back to article Crypto-gurus: Which idiots told the FBI that Feds-only backdoors in encryption are possible?

Four cryptography experts have backed a US Senator's campaign to force the FBI to explain how exactly a Feds-only backdoor can be added to strong and secure encryption. The four are: Stanford professor Martin Hellman, of Diffie-Hellman fame and who helped invent the foundations of today's crypto systems; Columbia professor and …

  1. Anonymous Coward
    Anonymous Coward

    Is this one of those invisible girl friend from Canada kind of deals?

    1. DNTP

      Invisible GF from Canada

      She's totally real I swear and I'm the only one with access to her backdoor.

    2. Rattus Rattus

      Her name is Alberta, she lives in Vancouver!

    3. John Smith 19 Gold badge
      Coat

      Is this one of those invisible girl friend from Canada kind of deals?

      Good question.

      It's a very smart political move. Either they think this with no basis in reality other than "We wants it," or someone actually told them they could have this and they have to name the scam artist "researcher(s)*" in question.

      *Lagos University perhaps?

      1. Michael H.F. Wilkinson Silver badge
        Coat

        Re: Is this one of those invisible girl friend from Canada kind of deals?

        If your Lagos theory is correct one would assume the backdoor key is 419, because nobody would guess that

        Sorry, couldn't resist

  2. Aqua Marina Silver badge

    Anyone want to make a lot of money?

    Approaching this from a business perspective. Our lords and masters have decreed that something must be done. They will not listen to those with suitable knowledge, so the only thing left to do is to give them something, anything and make a bloody f*ckton of money while doing it. Very soon someone else will have this idea and will make a f*ckton of money from it. Probably someone like BAE or Lockheed Martin. The final results do not matter. The fact that someone up high can tick a box that says “it is done” is sufficient. Start a company, sell magic thinking. Close down after a few years and retire to somewhere warm and cheap.

    So, are you going to complain that what is being asked for is impossible, or are you going to follow the American dream and profit from it?

    1. Wensleydale Cheese Silver badge
      Joke

      Re: Anyone want to make a lot of money?

      "Approaching this from a business perspective. Our lords and masters have decreed that something must be done. "

      Much the same idea occurred to me when reading about AI detection of terrist videos. They got 600K, we could certainly aim higher than that,

      With sufficient funds, we could subcontract the job to GCHQ and let them get into systems using more conventional, but tried and tested methods, such as social engineering.

      1. Tom 64
        Pint

        Re: Anyone want to make a lot of money?

        It's leave your conscience at home day! Lets take a shitton of public funds and line our pockets!

        1. Doctor Syntax Silver badge

          Re: Anyone want to make a lot of money?

          "Lets take a shitton of public funds and line our pockets!"

          No chance, we'd have to leave it to the professionals at eating public funds. In the UK that would be the likes of Crapita.

      2. Doctor Syntax Silver badge

        Re: Anyone want to make a lot of money?

        "With sufficient funds, we could subcontract the job to GCHQ and let them get into systems using more conventional, but tried and tested methods, such as social engineering."

        That wouldn't work because it's not what the numpties in government want. It's something they have already. What they want is something new and magical that doesn't take any effort to apply. GCHQ know as well as anyone that a load of bollocks that is.

        The answer, as ever, lies with Sir Humphrey's explanations to Hacker that seeing money being spent means that everyone's happy because something's being seen to be done. So, just let out a contract to develop this magic with GCHQ, maybe in conjunction with some independent experts, being the arbiters of whether it works without any risks.

        That way, with some utterly rudderless guidance from themselves, HMG can persuade themselves that they're setting out to achieve this goal and maybe keep quiet about it - and even quieter about the ultimate failure. For good measure perhaps IDS can be put in charge; he has just the right track record for it.

    2. Vector

      @ Aqua Marina Re: Anyone want to make a lot of money?

      Yeah, I'd think twice about that little scheme. What's most likely to happen is someone will do just as you suggest, the system will get hacked just like everyone with any knowledge of the subject expects and that f*ckton of money and much more will be poured into the endless drain of lawsuits that result.

      1. Adam 1 Silver badge

        Re: @ Aqua Marina Anyone want to make a lot of money?

        @Vector, you are looking at this wrong. The investment opportunities are boundless, once you realise that it's the law firms' shares that you should be shoveling your hard earned into.

        1. Vector

          Re: @ Aqua Marina Anyone want to make a lot of money?

          Ah! Lawyers! Now there's a plan. They always end up with the money anyway, don't they?

          1. Gotno iShit Wantno iShit

            Re: @ Aqua Marina Anyone want to make a lot of money?

            Money isn't what I'm thinking when I have lawyers + shovels in mind.

    3. Anonymous Coward
      Anonymous Coward

      Re: Anyone want to make a lot of money?

      Simple solution. All passwords are sent to a government approved location when creating your account along with all other details. Therefore you know your password and the government also knows it. No mathematical problems with this.

