back to article They're back! 'Feds only' encryption backdoors prepped in US by Dems

US lawmakers are yet again trying to force backdoors into tech products, allowing Uncle Sam, and anyone else with the necessary skills, to rifle through people's private encrypted information. Two years after her effort to introduce new legislation died, Senator Dianne Feinstein (D-CA) is again spearheading an effort to make …

  1. MajorDoubt
    FAIL

    Too late

    this is just to spy on the masses, anyone that knows anything can just use the many sources of open source unbreakable encryption. smoke and mirrors

    1. cbars

      Re: Too late

      1) that's still something I'd consider to be a bad thing in it's own right

      2) using open source code on which "free from gov intercept vuln" firmware?

      1. whitepines Bronze badge

        Re: Too late

        Chinese ARM? Russian MIPS? Heck even POWER9?

        Chances are if you know what you are doing you can find a device with open firmware. Might not be easy to get but still available.

        1. veti Silver badge

          Re: Too late

          Chances are if you know what you are doing you can find a device with open firmware

          In the first place, "firmware" is not enough. You'd also need to redesign the hardware.

          In the second place, 'open' != 'secure'. Plenty of vulnerabilities go unnoticed for years in open-source software. I would assume that in either Chinese or Russian OS firmware, at least some vulnerabilities would be added deliberately (and well hidden, to make them hard to discover without very close examination).

          Others are presumably included by sheer incompetence, same as in every other piece of software ever.

      2. bombastic bob Silver badge
        Unhappy

        Re: Too late

        there are open source BIOS images out there, too. Some of them disable things like 'management core'.

        just because the sheeple are using "Win-Tel" (with its potential back-doors, etc.) doesn't mean YOU have to. Those same sheeple use FACE-B*TCH and TW*TTER, too.

        (the use of 'asterisk' is because I only have one ass-to-risk...)

    2. Voland's right hand Silver badge

      Re: Too late

      For how long?

      It is only a matter of time when using such tools becomes an offense the same way it was an offense in France or USSR throughout most of the 20th century.

      1. JohnFen Silver badge

        Re: Too late

        Yes, but if they were outlawed in such a way, that would probably not reduce their usage much.

        1. Anonymous Coward
          Anonymous Coward

          Re: Too late

          @JohnFen: "Yes, but if they were outlawed in such a way, that would probably not reduce their usage much."

          The thing is, if strong encryption were outlawed, it'd criminalise anyone using the stuff. But if you're intent on, erm, breaking the law anyway, you might consider using strong encryption to be worth the risk - and unlike, for example, guns and bombs, it's pretty easy to move software from one place to another without it being easy to spot.

          And if you DO ban strong encryption, what about (e.g.) banking security? On-line trading - be it high finance or buying from Amazon? And so on?

          It seems to me that banning strong encryption would penalise those who respect the law and do very little to stop savvy criminals/terrorists/whoever.

          I've just done a Web search and soon came up with reports of two retired spooks - one the former head of MI5, the other of MI6 - both expressing the opinion that we need strong encryption without back doors.

          https://cointelegraph.com/news/ex-mi5-head-dont-weaken-very-positive-encryption

          https://netlawmedia.com/news/former-mi6-head-tells-european-legal-security-forum-im-favour-strong-encryption-albeit-legal-safeguards/

          - although the ex MI6 bloke does seem guilty of magical thinking where he "backed the use of “strong encryption” as a tool for protecting information security, claiming he is “100 per cent in favour of it”." then went on to say:

          "[...] he wanted to see a form of “front door access in the virtual world that you have in the physical world”. Technology providers should behave less like safe manufacturers, who pride themselves in their inability to unlock their own products, he said, and more like old-style telecoms companies. Telecom companies, he added, traditionally allowed the security services to eavesdrop on conversations facilitated by their technology – albeit with the “right legal framework” and the “right authorities in place”."

          This argument seems set to run and run...

    3. Anonymous Coward
      Anonymous Coward

      Re: Too late

      The masses are already being spied on, once they realise it'll be too late.

      First they came for us idiots that send messages and I said a lot which was bad because eventually they got me anyway.

    4. KH

      Re: Too late

      Ignoring the firmware aspect, there's too many people who use computers in "grandma mode". Whatever Microsoft puts on there by default is good enough, and you can jolly well bet MS's security is going to leak like a sieve. Or flat out just copy everything over to secret servers before encryption gets involved. It's like VPNs. It only takes a little knowledge to do a lot of protecting, but many of the masses have never even heard of a VPN.

      Not that grandma really has anything to hide, but that's beside the point. Much like a strip search -- it's the inspection itself that is the offensive part, not the risk (or non-risk) of going to the clink after the man with the rubber glove has probed her cervix.

      1. Jtom Bronze badge

        Re: Too late

        Here's the thing wrt Grandma. Grandma takes a lot of prescription medicine - for thyroid, blood pressure, cholesterol, hrt, etc - and supplements like calcium and iron. She organizes a week's worth at a time in a pill case, so she's not a walking drug store with a dozen bottles.

        In most US states (YMMV), not carrying prescriptive drugs in their original bottles with labeling showing what they are, what doctor prescribed them, and the name of the patient getting the prescription, is a felony (thanks to the war on drugs).

        No, they have no reason to put granny in prison, but they might want something from YOU. So you have a choice: give them what they want, or granny goes to jail.

        Government is nothing but a collection of people, each having their own agenda. Be afraid. Be very afraid. Do not give them any more power than the least needed to maintain society, and never enough power to control it.

