back to article Security gurus deliver coup de grace to US govt's encryption backdoor demands

With congressional hearings due on Wednesday to discuss US government plans to force tech companies to install backdoors in their encryption systems, some of the leading minds in the security world have published a paper on how, and if, such a system would work. The authors of the 34-page paper [PDF] read like a who's who of …

  1. NotBob

    If only people would stop wanting to hide things, our surveillance work would be so much easier. Let's make encryption broken for everyone but us...

    Same as the old "I believe everyone should have firearms but only I should have ammunition." I wish I could say there's no chance of trying to implement.

    1. Thorne

      Yes but it was the universal surveillance that made everybody want to hide things.

      If the government didn't overreach and they still needed a warrant to tap someone's communications, people wouldn't bother with encryption for most things.

      It's all the spying that created the encrypt everything society. What you sow, so shall you reap.

      1. Anonymous Coward
        Anonymous Coward

        If the government didn't overreach

        but the government(s) and people in general WILL overreach, whenever they can (see: why do dogs lick their balls).

        1. WalterAlter

          Re: If the government didn't overreach

          So the bazillion blopobyte number cruncher at the NSA's "Little Manhattan Project" in the Utah desert can't brute force what they need to brute force then? So they would actually have to suspect that an encrypted communication might be up to no good and target that particular communication rather than my aunt Wannie's porn habit then? And we're to believe that the intel product sieved from the global backdoor wouldn't end up in the hands of unauthorized Illuminati Schickelgrubers then? Frankly, I'm going to need a bit more logic in order to make up my mind on this issue.

    2. Anonymous Coward
      Anonymous Coward

      Let's make encryption broken for everyone but us...

      I wish I could say there's no chance of trying to implement.

      Trying to implement? It's already implemented. It practically exclusively infests practically everything the plebeians are allowed to play with. You almost certainly use it every day. I know I do.

      1. Rimpel

        The subject of the 'I wish I could say there's no chance of trying to implement' statement is the 'encryption back door'. Do you use an encryption back door every day? really? no thought not.

        1. Anonymous Coward
          Anonymous Coward

          @Rimple: You seem to have misunderstood me. I am not a TLA so it's not their "backdoors" I'm allowed to play with - it's the software that distributes them. Yes, I use broken by designtm encryption every day. Backdoors and all. As do you. Yes, really.

  2. Palpy
    WTF?

    O be still my frightened heart

    The USA may lose "... it's influence as a bastion of freedom and democracy."

    And this after revelations about Abu Ghraib, rendition, waterboarding at Guantanamo, and the most extensive prison system since Stalin?

    El Reg does note that USA's rep may need some repair, but PR spackle will never cover those cracks. I mean, I live in the place, and even I know that "bastion of freedom and democracy" was right out of the picture by the 1980s.

    1. Anonymous Coward
      Anonymous Coward

      Re: O be still my frightened heart

      The USA may lose "... it's influence as a bastion of freedom and democracy."

      Yup - that ship sailed long ago. Nowadays, you can only utter such a line for comic effect or cheap laughs.

      1. Anonymous Coward
        Anonymous Coward

        Re: comic effect or cheap laughs.

        not quite, the whole point is not about whether it IS a bastion of freedom and democracy, but whether people (abroad) perceive it as such. It's perception (possibly now mostly pretense), but that perception, while eroded, still holds across the world. Strangely enough, I felt it was particularly strong in those countries that we perceive as full of funny people in turbans running around with suicide belts trying to blow up Americans and their friends. Possibly because these perceptions are based on what people naively prefer to believe in, supported by mass-media, rather than objective facts, but that's another matter.

    2. Kane
      Joke

      Re: O be still my frightened heart

      "I mean, I live in the place, and even I know that "bastion of freedom and democracy" was right out of the picture by the 1980s"

      Would that be around about 1984?

    3. Irongut

      Re: O be still my frightened heart

      "moral authority" gave me a damn good laugh too.

      1. Pascal Monett Silver badge

        Indeed.

        There's nothing left to repair guys, it's beyond repair.

        It needs to be torn down and rebuilt.

        Oh, and not by the scumbags that are in place now.

  3. Chairo
    Big Brother

    Even if such a system could be implemented safely, this wouldn’t stop criminal actors, who could simply buy their technology overseas or from non-compliant companies and countries.