      How do I claim my money? Also, can I be indemnified against any claims if someone manages to hack the computer with everybody's account details?

      1. tfewster Silver badge
        Facepalm

        @AC Re: Simple solution

        Key escrow is fine in principle, but it's not really escrow if your government is using it to read all emails for "dodgy" content. Don't worry about hacking; every government and agency will want access to the database, so it will be leaked anyway.

        A slightly more elegant solution would be for one "trusted" agency under each government to be able to issue keys and use a "secure" local database to decrypt its citizens emails and forward the contents if "appropriate".

        Using an unapproved key will lose you your email rights. But it's not all bad news - TXT & 1337 speak and spammers random-word techniques will be detected as secondary encryption, and the perpetrators removed from society.

        1. JohnFen Silver badge

          Re: @AC Simple solution

          "Key escrow is fine in principle"

          Not really. Key escrow is only fine if the keepers of the keys are incorruptible and their security is perfect. Otherwise, it's nothing but a disaster in waiting.

      2. Trump rulz

        Re: Anyone want to make a lot of money?

        > All passwords are sent to a government approved location when creating your account along with all other details.

        Great! My SAP/SAR (above Top Secret) security clearance, an ID thief's wet dream, along with all other clearances was leaked by a hack of the US Office of Personnel Management. (Google OPM hack.) This is one-stop-shopping for hackers.

    4. phuzz Silver badge
      Devil

      Re: Anyone want to make a lot of money?

      Ok, so what we really do is tell the government that we can do the work, and that we'll need £££££ (and every six months say it's tricky and could we have more £££ please).

      Then we create a demo system that does whatever they want.

      Then we take the rest of the money and set up a bolt hole a long way away, and then run away with the cash.

      That way no impossible 'secure backdoors' need to be made, and we get loads of money.

      It's the perfect plan, all we need is a name for our company...

    5. BebopWeBop Silver badge

      Re: Anyone want to make a lot of money?

      retire to somewhere warm and cheap no extradition treaty, warm and cheap beer

      TFTFY

    6. JohnFen Silver badge

      Re: Anyone want to make a lot of money?

      True. If I didn't have a sense of ethics, I'd be a billionaire by now.

  3. martinusher Silver badge

    Straightforward Enough

    All this article is telling you is that when the money wants something there's always going to be a ready supply of toadies who are prepared to tell them 'yes'. Especially if, like encryption, its going to be someone else's problem to deliver. You don't need to be a heavyweight mathematician to know that there is no such thing as a backdoor to an encryption algorithm; any attempt to put one in is just going to be an elaborate bypass mechanism, one that's bound to be found sooner or later.

    1. Adrian 4 Silver badge

      Re: Straightforward Enough

      When faced with loads of money and an unfeasible job, the trick is to get in the channel. You don't want a contract to provide the encrypted software : you want a contract to organise, advertise and filter the hopeful applicants.

      And make sure the contract deliverables are exactly those things : not an actual working application.

      1. cantankerous swineherd Silver badge

        Re: Straightforward Enough

        don't dig for gold, sell shovels.

      2. Doctor Syntax Silver badge

        Re: Straightforward Enough

        "And make sure the contract deliverables are exactly those things : not an actual working application."

        You're too pessimistic. I'm sure we can all think of big projects which consume money without producing anything that remotely resembles a working application. A work in progress is just fine.

    2. Eponymous Cowherd

      Re: Straightforward Enough

      Pretty much hit the nail on the head.

      Had that sort of thing happen so very many times. Over-eager sales twonk promises a customer a "feature" to get the sale. "Can you add the ability to do X?" says the customer, "Sure, no problem" says the sales twonk. "Sold!!" says the customer.

      "Oh by the way", says the sales twonk in his briefing to the developers, "I've told them we can do X. That's OK, isn't it? Not to difficult to do?"

      "No it fucking isn't OK" I say. "That's next to impossible to deliver for the price you quoted."

      "Just fucking do it. OK" says the boss.

      So we do it. It doesn't really work properly. The project is massively over budget and late. The customer is pissed off and I'm in the shit with the boss.

      But the fucking sales wanker got his fucking commission, so that's OK.

  4. Thoguht Silver badge

    Unbreakable encryption with secure backdoors?

    Oh, you mean like TSA baggage locks?

    1. Adam 1 Silver badge

      Re: Unbreakable encryption with secure backdoors?

      Kind of. Except obviously the encrypted backdoor would require the threat actor to be present whereas the TSA baggage locks can be remotely exploited from another continent.

      1. Michael H.F. Wilkinson Silver badge

        Re: Unbreakable encryption with secure backdoors?

        Even if it could be made to work (which it cannot), what is going to stop terrorists from using a one-time-pad (or some simpler, highly secure cryptography) to create high entropy messages, embed these in some video of a cat using standard steganography and sending these through what is now no longer a secure channel?

        1. eldakka Silver badge
          Black Helicopters

          Re: Unbreakable encryption with secure backdoors?