    5. sprograms

      Re: Too late

      People of means (their own or the taxpayer's) use couriers for the important communications, or hop on a jet (their own or the taxpayer's) to have a same-day face-to-face. If they're tech-savvy, they also print their courier-delivered messages on a printer purchase by someone else, and frequently changed. Indeed, all this BS is for the little people.

      In 4th amendment terms, Ray wants it so that "only the police" can ransack our private papers at will. Well, sure, that sounds constitutional. The "with specificity" clause was trashed long ago.

      1. Anonymous Coward
        Anonymous Coward

        The "with specificity" clause was trashed long ago.

        The "with a warrant" clause was trashed around the same time.

    6. The Man Who Fell To Earth Silver badge
      WTF?

      I find it interesting

      I find it interesting that despite the NSA hacking tools being stolen, the Federal personnel database being stolen, etc., that no hacker has published Trumps tax returns. Either the IRS has the best security on the planet, or only Russians can truly pilfer the US governments secrets.

      1. Michael Wojcik Silver badge

        Re: I find it interesting

        no hacker has published Trumps tax returns

        What's the incentive to?

        It's trivial to forge a tax return, and possible to create a pretty plausible one. So if you just want to publish a tax return you claim is Trump's, showing whatever it is you'd like to show, there's no reason to bother "hacking" anything.

        So say someone publishes what they claim is Trump's return for one or more recent years. Then:

        - Trump denies it. There's no advantage to him in admitting it's genuine, if it is; and if it isn't, even less to pretending otherwise.

        - Supporters who feel the return justifies their support will claim it's genuine but for reasons of "privacy" or "security" Trump is denying it. Those who feel it puts their man in a poor light will claim it's a fake.

        - Trump opponents would almost certainly seize on it as further evidence of Trump's mendacity, but they don't need any more evidence of that. They're already convinced, and they're not likely to convince many others at this point.

        It's far more useful for opponents to keep demanding that Trump release the returns himself. He almost certainly won't, so they can continue to claim he's hiding something. It's more useful for supporters if no returns are released, because whatever they say and regardless of whether they're genuine they just fuel an argument that supporters prefer would die down.

    7. bombastic bob Silver badge
      Mushroom

      Re: Too late

      ack. too late for guns, and now knives. Those genie's are out of the bottle, and have been out for a LONG time.

      Make them illegal, and ONLY the criminals will have them. SO much for defending yourself, preventing thieves from cracking your bank accounts, etc. when ONLY the bad guys have the necessary means to protect themselves, _AND_ to attack YOU.

      I'm not surprised the Demo-rats are behind this. Their so-called position for pro-civil-rights is nothing more than a SHAM. They've been about controlling the masses for a LONG time. The Republi-crats ("establishment" Republicans, mostly RINOs) are, too, but they've been singled out in the past.

      NOW, Dianne Franken-Feinstein [who occasionally made sense in the past] has gone full-on bat-blank nutzy-cuckoo crying for back-door'd encryption, not knowing a cipher from a key.

      These idiots are SO emotion-based and irresponsibly sinister in their motives, it's pathetic.

      time to "clean house". TEA PARTY!

      NOTE: when you take away the right of an individual to speak his own mind AND to defend himself, you end up with SHEEPLE. And they're *EASY* to control, like a herd of sheep.

      1984 anyone? that's a TYPO.

      1. Dr. Mouse Silver badge

        Re: Too late

        "too late for guns, and now knives. Those genie's are out of the bottle, and have been out for a LONG time... Make them illegal, and ONLY the criminals will have them."

        The thing is that this makes the job easier for the police: Someone has a gun, they are a criminal. They don't need to start looking for other crimes they committed straight away, the dangerous nut job can be taken off the street immediately. Unlike the current situation in the US where anyone may "legitimately" have and be carrying a gun...

        The whole "guns make people safe" argument doesn't fly with me, never has and never will. It's a machine designed with one purpose: to kill. Apart from a few people in specific circumstances, noone should have one.

        1. Anonymous Coward
          Anonymous Coward

          Re: Too late

          Well, guns are pretty much illegal in the UK (with some exceptions) so mostly only criminals have them.

          I don't see the Police arresting that many criminals with guns though. False argument, totally based on trust of people who have abused our trust, repeatedly.

          If TPTB want people to rescind all options of protecting themselves in favour of letting their government do all that for them, then perhaps the governments should first try re-establishing some trust with the people.

          Otherwise it looks like what it most probably is: another tool for oppression and systemic population control.

          1. Dr. Mouse Silver badge

            Re: Too late

            "Well, guns are pretty much illegal in the UK (with some exceptions) so mostly only criminals have them... I don't see the Police arresting that many criminals with guns though. False argument, totally based on trust of people who have abused our trust, repeatedly."

            And how many cases of gun-related crime do we have? If a cop spots someone on the street with a gun, what do they do? A car on the M62 was recently thought to have an illegal firearm in it, and they did all in their power to catch them (and succeeded). The fact that there is such a low amount of gun crime in this country shows that the policy works.

            The other end of the argument which always comes back is that guns allow you to protect yourself from the government. This is wrong too: The government will always have more guns and weapons, and having a gun yourself just leads to a higher chance you would be killed in any confrontation.

            1. Anonymous Coward
              Anonymous Coward

              Re: Too late

              I see what you are saying, but we are using guns as an analogy for encryption.

              Encryption doesn't have a greater velocity/mass than that of an unladen swallow, European or otherwise, so isn't exactly lethal.

              If we take your extension of the analogy and apply it to cryptography, it would require that only criminals or law-enforcement have access to strong crypto - in that case you can kiss goodbye to the world economy.

