonable expectation of finding such evidence. They have, in short, repeatedly and wantonly committed the very act that the Fourth is intended to protect us from.

    Here in the US we have the reality of cops making the owner of a car stand out in the cold for hours waiting for their car to be searched simply because they're teens. And should the teen be aware of their rights and try to prevent it they'll bring over a drug dog and have it jump on the car on cue to give them probable cause. We live in a world where data on your laptop can be searched simply because you carried it through an airport with no reason to suspect you've committed any crime. We live in a world where every single email we send or phone call we make is probably being monitored by bots to flag suspicious ones.

    He's right that we don't have an absolute right to privacy. Law enforcement has always been able to get warrants to search whatever they need to if they can give a good reason. But we do have a reasonable right to privacy, and warrant-proof encryption has become the only way we can enforce it in a world where law enforcement has developed a habit of skipping the warrant.

    1. Charles 9 Silver badge

      "They have, in short, repeatedly and wantonly committed the very act that the Fourth is intended to protect us from."

      It's simple. If you're under perpetual existential threat (and can prove it, too, with things like 9/11) then it's very easy to claim anything is reasonable if your country won't exist tomorrow otherwise.

      1. Kiwi Silver badge

        It's simple. If you're under perpetual existential threat (and can prove it, too, with things like 9/11) then it's very easy to claim anything is reasonable if your country won't exist tomorrow otherwise.

        Wow. Your argument is a relatively minor1 event 16 years ago?

        1 Relatively minor : IIRC there was something like 3 million people airborne around the world during the time of the alleged 'terror attacks"2, many more travelling in various other means. Hell, probably more people died in traffic accidents around the world at that time, and probably more women died in childbirth that year than from terrorist attacks world-wide (not counting US etc invasions as terrorism, though they probably are at least that).

        2 Lots stinks about it OK?, esp WT collapses and esp WT7. I'm not convinced either way.

        1. Charles 9 Silver badge

          I'm speaking from THEIR end, and consider it a dry run. Think instead an atomic bomb detonated 20 miles over South Dakota.

  48. Anonymous Coward
    Anonymous Coward

    Law: Where did you bury the body?

    Suspect: I know nothing about what you are asking.

    Law: We know you did it, take us to the body.

    Suspect: Get a warrant and have fun.

    Law: We are not going to spend our pension money digging up your property. Tell us where the body is.

    Suspect: I know nothing about what you are asking.

    Backdoor encryption gives an unfair advantage. I think the law needs to dig their own holes.

  49. DerekCurrie Bronze badge
    FAIL

    Sorry Deputy Attorney General Rod Rosenstein, But Constitution Beats Your Wrong Opinion

    I can read. I've read the Fourth Amendment to the US Constitution. You are entirely wrong Deputy Attorney General Rod Rosenstein. Expressing a wrong opinion does not equal changing the US Constitution, no matter how much you wish it would.

    Review Please:

    "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

    If the government meets their obligations before search and seizure, then they get what they get. Not-a-thing in the Fourth Amendment stipulates anything-at-all about any citizen ever having to make any of their persons, houses, papers and effects searchable.

    Therefore, if the physical safe with the evidence is never able to be opened, that is the state of affairs. If the virtual safe with the evidence is never able to be opened, that this the state of affairs. Any US citizen can keep anything personal in anything. There is no limitation.

    Read the Amendment again please. No more confabulation please! What you're claiming to be there, Deputy Attorney General Rod Rosenstein, is not there, is it.

    I hope the motivation behind your wrong statement wasn't totalitarianism.

    1. Charles 9 Silver badge

      Re: Sorry Deputy Attorney General Rod Rosenstein, But Constitution Beats Your Wrong Opinion

      Except practically no safe known to man has been able to beat a determined safe cracker. Thus why they're rated by time. Worst case, unless it's a vault, they find a way to dismount the safe and take the whole thing with them.

      Electronic communications CAN, however, be permanently scrambled beyond recovery. Indeed, some adversaries SEEK this to break communications chains.

      1. Baldrickk Silver badge

        Re: Sorry Deputy Attorney General Rod Rosenstein, But Constitution Beats Your Wrong Opinion

        I could perfectly scramble data in a safe too.