          > what is going to stop terrorists from using a one-time-pad (or some simpler, highly secure cryptography) to create high entropy messages,

          I think your mistake here is that you are assuming they want it to fight terrorists and other high-level bad actors.

          They already have spy agencies with satellites, entire data centres dedicated to cracking, local HUMINT resources, spies, strike teams, cyber-espionage networks (i.e. physically placing exploits into hardware of high-level targets while in transit from the manufacturers, Cisco routers, etc. ) execution squads and 100's of billions of dollars to spend on those.

          No, they want it to mass-monitor their own citizens.

  5. Alistair Silver badge
    Windows

    FBI to @cryptoboffins

    Our sources cannot be identified in order to protect their identities.............................................................................................................................................................

    (from massive ridicule by people that actually know what they're talking about).

    1. Adrian 4 Silver badge

      Re: FBI to @cryptoboffins

      If the sources are 'experts', then presumably they can develop the required magic encryption.

      And if they're not, what is their justification for expressing an opinion ?

    2. John Gamble
      Boffin

      Re: FBI to @cryptoboffins

      Yeah, that caught my attention too.

      "The FBI is also unlikely to release the names of those it has been consulting over fears that they would be ridiculed and come under pressure from their peers not to work on such an approach."

      The third possibility is that the experts the FBI is citing would be appalled to find out that they've been misquoted for this purpose, and would repudiate FBI leadership immediately.

      I'm reminded of Mnuchin's economist survey (not a misquote, but similarly embarrassing).

      1. Anonymous Coward
        Anonymous Coward

        Re: FBI to @cryptoboffins

        37 of 37 economists surveyed are all wrong, as usual. Just like the FBI's crypto experts. Enough is enough already. Real change is happening and none of these jokers can stop it.

  6. Smooth Newt
    Meh

    Exceptional access

    The other problem with Exceptional Access Mechanisms is that will swiftly become Routine Access Mechanisms for snooping on political activists, sales and R&D divisions of foreign companies and the general population.

  7. Mark 85 Silver badge
    Facepalm

    And so it goes....

    This will keep going until one of several things happens...

    1) Wyden is no longer in the picture.

    2) The governments (all of them who want this) toss a lot of money down the food chain/contractor toilet and get no results.

    3) The agencies and politicians who push this get a clue.

    4) Hell freezes over.

    If 1) happens possibly someone else who has a clue is waiting in the wings to replace him.

    Given what the governments want, 2) is possible.

    3) Not happening.

    4) is the most likely....

    1. Velv Silver badge
      Coat

      Re: And so it goes....

      “4) is the most likely....”

      Not likely when you align with the other GOP policies on Climate Change

    2. Doctor Syntax Silver badge

      Re: And so it goes....

      I'm in favour of 2). There's nothing remarkable about govt. IT projects that fail to deliver. The politicians continue to believe that they're going to succeed and it keeps them happy because they're Doing Something. The sooner they head of in that direction the better. They'll stop bleating, someone will get dosh that would inevitably be spent on something worthless and the rest of us would get a break from this endless whining. I might even consider coming out of retirement to work on it; I'm not a cryptographer but I could fail at it as successfully and expensively as someone who is.

    3. bombastic bob Silver badge
      Mushroom

      Re: And so it goes....

      This will keep going until one of several things happens indefinitely

      (fixed it for ya)

      politicians see an opportunity with every disaster, like 'let no disaster go unexploited"

      article: "those in favor of backdoors are just treading water until something happens that causes a shift in public opinion"

      pretty much what I said, I think. You see it with GUN CONTROL all of the time. Let some wack-job criminal psychopath go off and shoot up a high school, and the GUN CONTROL arguments start within 15 minutes.

      Similarly, you'll see the SAME THING with back doors on ALL encryption.

      What's next, EVERY LOCK must have a MASTER KEY that ONLY the gummint can use? Ha ha ha ha, that's so funny [but it's the SAME DAMN THING that "they" want for encryption].

      And it's not about the money, so much as the POWER and CONTROL. When "they" have the power, and "they" have the control, the money just shows up. Yeah, right about now, ALL of this is SO! BLATANTLY! OBVIOUS! to *ANYONE* watching current events...

      what THEY want:

      a) permanent power/influence to control OUR lives

      b) take money from one group so they can favor another

      c) buy influence with money given to them by lobyists and friends

      d) engage in nepotism and favoritism of various kinds

      e) "It's good to be the king"

      f) scare people into giving them even MORE power, whenever possible.

      In the Star Wars saga, Jar Jar Binks was manipulated into recommending that temporary powers be given to the chancellor to win the Clone War. With this extra power, he later became EMPEROR [and ultimately revealed his TRUE agenda by dissolving the senate, becoming an evil dictator].

      Thsi is SO much like real life, isn't it? THIS is what those elitist politicians want, for themselves and their friends. Yeah, "drain the swamp".

    4. apveening

      Re: And so it goes....