            2. Jtom Bronze badge

              Re: Too late

              You have pretty much eliminated the guns, yet the murders and assaults contine. So, besides taking away the possibility of the people rising up against a corrupt government, just what have you accomplished?

              1. Anonymous Coward
                Anonymous Coward

                Re: Too late

                @jJtom "You have pretty much eliminated the guns, yet the murders and assaults contine."

                "just what have you accomplished?"

                What have we accomplished?

                A rate per head of intentional homicide in the UK of about a quarter of that in the USA, and a murder rate per head in the UK of about 1/18th of that in the USA.

                At least, that's what this link says:

                http://www.nationmaster.com/country-info/compare/United-Kingdom/United-States/Crime/Violent-crime

            3. intrigid

              Re: Too late

              "The fact that there is such a low amount of gun crime in this country shows that the policy works."

              And what about victims of non-gun crime? They don't deserve to be included in your dataset, why exactly?

              I don't know about you, but if I were laying stabbed in a pool of my own blood, my last words wouldn't be "At least I can die happy knowing I wasn't shot..."

          2. Baldrickk Silver badge

            Re: Too late

            I don't see the Police arresting that many criminals with guns though. False argument, totally based on trust of people who have abused our trust, repeatedly.

            That would be because most people they arrest don't have guns. Gun crime is exceedingly rare here, despite what the news may report.

            If someone is seen with a gun, and they don't have a good explanation for it, then they will be arrested, no questions asked.

            As for those automatic weapons that can be purchased e.g. AR15s with bump stock conversion? Not readily available here, even the police have custom modified weapons, that are limited to semi-auto, despite the gun not being produced with a semi-auto option.

        2. intrigid

          Re: Too late

          "The thing is that this makes the job easier for the police: Someone has a gun, they are a criminal."

          Well yeah, by definition, being a police officer becomes a hell of a lot easier and less risky when your job description is to arrest people who have yet to harm anyone!

          Someone uses strong encryption, they are a criminal. (Why would you need strong encryption anyway if you don't have criminal intent?) This makes the job easier for police.

        3. Petersonregistery

          Re: Too late

          "Someone has a gun, they are a criminal."

          Not so. I have a gun and I carry it with me everywhere I go. Oh, I forgot. I'm in Texas.

          1. Dr. Mouse Silver badge

            Re: Too late

            To those using gun laws as an analogy for encryption, there's a very big difference.

            Encryption is designed to secure data.

            Guns are designed to kill.

            If you believe that killing and securing data are even remotely similar, then there's something very wrong with you.

      2. Anonymous Coward
        Anonymous Coward

        Sheeple? was Re: Too late

        @"bombastic bob

        "NOTE: when you take away the right of an individual to speak his own mind AND to defend himself, you end up with SHEEPLE."

        I wonder, bombastic bob, if you could specify exactly what degree of restriction on access to weaponry turns people into SHEEPLE? As far as I know, even in the USA, ordinary citizens aren't allowed to possess and bear arms such as M18 Claymore mines, AGM-114 Hellfire missiles, or even some straightforward rifles like the M2 0.5 inch Browning machine gun.

        Are such restrictions a problem? If not, exactly where is the line drawn between the weapons needed to stop people turning into SHEEPLE and those weapons which aren't required?

  2. Paul Crawford Silver badge

    So at what point will legislation force all public servants and politicians to use the "magical" proposed system and only the proposed system?

    After all if it is secure and never going to be abused then they have nothing to worry about and surely will be delighted.

    1. Pen-y-gors Silver badge

      Such a backdoor could be exploited by skilled miscreantsRussian hackers to also read people'sUS politicians's files and communications,"

      FTFY - and that should be the death of any proposal

      1. Anonymous Coward
        Anonymous Coward

        Cue violins.

        US politicians have no problem exploiting others but don't like it when someone does it to them.

        Boo-hoo.

      2. LDS Silver badge

        "Such a backdoor could be exploited by"

        Of course politicians will ask for backdoor-free devices, because their caste rank deserves it..

    2. Anonymous Coward
      Anonymous Coward

      "So at what point will legislation force all public servants and politicians to use the "magical" proposed system and only the proposed system?"

      I think if they're so insistent on this, the crypto-experts should suggest a 5-10 year test plan where compromised crypto is used for all government encryption. The keys are secure right?

      They've wanted this crap for how long now? What's another 5 years to prove their claims to us by leading by example?

      1. dave 81

        Not a chance

        Just like with the snoopers charter, they will exempt themselves from it.

    3. Baldrickk Silver badge

      So at what point will legislation force all public servants and politicians to use the "magical" proposed system and only the proposed system?

      After all if it is secure and never going to be abused then they have nothing to worry about and surely will be delighted.

      heh. They'll still be hosting their own illegal servers in their bathrooms if they think it will be an advantage to them.

  3. Mark 85 Silver badge
    Mushroom

    Congress first....All US Government offices second....

    I'm ok with this IF they do it first for at least a year..... If nothing gets hacked then they can shove it at everyone else. OTOH, I'm betting that Congress and the Agencies will exempt themselves from using any backdoor.

    Icon.... there's are real shitstorm coming.....

    1. MrDamage

      Re: Congress first....All US Government offices second....

      Also make those who propose, and back, such mandatory backdooring policies should be the ones held financially liable for anything that goes wrong with their "magical access".

      1. Richard 12 Silver badge

        Re: Congress first....All US Government offices second....

        Exploding collars would concentrate minds better.

  4. Christoph Silver badge

    "to come up with a secure way to allow only law enforcement to access information."