        A good industrial smelter would do the job just fine.

        1. Charles 9 Silver badge

          Re: Sorry Deputy Attorney General Rod Rosenstein, But Constitution Beats Your Wrong Opinion

          But safecrackers would know better than to go too far with things like a thermic lance. And if you just want to destroy the stuff, you don't need a safe for that.

  50. Stevie Silver badge

    Bah!

    “Such encryption already exists," the Deputy AG claimed.

    At Accenture for starters.

    Is everyone in this bally administration working for the Russians?

    1. MachDiamond Silver badge

      Re: Bah!

      "Is everyone in this bally administration working for the Russians?"

      Just those in the Democratic party. It is not written that GOP HAS to be working for anybody else but themselves. Sheer incompetence is it's own explanation.

  51. Stevie Silver badge

    Bah!

    Can we now say that if a computer has been compromised by the loss of a govenrment-owned backdoor key that the system has been "Rosensteined"?

    "How in christ's name did The Lucky Chang Vehicle Group get hold of our game-changing automobile tech?"

    "Sorry, chief, we were Rosensteined. The Department of Homeland Encryption just announced they were rooted last March"

  52. Kev99

    Not surprising he'd make the claims about the fourth amendment. After all, it was the same reactionary republicans that tossed out the fourth with their illegal search and seizure at airports.

    1. Charles 9 Silver badge

      Not really. The key word in the Amendment is "reasonable". Thing is, what can you call reasonable when you're under perpetual existential threat?

      1. Kiwi Silver badge
        Windows

        Not really. The key word in the Amendment is "reasonable". Thing is, what can you call reasonable when you're under perpetual existential threat?

        When I see fluffy white elephants with pink polka dots flying around the room, I know it's time to put the funpills away for a while.

        Might be time for you to cut back on your doses as well, don'tcha think?

        1. Charles 9 Silver badge

          And what if I tell you I'm not on anything? In fact, you could say I'm knurd?

  53. EnviableOne Bronze badge

    UDHR Article 12

    No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

    All memebrs of the UN are signed up to it, and Encrypted communications is maintaining the privacy of corespondance hence it is protected. If they have a legitamate reason to view it, Get a Warrant thats what they are for.

  54. Aodhhan

    Horrible...

    The title and underlying message of this story is false, wrong and a lie.

    Do you only have a 3rd grade reading level?

    The statement is, "There is no constitutional right to SELL WARRANT PROOF encryption".

    This is true about anything and everything. So to make it a huge deal is moronic.

    This applies equally to locks, safes, fences, pockets, cubby holes, etc. If a warrant is issued, the owner is obligated to provide access.

    The message of the entire speech is, "Responsible encryption".

    More ultra-far left wing lies to invoke emotion, because they know when people are emotional, they don't think through things. They only grab on to what someone says, whether it's true or a lie.

    1. patrickstar

      Re: Horrible...

      Troll, but for anyone else reading:

      As was established in Bernstein v. United States https://en.wikipedia.org/wiki/Bernstein_v._United_States there is in fact a First Amendment right to publish encryption code.

      It'd also follow that there is a First Amendment right to publish, say, designs for a lock that police or intelligence agencies cannot reasonably pick/manipulate, but as far as I know this hasn't been tested in court because noone has been stupid enough to actually try to cripple the security of physical locks. For some reason this obvious common sense thing disappears when it comes to "locks" on data.

      There is no way for a lock manufacturer, regardless of warrants or any other legal (or illegal) means directed at them, to hand over a key for a lock someone keyed themselves.

      And lock manufacturers do in fact release new designs when it becomes known that someone, including governments, have figured out a way to open them in a way that breaks the underlying security assumptions.

      BiLock has stated this in public, for example:

      "After extensive internal testing, and some additional upgrades, we are getting ready to submit an even more improved version for US and Canada certification. This BiLock system will far exceed the requirements set forth in UL 437. The new design will also thwart even the most sophisticated picking and decoding tools that are in use by the US intelligence agencies."

      So I suppose he should call for "responsible lock designs" that are pickable so police and others can gain covert access when they have a warrant to do so?

      Weakening everyone's security - and making life easier for criminals- in the process, of course. Just like it would for encryption.