      4) Already happened, the Nordic mythology is correct in that aspect. The idea of hell as a hot place comes from ancient desert dwellers who couldn't think of something worse (lack of imagination).

  8. FozzyBear Silver badge
    Black Helicopters

    I think the big story here is that a Politician, a Politician seems to be listening to actual experts and is making reasoned arguments on this topic.

    Sure, He's most likely playing his own games here , but still.

    1. Pascal Monett Silver badge
      Trollface

      A million politicians, a million typewriters, and we have found the copy that is actually interesting for defending public interest.

      1. jelabarre59 Silver badge

        A million politicians, a million typewriters, and we have found the copy that is actually interesting for defending public interest.

        ...on this particular issue. He's likely useless for everything else

    2. Adam 1 Silver badge

      A broken clock shows the correct time twice* a day.

      *Unless it happens to be stopped between two regional dependent early morning hours on a particular Spring morning in which case it is only once.

      1. Michael Wojcik Silver badge

        A broken clock shows the correct time twice* a day.

        Gah. I can take this from hoi polloi, but on a technical site, people should know better. Clocks have many failure modes.

        A stopped clock is right twice a day - assuming a conventional analog 12-hour clock.

        If both hands fall off the spindle and lie flat at the bottom of the crystal, the clock is broken, but it will not show the correct time at any time of day. If both hands are pointing exactly to any number other than 12, it will not show the correct time (because the hour hand only points to the hour on the hour). If the hands are spinning wildly, it may show the correct time any number of times in a day. And so forth.

        Right, that's my Pedantry of the Week entry for this one.

    3. Palpy

      Wyden seems like a pretty straight guy.

      He's represented Oregon since 1981 in the House, and then since 1996 in the Senate.

      I think it's a mistake to tar all politicians with the same dirty brush. Wyden has the luxury of very strong backing in his district, so he doesn't have to prostitute himself to get re-elected. And of course one reason he has strong support is that he has a reasoned and substantive approach to the job of a legislator, and his constituency notices.

      All that said, I don't think the fight against backdoored encryption will be successful for very much longer.

      1. JohnFen Silver badge

        Re: Wyden seems like a pretty straight guy.

        "I don't think the fight against backdoored encryption will be successful for very much longer."

        It technically can't succeed, though. All that can be done is to force the default crypto included in device to be backdoored. It is impossible to stop people from using the strong crypto that already exists in the world.

      2. bombastic bob Silver badge
        Devil

        Re: Wyden seems like a pretty straight guy.

        "All that said, I don't think the fight against backdoored encryption will be successful for very much longer."

        That war has already been lost.

        a) PGP

        b) IDEA

        c) OpenSSL

        etc.

        The genii is out of the bottle, Pandora's box is open and you're NOT going to stuff ANY of this back in. Anybody who's decent at math could invent a new encryption method, some stronger and some weaker than others, and the concept of a block cipher or stream cipher is pretty well known. [I even invented one myself, and published in prose how to make it work, as a protest against U.S. encryption export laws back in the 90's, until the laws were changed, but I never took the page down - it's still there].

        Even bitcoin is a form of encryption with the block chain. Imagine invalidating all crypto-currencies because they now require a back-doorable block chain. Is _THAT_ part of "their" agenda?

        And like it is with guns: make them illegal, and ONLY criminals will have them. So it would also be with non-back-doored encryption. Make it illegal, and ONLY criminals will use it!

        Also, ask S. Korea how well it worked to require a specific type of encryption for ALL online banking transactions (aka SEED)...

        https://www.theregister.co.uk/2015/04/02/south_korea_to_deport_microsoft_activex/

    4. dan1980

      @FozzyBear (and others)

      There are many politicians - all around the world - who are reasonable, intelligent, public-minded, and genuinely dedicated to governing for the people.

      The problem is that the way politics as a whole works ensures that these worthy few rarely reach positions where they have much real power and never in concentrations high enough to make any tangible difference.

    5. bombastic bob Silver badge
      Devil

      "a Politician seems to be listening to actual experts"

      On the surface, this is how things appear. Since the politician is a Democrat, I have to wonder what that agenda is. If it's civil liberties, I'll give him a slow clap for being right. If it's some further agenda down the road, I'll keep my eyes wide open...

      "He's most likely playing his own games here"

      ack

  9. Dave Harvey
    Black Helicopters

    Exceptional access to WHICH governments?

    Are governments of the US, UK etc. really stupid enough to think that Russia, China, the Mafia etc. would not insist (and succeed) in getting identical access?

    1. Anonymous Coward
      Anonymous Coward

      Re: Exceptional access to WHICH governments?

      What do you think? Here in the UK we have clueless twerps like May and Rudd involved. Those two understand nothing.

      1. HieronymusBloggs Silver badge

        Re: Exceptional access to WHICH governments?

        "Here in the UK we have clueless twerps like May and Rudd involved. Those two understand nothing."

        They understand how to patronise and sneer at techies who have the bad taste to point out the limits of reality.