    Law enforcement of which country?

    Of the USA only? So the USA government can read the messages of everyone in the world? How exactly are they going to enforce that?

    Or will they let other governments use it - so they can spy on the USA?

    Will they ban strong encryption only in the USA? So everyone has to switch devices as they cross the border? If strong encryption is available just across the border, how will they stop USA criminals using it?

    If international companies have to switch to weakened encryption when talking to their USA offices, they are going to move as much as possible out of the USA.

    None of this seems to get mentioned - the politicians talk about it as if the USA was the only place in the world (which is not exactly unusual).

    1. Yet Another Anonymous coward Silver badge

      Law enforcement of which country?

      Even within the USA - which law enforcement?

      Do you think the boss of the CIA is going to have a phone that a community support officer in Arkansas can access?

      Every branch of government, law enforcement, state, county, municipal, military, DEA, DHS, MMB are going to want the ability to read everyone else's phone while having theirs entirely secure from all their law enforcement colleagues

  5. Will Godfrey Silver badge
    Unhappy

    As I've said before...

    They would not listen,

    They're not listening still.

    Perhaps they never will.

    1. Notas Badoff Silver badge

      Re: As I've said before...

      I ask only this. If you wish to continue insisting there is a workable backdoor, then we get to insist on writing "There is no workable backdoor" on your tombstone. If at that point you want to continue debating the matter, we'll be waiting for you...

      (Required disclaimer for this age: no, I'm not suggesting killing them. I'm suggesting every legislator should be forcibly memorialized on their eventual tombstone by reference to their stupidest act of public legislation. No grand statue is going to hide the message "We the people regret electing this idiot".)

      1. Doctor Syntax Silver badge

        Re: As I've said before...

        "I'm suggesting every legislator should be forcibly memorialized on their eventual tombstone by reference to their stupidest act of public legislation."

        Maybe you've just explained Stonehenge.

        1. Big John Silver badge

          Re: As I've said before...

          Why "every legislator" when this stuff seems to be getting pushed only by the Democrat ones? Why include the other side? Is it important to spread the blame in this case?

          1. lglethal Silver badge
            Stop

            Re: As I've said before...

            John, there is more then enough stupid bollocks coming out of both sides of your congress, so every legislator IS appropriate. Why dont you pull your head out of your bipartisan arse and realise that all politicians no matter from what political spectrum should face mockery.

    2. Norman Nescio Bronze badge

      Re: As I've said before...

      They would not listen,

      They're not listening still.

      Perhaps they never will.

      "It is difficult to get a man to understand something, when his salary depends upon his not understanding it!"

      Upton Sinclair, I, Candidate for Governor: And How I Got Licked (1935), ISBN 0-520-08198-6; repr. University of California Press, 1994, p. 109.

  6. Anonymous Coward
    Anonymous Coward

    Dems

    Good thing they're not in charge.

    When these fascists tools lose the 2018 elections over this, will they blame "Russian hax0rs" again?

    1. DougS Silver badge

      Re: Dems

      Yes, keep believing it is only the democrats who want to do this plan. It was republicans who started the warrantless wiretapping, democrats who continued/expanded it, and if you think Trump shut it down you're an idiot.

      1. Someone Else Silver badge

        @DougS -- Re: Dems

        [...] and if you think Trump shut it down you're an idiot.

        Actually, it's pretty clear that he's an idiot, regardless of what he thinks.

      2. Big John Silver badge

        Re: Dems

        Um, the current issue here is the proposed installation of backdoors, not warrantless wiretapping, bad as that is. But your switch enabled you to include the GOP in the discussion. Is it just too painful for you to see the Democrats doing evil stuff without being able to blame the GOP?

        1. DougS Silver badge

          Re: Dems

          I was just responding to the idiot who is blaming the democrats exclusively.

          And sorry to disappoint you, but if you think I'm a democrat because I'm not a republican, you couldn't be more wrong.

  7. Doctor Syntax Silver badge

    It's perfectly simple. All they have to do is put it out to tender with the proviso that any proposed solution be critically examined for cryptographic flaws and flaws which would allow the system to be hacked. The project tender should be in two stages. The first would be given to a number of contractors, each to perform a feasibility study and proposal, the second would be awarded to the best proposal.

    They can be seen to be doing something which will keep them happy. As the rest of us know the tender will be on a hiding to nothing the rest of us can be happy. The latter includes the contractors because they know they can be paid for doing a lot of work on the feasibility study and still get paid for saying it can't be done. One bright spark, of course, will probably come up with an idea which will eventually fail on critical assessment but they'll still be paid.

    This is not, unlike many government IT projects, a waste of public money. It will be an excellent investment on keeping the idiots off everyone's backs, possibly for years with the additional advantage that as it will fail in their own terms they can still eventually be vilified for wasting public money.

    1. lglethal Silver badge
      Go

      Or alternatively, its pay on delivery, and only after it has been throroughly vetted by an impartial international team of cryptographic experts. Failure at this stage means no payment. If somehow it gets approved beyond this stage, the firm/researchers who develop the solution are to be held liable for the eventual cracking of the backdoor.

      That should scare of any tenderers, and save everyone money.

  8. DougS Silver badge

    Its an election year

    Time for politicians to posture by supporting stuff they believe the majority of voters want (and unfortunately the majority of voters in both parties are sheep who would gladly give up their freedom in exchange for a little imagined security)

  9. whitepines Bronze badge
    Mushroom

    Time to only use devices with open source firmware. There's a few on the market, but cell phones always have proprietary blobs and magic binaries, meaning it's probably best to avoid smartphones period....