    That would be a problem, if the surveillance target would be criminals in the first place. For better surveillance of the average citizen it'll work fine.

  4. dan1980

    "But my job is to try to keep people safe. In universal strong encryption, I see something that is with us already and growing every day that will inexorably affect my ability to do that job."

    In a attempt at charity, I shall assume that Director Comey is an honest, trustworthy, diligent, well-meaning, moral soul with a genuine desire to protect people.

    Many times, the argument runs that the people pressing for these measures are inherently untrustworthy and do not have the best interests of the people at heart. I think that approach is, though sometimes accurate, unhelpful, because such a claim will never sway those making the decisions.

    The real problem is that these people do not understand that, not only is "keep[ing] people safe" not the most important consideration in a free and democratic society, even if it was, it is far from obvious that all-pervasive monitoring by the government and law enforcement agencies is the best way to do this - or even helpful, in the long term.

    The problem is that, even viewing these people in the very best light, they believe that preventing a terrorist attack or arresting a drug dealer, or collaring a pedophile (our trio of witches du jour) is so important a goal and the benefits to society so great that they outweigh whatever ills are committed in pursuit of that end and justify whatever means are employed - no matter how infrequent and isolated the positives and how constant and pervasive the 'compromises' are.

    They also seem to believe that stopping a crime or saving a life now is more relevant than any unintended consequences or long-term effects that such compromises may bring about.

    One could also argue that the technology simply doesn't work that way but to do so is to, again, somewhat argue the wrong point because, just as it is possible (if difficult!) to imagine a situation where the people administering these schemes were beyond reproach, so too is it possible to at least hypothesise about the technology being available to make this work 'well'.

    The issue is that, even if the government and agencies were everything they claim they are and the technology was everything they assert that it should be, it still wouldn't be a good idea and the downsides would still outweigh the potential positives.

    1. This post has been deleted by its author

    2. Thorne

      "The real problem is that these people do not understand that, not only is "keep[ing] people safe" not the most important consideration in a free and democratic society"

      Freedom is more important than human lives. Every day soldiers get sent into battle by Western countries in the name of freedom. Using a handful of deaths by terrorist to strip away the freedoms bought and paid for with the lives of soldiers is a farce.

      1. dan1980

        Indeed, and it sickened me to hear the hypocrisy pour from President Obama's mouth - as it did from Hollande's* - a year ago at Omaha beach, speaking to commemorate the 70th anniversary of 'D Day'.

        "We come to remember why America and our allies gave so much for the survival of liberty at its moment of maximum peril. We come to tell the story of the men and women who did it so that it remains seared into the memory of a future world."

        Seared in. Right. A memory so dear and powerful to the president, and those before him (both Democrat and Republican) that they honour that sacrifice of safety and the very lives of those thousands by seeking to destroy exactly that which those brave soldiers fought so valiantly to protect.

        "But America’s claim - our commitment - to liberty, our claim to equality, our claim to freedom and to the inherent dignity of every human being - that claim is written in the blood on these beaches, and it will endure for eternity.

        How archaic when compared laid against their claim to deserve to know everything about all those human beings - foreign and domestic. I see that claim to the "inherent dignity" in the insistence of their 'right' to read the private correspondence and listen to the private phone calls of every man, woman and child.

        "We tell the story for the daughter who clutches a faded photo of her father, forever young; for the child who runs his fingers over colorful ribbons he knows signify something of great consequence, even if he doesn’t yet fully understand why."

        And what a comfort it must be for that daughter, for that son, to know that the ideals those parents and grandparents died for are being so keenly remembered that we now stride towards surveillance states; police states.

        "None of that would have happened without the men who were willing to lay down their lives for people they’d never met and ideals they couldn’t live without."

        How dare someone stand up and accept the applause of a crowd and feel pride and righteousness at the sacrifice of those brave men when he urges for the continuation of powers that have been ruled unconstitutional and of the expansion of programs that seek to destroy the ideals he is claiming as so fundamental to 'the American way'?

        It is indicative that someone can stand up, and with impassioned words, tell stories of brave young soldiers who risked everything to fight for freedom, while at the same time claim that the sacrifice of that same freedom is a price we must be willing to pay for safety.