  10. chuckm
    Go

    don't forget,,,

    ...that given the revolving door between spookdom, private industry and the underworld, the odds on any 'exceptional access system' staying secret for more than about eight minutes are nil.

  11. Anonymous Coward
    Anonymous Coward

    What the TLAs must do to make it work

    1) Ban end-to-end encryption for any communication service based in a country reachable by the long arm of US Justice. WhatsApp is allowed to encrypt messages from users to its servers, but must store the messages, and turn them over at the request of the government.

    2) Ban the use of communication services not based on the US or in a friendly country with weak privacy protection laws. You use WeChat, you go to jail. Invoke national security: Claim the goal is to protect the users from being snooped on by the Chinese government.

    3) All certificate authorities must issue fake certificates to the government, in order to allow man-in-the-middle attacks. This takes care of HTTPS.

    4) Ban any other encrypted communication that cannot be snooped on by a third party as in 1), unless one of the destinations is in a whitelist of controlled companies.

    5) Label anybody who is still using encryption in a way that cannot be snooped on as obviously being a terrorist. When privacy is difficult enough to obtain, going through the effort of having privacy is already in itself grind for suspicion.

    1. Anonymous Coward
      Anonymous Coward

      Re: What the TLAs must do to make it work

      That might have worked, temporarily, in the Clinton era. Encryption is essential to commerce in today's online threat environment. Mandatory backdoors would be breached by botnets on day one. Damage would be mitigated by widespread noncompliance, though.

      The spooks are probably just trying to push their surveillance agenda through the new UK and US governments, unaware that the populist conservative base is strongly against this.

    2. Anonymous Coward
      Anonymous Coward

      Re: What the TLAs must do to make it work

      6. rename country to China 2.0

    3. hplasm Silver badge
      Big Brother

      Re: What the TLAs must do to make it work

      You forgot

      6) remove the phrase "Land Of The Free" from the US.

      (Probably long overdue. Not that anywhere else is much better, but not trumpeted about as much...)

      edit: Possibly 7) then, after China 2.0 :)

  12. Wingnut

    Naming Convention?

    If the tech companies are forced to weaken encryption, then maybe they should consider naming the new system after the idiots who proposed it?

    I'm sure Mrs. May and Mr Wray would love having their name associated with the inevitable crisis cracking such a system would bring!

    Just imagine the headlines!!!!!!!

    1. Spud

      Re: Naming Convention?

      ECDHE-MAY-WRAY256-GCM-RUD384

  13. razorfishsl

    Hay!!!,

    If some government agency threw a few million at me to write a report on back-door cypto... I would do it, even though I know it's a bad idea and not really likely to be secure.

  14. alain williams Silver badge

    Please also ask T May

    our Pry Minister - who also believes that Magic IT Pixie dust can make secure back doors.

    1. dan1980

      Re: Please also ask T May

      @alain williams

      There is no compelling evidence that Theresa May (or Christopher Wray) truly believes that 'secure' back-doors are possible.

      For my money, there is far too many people willing to chalk this up to ignorance/stupidity/magical-thinking on the part of politicians and intelligence/law-enforcement personnel when the truth is far more likely to be that they do understand the contradiction and they do accept the impossibility of what they are insisting but yet they are pushing ahead anyway.

      In other words, my strong suspicion is not that they don't understand the problem, but that they don't care.

      1. Teiwaz Silver badge

        Re: Please also ask T May

        In other words, my strong suspicion is not that they don't understand the problem, but that they don't care.

        Which is about as perplexing....

        If they know, and like Amber R, getting rather pissed at the pitying looks from technical people over the insistent demands for the impossible, why continue?

        Is the only line they've given this episode?

        1. dan1980

          Re: Please also ask T May

          @Teiwaz

          It's not that perplexing. I'm not saying I know, specifically, what their game is, but there are several plausible options that are fully in keeping with the way these people operate.

          The important part is that they are insisting that they need access - on demand - to any and all communication from anyone, to anyone, at anytime, through any service. That is what is consistent and they don't actually care about encryption per se; they are only concerned so far as it prevents them getting what they want.

          The underlying issue is that our governments and law-enforcement agencies have steadily adopted the view that they have a right to collect and look at anything and everything that the population does - in this case it's online but the insane coverage of CCTV proves it's a general principal.

          It's this view of entitlement to all data that is the basis for their frustration; there's no thought that any information should be sacrosanct and little concern that there should even be regulations - there's data and they must have it.

          They say, of course, that people are using technology to hide their activities and that, therefore, technology has hampered their ability to do their jobs. But that's disingenuous; it's technology that has allowed them access to an unprecedented breadth and depth of information about the entire population and provided that access far more easily than ever before.

          Just think of the effort previously required to intercept communication between two people pre-Internet. You can tap a phone, sure, but that's a specific effort and it's not something you can do en masse so you must identify specific lines to monitor, which takes effort and resources. What if one person uses a public telephone? Even if you later identify the specific phone booth used, all you can retrieve is the dialed numbers and, if you knew the time the call was made, you could match it up but you still wouldn't be able to retroactively listen to what was said.