    1. veti Silver badge

      Yeah, because I'm totally going to spend my time reviewing my own devices' firmware.

      And I'm sure I'm so much more expert than the hackers who originally threw it together. Bearing in mind, as Brian Kernighan says, "debugging is twice as hard as writing a program in the first place". And that's even assuming there hasn't been a bad actor deliberately inserting a stealth vulnerability at some stage in the project.

      1. whitepines Bronze badge
        Facepalm

        If you have something of value others want, like designs, software code, blackmail-worthy pictures, financial statements, your kids' names, associates, known friends, schedules (everything needed for a really bad actor to do something evil), maybe you will be motivated to only store them on a device you've bothered to look through the firmware for?

        Network code is generally pretty obvious. It's also something that doesn't belong in firmware except at very specific points. Not too hard to find...

        Of course if you're one of the "throw it all up on Google and FaceBook types", you'd deserve everything coming your way from the world+dog knowing your intimate details...

        1. Mark 65 Silver badge

          ...maybe you will be motivated to only store them on a device you've bothered to look through the firmware for?

          Yeah, because leading phone models never get pen-tested by independents who actually have a clue what they're looking at do they? If things like the Intel/AMD design faults get discovered I'm pretty sure ant firmware or, more importantly, hardware ones will. And that is the point, your firmware may be open but what about the hardware underneath?

  10. Brian Miller Silver badge

    Embarrassment of Advisors

    Earlier this year, the FBI was formally asked to disclose who the experts are that are telling the agency it is possible to create a secure Feds-only backdoor. It has so far refused to do so.

    You wouldn't reveal your sources, either, when you've been advised by Santa Clause, the Tooth Fairy, and wished upon a star.

    Maybe by the aliens in area 51, too.

    1. Paul Hovnanian Silver badge

      Re: Embarrassment of Advisors

      "asked to disclose who the experts are that are telling the agency it is possible to create a secure Feds-only backdoor"

      Let me guess: The Russians?

      1. Sir Runcible Spoon Silver badge
        Black Helicopters

        Re: Embarrassment of Advisors

        "Let me guess: The Russians?"

        I'm thinking somewhere warmer, where there are plenty of technical experts in the field of security.

  11. DeKrow
    Mushroom

    Political mindset extrapolation

    What I find the most scary about this on-on-on-going debate, is that politicians (on both sides of the fence, I'm not partisan in this) are continuing to try and find ways to defeat maths; where maths is the immovable object, and has been described as such by all the experts (in both mathematics and IT security).

    The fact that politicians (around the world) cannot let go of a blindingly obvious exercise in futility gives me nightmares about how they treat other, more malleable, things that may get in the way of their 'seizure of power'. If the immovable object mathematics doesn't stop them, then mere human-constructed laws would be treated as potholes to be ridden roughshod over whilst keeping their eyes on the prize.

    We've bred this species of arrogant, 'we can do anything' politicians because the punishment for corrupt, or not-in-the-best-interests-of-the-people, behaviour is dictated by the very people that have the capacity to be the wrong-doers. Far from being punished for working for personal rather than societal goals, they're making bank from it. This situation has continued long enough such that it has attracted the exact kinds of people that work towards self-aggrandisement, as opposed to 'nation leading', to political careers, thus magnifying the problem.

    In Australia's system, at least, it's led to in-fighting that's resulted in four changes of Prime Minister outside of the election cycle in the last decade.

    If you do something wrong, and don't get punished for it, how do you know it's wrong?

    1. John Brown (no body) Silver badge

      Re: Political mindset extrapolation

      "What I find the most scary about this on-on-on-going debate, is that politicians (on both sides of the fence, I'm not partisan in this) are continuing to try and find ways to defeat maths; where maths is the immovable object, and has been described as such by all the experts (in both mathematics and IT security)."

      Maybe they ought to be reminded that you can't legislate that pi=3 because it really doesn't make maths easier.

    2. Mark 65 Silver badge

      Re: Political mindset extrapolation

      Being smart isn't a prerequisite to being elected. Being a greasy rent-seeking parasite seems to be though.

  12. -tim
    FAIL

    They don't understand that Clipper has sailed

    Everything ever encrypted with the Clipper chip can be decoded by non-gvoerment types. Yet the politicians won't think of the real risks.

  13. alain williams Silver badge

    Mrs May: I have an idea that should work ...

    please just employ me at the very reasonable salary of £200,000/year and I promise that I will try my hardest to code something that has a GCHQ only back door.

    It is not a lot of money for the government to save us from evil terrorists & drug dealers (do think of the children), but will bolster my pension fund nicely - I only have a few years before retirement.

    If we get a good designer who can make the app look pretty then all these nasty people will be seduced into using it rather than some free open source stuff.

    Please, pretty please!

  14. Anonymous Coward
    Anonymous Coward

    Criminal Defence

    Apologies for thinking like a lawyer - but if the feds have this capability it will provide a standard defence for all crims.

    "Your device was found to have plans for an attack on the Underground."

    "No, m'lud, Special Branch accessed it an planted the files, before removing all traces"

    "Do you have any evidence?"

    "Well they have the capability, so they could well have done it."

    Thus, reasonable doubt is brought in. The irritating thing with these clowns is that most of them are lawyers and should know better.

    1. VikiAi
      Unhappy

      Re: Criminal Defence

      I imagine killing the concept of 'reasonable doubt' is not much further down their wish list.

      1. Nick Kew Silver badge

        Re: Criminal Defence

        In the case of those accused of terrorist-related offences, troublesome lawyers won't be troubled in the first place. Just kill them, or ship them to Guantanamo Gulag.