        * - And as it has from British and Australian Prime Ministers on similar occasions.

        1. LaeMing
          Megaphone

          I want this read out in parliaments across the world.

        2. Anonymous Coward
          Anonymous Coward

          Amen Dan!

          Both my parents fought in WWII - my mom in Naval intel and my dad a Chaplain who was wounded in combat right as the war ended. Both were in their mid-90s when the surveillance state started to be more visible, and neither believed that was what they had fought for.

          Sad as it is to say, I'm glad neither lived to see the full extent of the Snowden revelations. They were both immensely proud of their country and would have been ashamed that we were so fearful, so timid, so weak, to let the events of 9/11 re-write the basic freedoms they fought for.

          Damn, they came from a a tough generation, with no expectation that life was lived risk free. What happened to us?

      2. Anonymous Coward
        Anonymous Coward

        What the ever happened to the USA's ideals

        Initially there was has "Live Free or Die" -now we have "Keep people safe" (and to hell with freedom).

        The idea of individual liberty is subject to the Corporatist State.

        1. Sir Runcible Spoon

          Re: What the ever happened to the USA's ideals

          These surveillance bods seem to subscribe to the 'bracketing' method of PR.

          If you want to convince someone that way A is better than B, then simply represent two aspects of A as being the only alternatives to argue over. B never gets a look in.

          B=Freedom in this instance

    3. This post has been deleted by its author

    4. elDog

      Chasing criminals or controlling the populace?

      "The problem is that, even viewing these people in the very best light, they believe that preventing a terrorist attack or arresting a drug dealer, or collaring a pedophile (our trio of witches du jour) is so important a goal and the benefits to society so great that they outweigh whatever ills are committed in pursuit of that end and justify whatever means are employed - no matter how infrequent and isolated the positives and how constant and pervasive the 'compromises' are."

      And we all know that chasing/capturing criminals is only the smokescreen. Their real goal is monitoring and controlling the populace.

      1. dan1980

        Re: Chasing criminals or controlling the populace?

        @elDog

        Well, even assuming that it isn't a 'smokescreen' and their goal really is to stop terrorism and very serious crimes, the problem is that these measures just aren't provably effective for achieving that end but they are effective for monitoring the general population and policing comparatively minor crimes and, of course, for cracking down on whistle-blowers and people leaking information to the media and indeed for identifying journalists disseminating that information to the public.

        And, because these types of measures are effective in that space and because there is often very little in the way of restriction or oversight in how they are applied, that is what these laws and capabilities are used for in practice.

        And even if they are also used for the purposes advertised, those events are orders of magnitude rarer than the more minor, non-'national security', non-'serious crime', situations, so on balance, these laws become, by de-facto, for the policing of those minor crimes and the monitoring of those non-high-threat individuals.

        1. Sir Runcible Spoon
          Thumb Up

          Re: Chasing criminals or controlling the populace?

          @Dan, I really do think you are being far too generous with your acceptance of the possibility that the results we are seeing are some kind of unintended consequence.

          The only circumstance I can see that being true is if the people making these decisions are completely unaware of all the warnings they have been given (i.e. fingers in the ears humming loudly).

          If they are aware, then it's deliberate. If they aren't aware then it's incompetence bordering on treasonous (I'm re-purposing the word here to mean to work against the population, not the crown :) ).

          I've enjoyed reading your posts in this thread though, your points are well made and need to be taken into consideration. Knee-jerk, frothing at the mouth type reactions will only serve the cause of freedom more harm.

          If the system has been corrupted by corporate interests, then that is what we need to tackle. More oversight and controls on lobbying would be an excellent way to start limiting the power of money over the power of the vote (imho).

          1. dan1980

            Re: Chasing criminals or controlling the populace?

            To be honest, I do believe that monitoring the population, the companies, the corporations, the clubs, the civil servants and the media are what much of this is aimed at.

            My point is that constructing an argument along those lines will never work. Trying to change the government's mind by reasoning that they are corrupt and lying to the people is a little illogical. It's not as though a group of people who are corrupt and out to promote corporate interests over public or who are looking to create a fascist state are going to put the hands up - mea culpa - and back away.

            The argument must be won on other grounds. And, the fact is that some of these people really do believe they are doing good and they must be convinced that they are wrong.