          That's not the case at all with e-mail as communications can not only be monitored and analysed in huge numbers, there is usually a historical record obtainable after the fact - even if someone has deleted an e-mail from their mailbox, it may be recoverable by the provider and if not, most logs provide more information than phone records ever did.

          Our governments have gorged themselves on these easy, rich new streams of data and the thought of going back to limited data that they have to actually work for and be judicious about applying resources to horrifies them.

          The point, (to belabour it) is not so much that clever actors can suddenly avoid their data being collected because that has always been the case and it's not about terrorism or 'serious crime'* because no data collection policies restrict usage of the data to only those specific scenarios; instead, it's that our governments have come to view ubiquitous access to all data as the default position and as inherently part of their powers and rights and they view that 'right' as detached from any requirement to justify its exercise.

          * - Which the government of the day may construe to mean nearly anything they want.

          1. Neil Barnes Silver badge
            Holmes

            Re: Please also ask T May

            >> The important part is that they are insisting that they need access - on demand - to any and all communication from anyone, to anyone, at anytime, through any service.

            Whereas what I want is that they need access to *one* bit of information every five years, and that without identity: whether there is an X in the box come election time.

            Time for a worldwide movement to Mind Your Own Business[tm].

        2. Doctor Syntax Silver badge

          Re: Please also ask T May

          "If they know, and like Amber R, getting rather pissed at the pitying looks from technical people over the insistent demands for the impossible, why continue?"

          It doesn't matter that they're repeatedly told it's not possible. They don't believe that. They've reached positions of power (or what they think to be power) and know that they can command whatever they want because they have power.

          They should have paid more attention to Shakespeare at school: "'I can call spirits from the vasty deep', ''Why, so can I, or so can any man;/But will they come when you do call for them?'"

          1. Mike Ozanne

            Re: Please also ask T May

            " "'I can call spirits from the vasty deep', ''Why, so can I, or so can any man;/But will they come when you do call for them?'""

            Henty IV Part 1 Glyndwr and Hotspur...

      2. plrndl

        Re: Please also ask T May

        The votes are in "being seen to do something about it". There are far fewer votes in "doing something effective".

  15. Destroy All Monsters Silver badge
    Holmes

    In a german accent: "You wanted a miracle. I give you Eff. Bee. Eye."

    "He asked Wray to produce a list of the eggheads the FBI was talking to about designing such a system"

    Agent Keystone and Special Agent Keystone, I presume?

    1. synaesthesia

      Re: In a german accent: "You wanted a miracle. I give you Eff. Bee. Eye."

      >BZZZKT<

      Sorry, Hans. Wrong guess.

      Would you like to go for double jeopardy where the scores can really change?

  16. Long John Brass Silver badge
    Big Brother

    For the low low price of...

    I can do this for you for the the very reasonable sum of 10 trillion dollars. We will have to form a working group to bring in all stakeholders to ensure maximal compliance across the many government departments and interests. Once the scope if confirmed we will smoothly progress to proof of concept and once we achieve sign form all the related stakeholders we can roll this out out industry partners.

    please send your 10% deposit and notice of interest to i-really-can-do-this@totally-not-a-scam.com

  17. Stevie Silver badge

    Bah!

    Dear timewasting crypto-knownothings and climate change deniers:

    These roses were red

    But now they are dead

    You’re talking bollocks

    I wish you worms in your head.

    With apologies to Opus and Berkeley Breathed.

  18. veti Silver badge

    Physical access

    I don't see the problem.

    If the FBI, or anyone else, wants to take my phone away from me and invest a lot of time and effort into physically dismantling it and brute-forcing any encrypted content out of its memory, they can do that. They've got the resources. I don't mind if phones are not built to resist that level of attack.

    If they don't want to go to those lengths, then obviously their motivation for wanting to know isn't strong enough, and they can stay the fuck out.

    Problem solved, no?

    1. Long John Brass Silver badge
      Mushroom

      Re: Physical access

      Problem solved, no?

      No; You don't understand... that would require someone to put in some time and effort. They want a google-esq search facility that will just display whatever information they are after. This is how they think they will solve the terrorism or whever problem.

      EG: Search = Find all terrorists.

      and up pops a list of people to bomb the crap out of.

      1. Michael H.F. Wilkinson Silver badge
        Mushroom

        Re: Physical access

        List? I think they want up to the minute GPS locations displayed on google maps, and automatically be forwarded to the drone squadrons (with results as depicted in the appropriate icon)

  19. revilo

    simple proposition

    Just have any polititian (including the "crypto experts" who have suggesting such a system) be forced to implement it first, as a guinea pig on all their computers and gadgets. Then see how long it takes until their bank accounts are plundered, their health history and private photos blasted around, their lives ruined.