        1. Sir Runcible Spoon Silver badge

          Re: Criminal Defence

          Considering the US is the country in which an accomplice burglar was convicted of murder and sentenced to 95 years after a police officer shot the other burglar dead when they were trying to escape.

          I'm not excusing or condoning burglary, neither am I criticizing the Police officer who shot the suspect dead, but the courts thinking that it is logical to find the other burglar guilty of murder? That's bat-shit insane.

          1. Mark 65 Silver badge

            Re: Criminal Defence

            Considering the US is the country in which an accomplice burglar was convicted of murder and sentenced to 95 years after a police officer shot the other burglar dead when they were trying to escape.

            The US has been the undeniable leader of the worst judicial system on the planet that masquerades as being fair or just for quite some time and by quite some margin. Countries with similar systems are often just accused of being openly corrupt rather than "the land of the free" - who says they don't understand irony?

    2. jelabarre59 Silver badge

      Re: Criminal Defence

      Thus, reasonable doubt is brought in. The irritating thing with these clowns is that most of them are lawyers and should know better.

      Not so sure. Sometimes those are mutually exclusive.

    3. Mark 85 Silver badge

      Re: Criminal Defence

      The irritating thing with these clowns is that most of them are lawyers and should know better.

      That's only one part of the problem. The other problem is they (with a few notable exceptions) have no clue whatsoever about computers and tech. Many have no idea how to even turn one on. A few of the idiotic questions tossed at Zuck this week prove that and yet they will regulate that which they have no clue.

  15. ecarlseen

    We need a name for this, and I'll throw one out there:

    It has the same absurd, mindless-defiance-in-the-face-of-absolute-evidence aspects of the effluvia spewed by a more common and similarly-named mythical belief. Yes, we know that any jackass can build a backdoor into a crypto system. We also know that, as a practical matter, it's absurdly impossible to keep said backdoors from being abused. It relfects the sort of detachment from reality normally associated with the severely mentally challenged... although this should come as no shock as we're dealing with politicians.

    So that's it, I'm coining it: "Flat-Earth Encryption."

    Enjoy.

    1. hplasm Silver badge
      Thumb Up

      Re: We need a name for this, and I'll throw one out there:

      "So that's it, I'm coining it: "Flat-Earth Encryption.""

      +1 for you!

      Coming soon "Young Earth Encryption" -6000 bit keys!

    2. Mark 65 Silver badge

      Re: We need a name for this, and I'll throw one out there:

      Implemented using the all new Unicorn Chip.

  16. Anonymous Coward
    Anonymous Coward

    There is no God given right to digital security

    As much as many people don't like to admit it, there is no God given right to digital security. In fact every single electronic communication device can be hacked and most have been. Authorities are requesting a means to expedite the process which can be very important when dealing with crime and terrorism. Anyone who believes that encryption will protect them from being prosecuted for their crimes is in for a reality check.

    1. whitepines Bronze badge
      Coat

      Re: There is no God given right to digital security

      Oops, you just committed a felony in some backwater country by mentioning God. And since there's a very convenient digital trail tying you and your device to your post, guess it's jail or reeducation camps for you...

    2. DeKrow
      Holmes

      Re: There is no God given right to digital security

      That's like saying that there's no God given right to life either because every single human can be murdered and some have been. There are laws against it, as are there laws against hacking.

      Really, there are no God given rights at all. For various reasons...

      "Anyone who believes that encryption will protect them from being prosecuted for their crimes is in for a reality check."

      But this is what "they" are proclaiming: encryption is protecting criminals from prosecution.

      Which side are you (dis)agreeing with?

      1. VikiAi
        Go

        Re: There is no God given right to digital security

        "Which side are you (dis)agreeing with?"

        He is being cryptic. Lock him up!

    3. Loud Speaker Bronze badge

      Re: There is no God given right to digital security

      In other words:

      Anyone who believes that their financial transactions are protected over the internet is in for a reality check? Thought as much. Someone should tell Amazon and Barclays Bank.

      Incidentally, OTPs still work, whether you use a pen and paper, or a shell script. I think you will find MP3s and PNGs work quite well as OTPs. (random() is probably better). The trick is saying which file and getting a copy to the other end. Its not difficult, but I will not disclose my methods without being paid ;-)

    4. hplasm Silver badge
      Alien

      Re: There is no God given right to digital security

      "As much as many people don't like to admit it, there is no God..."

      1. Paul Hovnanian Silver badge
        Devil

        Re: There is no God given right to digital security

        "there is no God..."

        That doesn't stop the three-letter agencies from playing one.

    5. Phil O'Sophical Silver badge

      Re: There is no God given right to digital security

      Authorities are requesting a means to expedite the process which can be very important when dealing with crime and terrorism.

      At the risk of re-stating the bleeding obvious, you are completely missing the point, which is:

      • History shows that any backdoor which is supposedly only available to the authorities will rapidly become available to criminals, so all your routine encrypted transactions, like your online banking, will become insecure & open to theft/fraud.
      • It is trivially easy to bypass this by using private non-backdoored encryption on your message before submitting it to the backdoored-systems, so the authorities still won't be able to decrypt your message even with a backdoor.
      The consequence, as always, is that it will have zero effect on criminals or terrorists, but will make ordinary citizens less safe.

      1. Sir Runcible Spoon Silver badge

        Re: There is no God given right to digital security

        Pro-tip (from Bruce): Perform all your encryption activities on a 100% off-line device before transferring said files manually to your communication system for transmission.