            And, again, all of that is somewhat superficial. The point is that, as citizens - the very thing that makes up the country - we should not ever be blinded by an argument that such and such a measure will make us 'safer', or that our liberties are not really that important.

            That's how this battle is being won - not by going against the wishes of the public but by convincing the public that what is being done is actually in their best interests. That any appreciable percentage of the population not only accept the idea that it is okay to trade almost all privacy for a sliver of security but believe that it is a sensible and reasonable exchange is, frankly, alarming and depressing in equal measure.

            People seem to be so busy arguing whether we are being lied to or not, and what the real goals are that we risk losing sight of the fact that even if everyone is found above reproach and every measure above board and every benefit beyond expectations, what we are being asked to give up is too important; too precious; too hard-won, to be sold.

            Even if the beans do turn out to be magic.

            1. Sir Runcible Spoon
              Pint

              Re: Chasing criminals or controlling the populace?

              We seem to be on the same page :)

              Enjoy a virtual beer on me --->

            2. Anonymous Coward
              Anonymous Coward

              Re: Chasing criminals or controlling the populace?

              "The argument must be won on other grounds. And, the fact is that some of these people really do believe they are doing good and they must be convinced that they are wrong."

              Then we're sunk because they'll never believe they're wrong. Either their basis is irrational, which philosophers have shown you can't sway because they'll be sure in their rightness or they have some alternative logic chain that also puts them in the moral right, allowing them to fend off logic attacks. As far as either one is concerned, they're in the right and can defend themselves against any challengers. They probably even have proteges on hand in case they fall, so the ultimate option is probably not available, either. In their eyes, either they win, or the universe explodes. How do you deal with an opponent of that nature?

  5. Notas Badoff
    Unhappy

    Damned inconvenient furriners!

    Why do people with brains seem so alien to the powers that be? Why is intelligence something that has to be invited to Congress for a visit?

  6. Anonymous Coward
    Anonymous Coward

    "I really am not a maniac (or at least my family says so)," he wrote. "But my job is to try to keep people safe. In universal strong encryption, I see something that is with us already and growing every day that will inexorably affect my ability to do that job."

    So what will be his answer if asked, "So what if another 9/11-scale attack occurs, leading to thousands of casualties, and it's found that universal strong encryption was a key factor in not being able to prevent the attack? What do we tell the American public if the very thing you espouse comes back to seriously harm us, if not cripple us as a world power? They will demand answers...or heads. They will demand why we couldn't prevent such a tragedy."

    1. dan1980

      @AC

      Yes - people will demand to know. And yes, there will be many who will say that more should have been done.

      But you are assuming a situation that has never been convincingly proven to have occurred in the past. This encryption they want to cripple is not some new super-encryption that has as yet been unavailable. You talk about 9/11 but would the ability to decrypt every American's data - every bank communication, every online purchase, every VPN connection to work?

      In a country where it is still possible to buy firearms unregistered, unlicensed and without any background checks - in the majority of states - simply by visiting a gun show - is it really the assertion of these people that the problem is encryption?

      Now, I am not saying that restricting the ability to buy firearms anonymously at a gun show would have prevented 9/11 or a similar attack that may occur, but then I am not suggesting the crippling encryption would either!

      And that's the point - the assumption behind this push, and behind your hypothetical scenario, is that what is being proposed is going to prevent such attacks. The problem is that there is absolutely NOTHING that has been provided by way of evidence to back this up.

      And that's somewhat important here because what is being proposed is HUGE. Not just for the implications for personal freedom and privacy, or for the security of commerce - either of which should be sufficient to nix this - but even just simply when thinking about the technical issues. Combine the three and it's a massive move and one that deserves some kind of justification of why it is worth SO much erosion of privacy and security and so much gimping of the technology*.

      Personally, it is my firm stance that such a measure can never be justified but if people are claiming that it is a reasonable move and one that should be taken seriously then it's not outlandish to expect some kind of evidence that it will do any good - let alone out-balance the serious, far-reaching and long-lasting negatives.

      * - Off the bat, encryption technologies would be limited to those approved by the government so what happens when those implementations are cracked? Imagine a high-profile vulnerability is discovered in the state-approved encryption - how do to the banks go about updating their systems when to change is to break the law?