  20. IneptAdept

    Open source

    Ok so the government's that want the big companies to do this well that is fine... for the tech enlightened populace

    At the end of the day as technical people we will find / develop our own such as bcrypt / scrypt for hashing etc.

    Trucrypt / veracrypt these are all things that are developed by people not companies.... now I remember the issues with trucrypt and the worries that it was backdoored

    My point is even if they do get these access protocols the enemy (take that as you will) will just moved to one without a backdoor

  21. TheOldFellow

    Make America grate again.

    I have to say the the UK's Home Secretary Rudd is just as much a cretin as the Farcical Bumbling Idiot (FBI) director.

  22. Trollslayer Silver badge
    Mushroom

    People

    Even if you solve the technical issue, all you need is to get at someone who has access.

    1. Sir Runcible Spoon Silver badge

      Re: People

      That's just it, there is no technical issue.

      It's a bit like demanding your tea be served as a 100 degree Celcius ice-cube.

      1. collinsl

        Re: People

        Yes, but that one is actually possible - if you keep the ice cube constrained enough then it's theoretically possible for it to be heated to 100 degrees and remain in ice form.

        The amount of potential energy you'd be housing there (and the energy used to heat it that far) would be tremendous, however, so it would have to be a pretty strong constraint.

  23. Adam 52 Silver badge

    Governments are quite capable of keeping secrets if they want to. Prism was secret for 5 years and that required ISP cooperation. Bletchley Park for 32 years (from the public, not the Russians). John Major and Edwina Currie secret for 18 years. It's impossible to know how many secrets have died with people.

    1. Doctor Syntax Silver badge

      "Governments are quite capable of keeping secrets if they want to."

      They have a problem with greed. If you look at the list of "government" bodies who crop up in every iteration of RIP/DRIP etc. can you realistically believe that that isn't a sieve?

      Similarly, there's a fairly regular stream of news reports of disciplinary action or prosecution for wrongful access to the PNC, usually people checking on their ex or their child's latest boy/girl friend.

    2. David Nash Silver badge

      Secrets

      I'm just reading The Secret Life of Bletchley Park, I don't think that to keep something on that scale a secret would be possible these days. We're used to having too much information. And they had a war to justify all the secrecy so people were more accepting of it.

    3. jelabarre59 Silver badge

      Bletchley Park for 32 years (from the public, not the Russians).

      There's the point. Hidden from the people it was supposed to serve, but not from the "bad guys". Which means the criminals/terrorists/foreign governments will have access WELL before we know it's been breeched.

      1. veti Silver badge

        Bletchley Park was well and truly hidden from the "bad guys" (Germany) for long enough to do its job. Even the Russians didn't know about it until after it was disbanded.

        1. collinsl

          Except for the communist spy who worked there.

  24. kmac499

    Old military adage

    Tracer Bullets work both ways...

  25. Velv Silver badge
    Boffin

    Lead by Example

    Before setting laws for the general public, the government should encrypt all government owned devices with security that has a back door only they can access. They already have the right to inspect devices they supply to employees, so there’s no privacy issue to overcome.

    When someone breaks their back door down with a few months, perhaps then they’ll understand the issue.

    1. Doctor Syntax Silver badge

      Re: Lead by Example

      "Before setting laws for the general public, the government should encrypt all government owned devices with security that has a back door only they can access."

      No. They should be prepared to publish their own online credentials to their bank accounts, online shopping or other services because that's what, in effect, they're expecting of the rest of us. If they're not prepared to do that they can shut up. If they don't see the problem they can find out - and then shut up.

  26. Anonymous Coward
    Anonymous Coward

    Our guy

    I would love to see the list of names but I guess it if they are in the Technology field it could cost them a future job.

    I always suspected the UK consulted some idiot off dragons den or that amstrad bloke.

    Anyone stupid enough to make an email homephone and kettle combo or whatever it was is a prime suspect.

    1. David Nash Silver badge
      Facepalm

      Re: Our guy

      "that amstrad bloke"

      Yeah, whatever happened to him, probably claiming benefit somewhere!

  27. Milton Silver badge

    2 + 2 = 5

    I suspect that even conspicuously ignorant politicians like Theresa May would hesitate before saying in public: "The government needs two plus two to equal five and will legislate accordingly". Even she—hell, even outright morons like IDS, Leadsom and that staggering intellectual turnip Owen Paterson—would surely not be dumb enough to say such a thing.

    Yet of course it is because they do not understand math or technology that jackasses keep saying fundamentally the same thing: "We want a backdoor only we can use" ... no matter how often the experts patiently say "It is mathematically impossible".

    Don't worry about Donald Trump: he smirks distractedly whenever he hears the word "pair" and wouldn't finish the sentence.

  28. John70

    Will the backdoor password be "Joshua"?

    1. Sir Runcible Spoon Silver badge

      I would have thought 'No more secrets' was more applicable :)

      1. FozzyBear Silver badge
        Facepalm

        Maybe that's where they got the idea. They watched hackers and sneakers and thought, well if hollywood can do it why can't we.