      2. Anonymous Coward
        Anonymous Coward

        Re: There is no God given right to digital security

        The consequence, as always, is that it will have zero effect on criminals or terrorists, but will make ordinary citizens less safe.

        It's EXACTLY the sort of legislation Feinstein & Friends have been pushing in other areas as well, so no surprise there.

        1. Bronek Kozicki Silver badge

          There is God given right to privacy

          I was thinking about it yesterday, having just read some fine books by Charles Stross (the author is a bit of a geek, I suspect he might be reading the comments here).

          Anyone who agrees (or employs such argument) that "if you have nothing to hide, you have nothing to fear" is totally missing the point of privacy, which is one of the fundamental human rights. It is also the one thing which stands between civilized society and police state.

          I think that there are people who lack the imagination to foresee what life would be without the right to privacy, or they assume that their personal privacy would be protected, because they are "just ordinary people". But this is not how things work - once you give it up, you are no longer living in a civilized society and "normal rules" do not apply.

          We may have some degree of privacy right now, but in order to keep it we have to value and protect it.

          1. Sir Runcible Spoon Silver badge

            Re: There is God given right to privacy

            Next time anyone says that line I'm going to ask them if they approve of the methods used by the Stasi in East Germany during the cold war.

            1. Mark 65 Silver badge

              Re: There is God given right to privacy

              Next time anyone says that line I'm going to ask them if they approve of the methods used by the Stasi in East Germany during the cold war.

              To which the honest answer should be yes seeing as how, information wise, we are way beyond their wettest dreams already. The general public posting everything on Facebook has been a great help. Imagine going back in time and telling the head of the Stasi that in 40+ years time you wouldn't need lots of spies or torture as the public would just offer up their thoughts, opinions, relationships etc for free in a giant cesspool of searchable data because they actually believe your catchphrase (and that of every despotic regime) of "nothing to hide, nothing to fear".

              Who'd have thought re-education would simply involve lowering standards of education and letting nature take its course?

              1. Sir Runcible Spoon Silver badge

                Re: There is God given right to privacy

                To which the honest answer should be yes seeing as how, information wise, we are way beyond their wettest dreams already.

                Can't disagree with that, but it might be useful to point out to someone what it was like before they were slowly boiled over the last 17 years, they might not actually realise.

          2. Mark 85 Silver badge

            Re: There is God given right to privacy

            Anyone who agrees (or employs such argument) that "if you have nothing to hide, you have nothing to fear" is totally missing the point of privacy,

            Lately, anytime I've heard that line used I've asked a simple question: "Then you won't mind at all if I or someone else installs some cameras in your house? Say the bedroom and the bathroom?" Then I sit back and watch them fume, turn red in the face, and usually stomp off swearing.

    6. Anonymous Coward
      Anonymous Coward

      Re: There is no God given right to digital security

      You are absolutely correct, there is not God given right to digital security. But without it, the current world economy fails. Banking fails. Control systems can be hacked and fail. The world as we know it today FAILS.

      If you are asking for a backdoor, you are begging for worldwide economic collapse. Period.

  17. Someone Else Silver badge
    Unhappy

    Seems Dianne Feinstein is slipping.

    1. Mark 65 Silver badge

      Into a coma would be nice.

  18. Winkypop Silver badge
    Coat

    Simple, just call: 36-24-36

    It's time you made a stand

    For a fee

    I'm happy to be

    Your back door man...

    -------

    Mine's the one with the school cap in it.

    1. Fortycoats

      Re: Simple, just call: 36-24-36

      Unfortunately these dirty deeds are not being done dirt cheap. Instead it's bloody expensive, it seems to me.

      1. Mark 65 Silver badge

        Re: Simple, just call: 36-24-36

        Moneytalks.

  19. Anonymous Coward
    Anonymous Coward

    The ultimate vapour-ware

    Magic-thinking-ware 1.0

    1. VikiAi
      Go

      Re: The ultimate vapour-ware

      Needs more blockchain.

      1. Paul Crawford Silver badge

        Re: The ultimate vapour-ware

        And a little salt

  20. Christoph Silver badge

    Gurerfn Znl vf Jngpuvat Lbh

    1. Sir Runcible Spoon Silver badge
      Joke

      zlasherbat ofn ipsicle clunderncntu

  21. Joe Harrison Silver badge

    Disinformation

    "Wahh we have a backlog of all these phones we can't get into."

    I don't believe there is a single smartphone you can buy which is not already backdoored. (I am talking about normal phones for normal people here, not something you made out of two Raspberry Pi velcroed to a 7 inch display.)

    I can certainly believe though that most of the "can't get in" complainers are simply too junior in the law enforcement infrastructure to be allowed into the backdoor secret.

    1. Kevin Johnston Silver badge

      Re: Disinformation

      You have missed the more probable reason

      The backlog of phones is because the case each phone relates to is not significant enough to put any effort into (or to get them onto the 'must crack this phone' list) but collectively they help the cause for needing more powers. The repeated reference to this HUUUGE list is intended to bat away rational arguments from the people who see no need for those extra powers 'because terrrism/think of the children/pro-Trump/anti-Trump/furriners'*

      *delete to select flavour of the day

  22. Jess--

    this talk of encryption that can be accessed by the owner and law enforcement make me think of locks that can be opened by 2 different keys.

    Key 1 is owned by you and is relatively unique, Key 2 is on the keyring of every member of law enforcement worldwide.

    of course nobody could ever possibly get a copy of Key 2!

    I can't help thinking of luggage locks.