      (PS. For the record, I am a certified right-wing nutjob.)

  55. Jtom

    Moot topic. If the government banned perfect encryption, someone would put the code, method, and logic on the web for free. It would be tested by many, rated, reviewed, and distributed before the first search warrant was issued to stop it. If something is possible, it will be done and put on the Internet.

    Besides, people have always had the ability to develop their own, private language (and some have done so) or code, understandable to no one else. If you want to send undecipherable information, you can do so. It just takes a little creativity.

    1. patrickstar

      It's even mooter than that because all that information, including tests and reviews, is already available on the Web and other mediums.

    2. MachDiamond Silver badge

      "Besides, people have always had the ability to develop their own, private language (and some have done so) or code, understandable to no one else. If you want to send undecipherable information, you can do so. It just takes a little creativity."

      I want to upvote and downvote your comment. Up, people can certainly invent their own language or encryption. Down, unless they are extremely clever it won't be worth much.

      The gold standard is encryption where the code can be published, examined and hacked since a secret is dead once somebody spills it if you are rely on obfuscation for security. Perfection is impossible but if The Man® isn't willing to dedicate a serious amount of hardware and time to decoding your correspondence, it can be perfect enough. Code that good isn't something that anybody can do after a semester in a cryptology class.

  56. onebignerd

    Rights = temporary privileges

    "...that's all we've ever had in this country is a list of temporary privileges.", "...because rights aren't rights if someone can take them away." -George Carlin, It's bad for ya

    The Constitution DOES say that it's citizens have; "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

    There is nothing in the Constitution that says the Government can act like a totalitarian dictatorship with the absolute right to know everything it's citizens do and say. Yeah, oversight! Like the oversight of the NSA, DNI, and the FBI in abusing the FISA courts, or maybe the sharp oversight of the bank bailouts where billions if not trillions of dollars was wasted, yet Congress doesn't know how or for what and the banks amazingly didn't keep records or won't say (bonuses and parties). But there is never any consequences for this lack of oversight and the waste of tax money that goes with them. I am curious as to where all that repaid money went, it wasn't paid back into the national debt. Was it really paid back?

    So the Government does NOT have the right to look at everything transmitted or written by it's citizens. Back-doors into encryption will be handled with the same careless and reckless attitude and behavior as the Government has done with FISA courts wiretapping, warrants, searches, protection of rights, with a "screw you" attitude!

    1. Charles 9 Silver badge

      Re: Rights = temporary privileges

      Yes they can. Might makes right, and rights have no meaning when a gun's pointed at you. In the end, laws are just ink on a page, waiting to be burned by someone powerful enough and bold enough to dare.

  57. Kiwi Silver badge

    No Such Agency...

    “Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection.”

    NSA, CIA, FBI, local and state police, the "justice" system (with the courts protecting criminals who happen to also be rich), stuff at various levels of government (federal, state and local), stuff protecting various corporations, stuff done by the various armed services.

    How many "system(s) where evidence of criminal wrongdoing (is) totally impervious to detection" have I missed?

    And where such crimes are detected, within those systems above there are many many ways to either have the crime go unpunished, or have the true perp go unpunished while some innocent (or not) bystander takes the wrap and does the time.

  58. Mike Ozanne

    "Not really. The key word in the Amendment is "reasonable". Thing is, what can you call reasonable when you're under perpetual existential threat?"

    But you aren't are you.. DAESH and Al Qaeda lack the power to significantly damage the USA, re-order it's society or damage it's constitution, they can make a few messes and kill a small fraction of the population. Unpleasant, but not an existential threat. Your government on the other hand can do all three and in these circumstances is the player that needs to be carefully watched.

    1. Charles 9 Silver badge

      How do you know they lack the power? Perhaps they're just just biding their time or waiting for a force multiplier, a domino effect, or a decapitation strike.

      1. Mike Ozanne

        "How do you know they lack the power? Perhaps they're just just biding their time or waiting for a force multiplier, a domino effect, or a decapitation strike."