  29. Eclectic Man

    "brilliant brains" at tech companies

    "... that they are sure that the "brilliant brains" at tech companies can come up with a solution that will work".

    Ahem, there is an agency called the National Security Agency in the USA, and there is a government organisation in the UK called the Government Communications Head Quarters. They both have some pretty 'brilliant brains' when it comes to cryptography (I know, I met Clifford C Cocks* once, and he is quite bright).

    Surely the sensible thing for those requiring secure back-doorable cryptography would be to ask their very own boffins?

    Oh, hang on, they probably have and didn't like the answers. This is how people get the idea that commercial organisations do things so much better than civil servants.

    Of course if someone created a model theory of cryptography, maybe there would be a proof of the impossibility of the request. Do you think I could get a grant to return to the world of academic mathematical logic and research one?

    (* CCC was the first inventor of the algorithm now known to the world as RSA, he just wasn't allowed to publish it.)

    1. David Nash Silver badge
      Boffin

      Re: "brilliant brains" at tech companies

      They use that phrase as a kind of psychology. If you claim you can't do it, your brain obviously isn't brilliant enough.

      1. Sir Runcible Spoon Silver badge

        Re: "brilliant brains" at tech companies

        They use that phrase as a kind of psychology.

        They *think* they are, but in reality the people who this is aimed at are quite capable of realising this childish tactic for what it is. The sad part is that the politicians are so stupid that they think the tricks that work on them will also work on people with a brain.

        When I was quite young, I was forever being told how clever people thought I was, yet that didn't stop them criticizing me for making different decisions than they would have made in my situation.

        On one hand they understood that I was a fair bit cleverer than they were, but on the other they refused to accept that I could make more intelligent decisions than them. One of life's little quirks I suppose :)

  30. EastFinchleyite

    The Law of Unintended Consequences

    I like this law, it keeps me amused.

    There is no doubt that the Governments of the Free World are going to spend many millions trying to keep themselves safe and in the process make us less free. The money is there by definition; they just raises taxes or spend less on something else. No-one can stop them.

    These Governments do not have the technical resources to do this themselves. There are lots of brains in GCHQ and the NSA but I guess they are currently occupied and not sitting around twiddling thumbs. Furthermore they know what they are doing and getting involved in some half-arsed logically impossible enterprise is not attractive on a Civil Servant's salary. Governments will have to farm this work out to their cronies in the private sector. The Carillions and Capitas of IT.

    Years will go buy while these companies suck at the tit of private finance until, for political reasons, something has to be delivered. Very quickly it will be proved unfit for purpose much like a lot of other publicly financed, privately developed work. Liverpool Hospital and the NHS IT systems ring any bells?

    So what is the unintended consequence that keeps me amused.? It is that, with all this money and resources wasted on reactionary government control systems, they won't have time to do something really damaging.

    1. collinsl

      Re: The Law of Unintended Consequences

      Er, that is (was) Carillion and Capita. Serco too, and G4S

  31. Russell Chapman Esq.

    It's about not having to admit they already have access to our systems

    For example, Meltdown and Spectre, who knows what other weaknesses there are at the hardware level. Once your device is identified online, it can be accessed. Mandating an official software backdoor is simply a cover story, so evidence can be used 'legally' in court. Governments don't want people to understand that privacy does not exist.

  32. tjdennis2

    This is possible to do safely

    In needs cooperation with the software vendors, but it can be done. Law enforcement officer gets a warrant and provides it to the app vendor. Vendor creates public/private keys and gives the LEO the private key. Then they send a stream of all the communications to the LEO, all encrypted with the public key. Once the warrant expires, the data stream stops.

    This doesn't get them anything from the past just like a wire tap, and nothing once the warrant is over. Every warrant gets a new key pair so no one other than the LEO can decrypt the data. And no one gets a stream of the data from the app without the warrant starting the process. None of this is weakening encryption.

    This would also work from any government using the same process assuming the app vendor is willing to work with other countries.

    1. Sir Runcible Spoon Silver badge

      Re: This is possible to do safely

      I think you're talking at cross purposes here.

      The issue at hand isn't about forcing software companies to use a key system to provide info to law enforcement. They could do that, but any company doing that would be out of business in short order.

      Their problem is with software where the vendor doesn't have access to the unencrypted data, because only the people communicating with one another (two users) have the necessary keys.

      TPTB seem to be insisting that it should be possible to create an encryption algorithm that would allow them (in addition to the two end users of course), and only them, to de-crypt that traffic, i.e. a 'back door'.

      This cannot be done securely. It's not even practical, it's a total non-starter. They would have been told this, so one has to wonder what they are really playing at.

  33. plrndl
    Facepalm

    Phase 2

    OK, so you've got your magic impossible encryption.

    How do you propose to make the black hats use it?

  34. allthecoolshortnamesweretaken Silver badge

    I can't name any names, but my sources tell me that they are top men. Top. Men.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019