    1. Sir Runcible Spoon Silver badge
      Coat

      "Key 1 is owned by you and is relatively unique"

      You might want to revisit your information sources on the definition of one of those words ;)

      1. Jess--

        by relatively unique I mean it is theoretically possible for someone to have generated an identical key even if the odds are vanishingly small. but even if there were an identical key out there somewhere the odds of that key being tried in my lock would be even smaller.

    2. Yet Another Anonymous coward Silver badge

      Key 1 is owned by you and is relatively unique, Key 2 is on the keyring of every member of law enforcement worldwide.

      Even better - key 1 is yours, keys 2 to 9999 are on the keyrings of 9999 different agencies worldwide.

      There are only 4 digits in the key combination

  23. 0laf Silver badge
    Unhappy

    I don't know why politicians can't get that what they are asking for is effectively the same as asking for a pet dinosaur, or a magic carpet or a shrink ray. The knowledgeable people have all screamed "Ye cannae break the laws of physics, or maths" but it doesn't matter.

    They've had an idea, and if they can think it you can do it. They don't need to understand the detail just the idea. So just get on and do it.

    Scary that the people in charge can be so proudly ignorant and divorced from reality.

    1. Sir Runcible Spoon Silver badge

      I don't know why you are so confident that they don't understand the issue.

      Let us, for arguments sake, assume that they *do* know what the issue is. What can we surmise from this premise?

      Well, let us first look to the intended consequences of the situation by first establishing a couple of parameters..

      - There can be no back-door to encryption

      - There is constant pressure to implement a back-door to encryption

      - Most people are ignorant of the ramifications

      - TPTB blame lack of ability to decrypt key devices for crime 'x'

      All of this contributes to a dynamic state of fear in the population that has no resolution (much like the war on 'drugs' etc.).

      Fear in the population makes them easier to control.

      What was your question again?

  24. AndyD 8-)₹

    @0laf

    "Scary that the people in charge can be so proudly ignorant and divorced from reality."

    That is so VERY VERY true - and has nothing to do with encryption!

  25. Anonymous Coward
    Anonymous Coward

    Tangled up in technology

    Everyone has got this issue tangled up with technology, as if it is something that has been created by and can be solved by technical means. The principles behind it are not exclusive to technology. The lawmakers should pursue a law that disallows the hiding of evidence in locations known only to the owner. If you're going to hide a corpse in the woods, then the law should require you to put it in a place known only to you and to the authorities. If you want to put your cash under a secret floorboard that burglars cannot find, it must be in a standard secret location registered with the police. When this is all working smoothly, we can have a sensible discussion about encryption.

  26. one crazy media

    Dianne Foolstein

    Dianne,

    How about making 40o keys for your front door and putting it under a rock and see if thieves will find the right key to open the door?

    Time for you to retire

  27. Swarthy Silver badge

    In light of this

    And other goings-on, I feel the need to ask, Does anyone know of any good Software Dev/Archetect gigs in any countries that are not sliding into a police state? Preferably where one could get by with English for the first yar or two while picking up the local tongue?

    My preliminary resaerch makes me think Ireland may be a good choice, but I want to get inputs from the Commentariat to make a good descision.

    Thanks in Advance.

    1. Yet Another Anonymous coward Silver badge

      Re: In light of this

      China ? At least you don't have to worry about the sliding

    2. Bronek Kozicki Silver badge

      Re: In light of this

      CERN, perhaps - it is (nominally) in Switzerland, which has very strong privacy laws.

  28. Anonymous Coward
    Anonymous Coward

    Waiting for the next

    Pro-backdoor advocates have presumably been waiting for the next terrorist attack in order to relaunch efforts

    As the Progressives would say; "Never let a good crisis/disaster/atrocity go to waste."

    And Diane Feinmessyougitusinto is clueless in SO many ways. This is just the latest boneheaded and blatantly unworkable solution she's pproposed. She also believes disarming innocent citizens will make the criminals, terrorists and sociopaths behave themselves and go away. Yeah, more dimwitted than most, but she has a big mouth to try to make up for it.

  29. intrigid

    "the FBI was only interested in the contents phones used by terrorists and criminals; that not having access to phone data was a "major public safety issue";"

    The FBI ignored 41 warnings about a potential mass shooter before he finally killed 17 people. I'm pretty sure any shred of credibility that government agencies might have had on the issue of "public safety" is now completely blown out of the water.

  30. crap

    Another politician well past their best before date.

    1. Mark 85 Silver badge

      Aren't they all? I think the "best before date" for a politician is the day they were born.

  31. Phukov Andigh Bronze badge

    watch this space!

    Congresscritters with a D tattoed on their ample arses, demand a thing. then after their majority passes it but a R branded arse sits in the Big Chair, within a few years, see the Ds ranting about how evil Rs are backdooring their software bcuz the R allowed the Ds what they demanded.

    Reverse letters when appropriate.

    The ones that do a "one cheek sneak" to break wind with the appropriate arse tattoo letter, are the worst as they blame when they don't get what they want and blame when they do, all by simply shifting to one side or the other.

    Wut, you think political bloviation comes out their MOUTH?

  32. Anonymous Coward
    Anonymous Coward

    I don’t get the fuss here… that low level hardware / software backdoor already exists. All recent generation Qualcom chips and their clones provide direct memory access to the baseband controller (in the old days said RF subsystem was usually connected via USB and thus “isolatable”). Baseband firmware updates can always be silently pushed by the network to the device. A “Government” special access firmware can then snoop around the RAM and ex-filtrate passwords/keys or data at will. I guess now all they need to do is standardize it across devices / architectures to improve the convenience factor for the feds… ho hum…

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019