        They been under SiGINT, SATINT, PR and Special Forces Infiltration for years now, They can't hold the territory they took :

        http://news.bbcimg.co.uk/news/special/2017/newsspec_17978/img/territory-control_976.png

        Their ability to mount an operation against the USA significant enough to imperil it's existence is nil. The state actors supporting ISIS will do everything possible to keep Nuclear Weapons out of their hands. They wouldn't be able to keep their involvement quiet and DOTUS would spend about 0.1 picoseconds considering the ethical issues before glaing their real estate with instant sunshine

        1. Charles 9 Silver badge

          "Their ability to mount an operation against the USA significant enough to imperil it's existence is nil."

          Yeah, right, and no one thought it prudent to consider that airliners can be hijacked and turned into suicide vehicles. I trust those SIGINT whatevers about as far as I can throw them. Plus, even after 9/11, some suicide attacks still occurred because the instigators were the actual, licensed, etc. pilots.

          If the plods say they don't have a chance, they're looking in the wrong place.

          1. Mike Ozanne

            "Yeah, right, and no one thought it prudent to consider that airliners can be hijacked and turned into suicide vehicles."

            And those attacks in no way constituted an existential threat to the USA. Damage to a small area of commercial and government property and a relatively small number of deaths in comparison to an actual existential threat. For example the Luftwaffe campaign against Great Britain; The Bomber Command/USAAF campaign against Germany; the USAAF campaign against Japan culminating in two atomic releases. It soesn't even compare in scale to the collateral damage caused by the secondary air campaign against North Vietnam by USAF/USN

            The only actor currently possessing the power to imperil the existence of the USA as it is currently constituted and operating is the US government.

            1. Charles 9 Silver badge

              I bet you an atomic bomb detonated 20 miles over South Dakota would change your tune. Or perhaps a superfluous farmed by ferrets and passed by a willing participant passing though JFK, O'hare, Reagan, and a number of other major transit hubs

              As for 9/11, that was likely a dry run. If they REALLY wanted to hit hard, they'd have hit during the State of the Union address...using the plane carrying the hidden Cabinet member. With some sleeper cells, you could also take out the governors, creating enough of a power vacuum for a mass assault to work.

  59. SoS-A96

    Attempted to buy a development board here in Scotland.

    Yes contains a secure core, we all want.

    https://www.nordicsemi.com/eng/Products/nRF52840

    America said no, I was not able to purchase it due to export restrictions.

    So, I attempted a European company, they said they would only sell to companies.

    What is a man on the street to do,

    when they protect money

    but not people?

  60. SoS-A96

    This kit will be illegal soon if America gets its way running the planet.

    http://www.microchip.com/wwwproducts/en/ATECC508A

  61. ggalt

    The advent of smartphones has made law enforcement lazy. Before they would have had to directly monitor subjects to learn what they were saying or searched physical locations (probably multiple physical locations) to unearth evidence.

    Once we created smartphones, it became easy for law enforcement. Get the phone and you get it all. No need to scale telephone poles to install alligator clips on lines, no need to rifle through the grunge at some loser's apartment. It was clean, it was easy and life was good -- for law enforcement.

    Now that encryption threatens to **RETURN US** to a time when law enforcement had to work for information, people such as Rosenstein are complaining like teenagers asked to clean the kitchen.

    Smartphones are the information drug that law enforcement got hooked on, and they don't know how to go on living without it. Their brethren from half a century ago would be very disappointed in them.

    1. Charles 9 Silver badge

      Smartphones and the Internet also encouraged ways to make law enforcementbuseless, though. What does a cop do when their only lead runs smack into a foreign power who doesn't want to cooperate?

  62. Dinsdale247

    From the wiki entry linking to The Bernstien case:

    'On October 15, 2003, almost nine years after Bernstein first brought the case, the judge dismissed it and asked Bernstein to come back when the government made a "concrete threat".'

    I suppose that concrete threat has just happened?

  63. arthoss

    You may not be forced to incriminate yourself right? If judges can be persuaded that a mobile phone is an augment of your brain, being part of your being, there is no right to read it for anybody.

    1. Charles 9 Silver badge

      I think it's too late. In order for it to be part of your person, it has to be part of your physical body, according to previous rulings. Plus things that are on the outside of the body, like fingerprints, have already been declared open season by court rulings.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019