    2. Anonymous Blowhard

      "So what if another 9/11-scale attack occurs, leading to thousands of casualties, and it's found that universal strong encryption was a key factor in not being able to prevent the attack?"

      A 9/11 scale attack can be organised by people using no-encryption, or using non-US encryption, so the availability to the US Government of *everyone else's* communications will make no difference.

      Anyone sophisticated enough to mount such an attack will not be naive enough to use an encryption that they fear is compromised; they will be well funded and able to source a "clean" encryption technology from non-US suppliers.

      If you want to save lives, campaign for road safety improvements; the US averages 30,000+ motor vehicle deaths per year. I'm sure the budget for an unsuccessful implementation of broken encryption could be used to improve this figure by 10%, saving a 9/11's worth of lives every year.

      1. Anonymous Coward
        Anonymous Coward

        "A 9/11 scale attack can be organised by people using no-encryption, or using non-US encryption, so the availability to the US Government of *everyone else's* communications will make no difference."

        "Anyone sophisticated enough to mount such an attack will not be naive enough to use an encryption that they fear is compromised; they will be well funded and able to source a "clean" encryption technology from non-US suppliers."

        Which people would say would stick out like a sore thumb and warrant investigation.

        Let me put it like this. How do you tell your citizens that they are under perpetual existential threat from rogue, undetectable threats and there's sod all they can do about them? After all, one of the chief duties of a sovereign nation is to defend itself from threats, but what if this becomes practically impossible? What happens when one man gains the capacity to ruin civilization and has the will and determination to actually do it.

        "If you want to save lives, campaign for road safety improvements; the US averages 30,000+ motor vehicle deaths per year. I'm sure the budget for an unsuccessful implementation of broken encryption could be used to improve this figure by 10%, saving a 9/11's worth of lives every year."

        Except most of them are the result of single-human factors: a chaos factor considered too difficult to really treat. Even in countries with some of the strictest driving tests around, even with improved car and road design, you still get accidents and fatalities, many through no fault of the road or whatever. It's a "crap happens" situation, much like getting struck by a bolt out of the blue.

        1. Sir Runcible Spoon

          "Which people would say would stick out like a sore thumb and warrant investigation"

          Really? Wow. It would be so hard for a rogue encryption solution to appear like the approved version I'm sure (that's sarcasm by the way).

          Have you ever looked on usenet? I could agree a cypher with someone in person and then communicate, in public, without anyone knowing anything about the discussion. I could post the message from anywhere with weak wi-fi security, using spoofed MAC addresses and fingerprinting profiles from a clean install of an OS run as a virtual guest.

          This can be done right now, without the need for any encryption software. When you play whack-a-mole, the game does not end until your arms drop off or the hammer breaks.

          Up until now they have been claiming 'all' they wanted was the meta-data - whom is talking to whom - now they want the details, including your bank balance and shopping profiles. What for?

          1. Anonymous Coward
            Anonymous Coward

            "Have you ever looked on usenet? I could agree a cypher with someone in person and then communicate, in public, without anyone knowing anything about the discussion."

            But that runs into the First Contact problem. You have to be sure the person you meet in person really IS the person you want to meet and not a mole. Plus the code you use can limit your vocabulary. Try to make it too broad and it can become suspicious enough to warrant a code-cracking effort.

            "This can be done right now, without the need for any encryption software. When you play whack-a-mole, the game does not end until your arms drop off or the hammer breaks."

            Or until you invent an automated easy-to-repair hammering machine that can keep up with the moles.

            1. Sir Runcible Spoon

              Missing the point

              "But that runs into the First Contact problem. You have to be sure the person you meet in person really IS the person you want to meet and not a mole. Plus the code you use can limit your vocabulary. Try to make it too broad and it can become suspicious enough to warrant a code-cracking effort."

              You would have the same first contact problem when using encryption too, so it's irrelevant to the comparison.

              Why would the vocab be limited? A true cypher cannot be cracked unless you know the source text.

              (I'm thinking homophonic substitution cypher here). Sure it's inefficient and unwieldy, but I can't see anyone cracking it.

              1. Anonymous Coward
                Anonymous Coward

                Re: Missing the point

                "Why would the vocab be limited? A true cypher cannot be cracked unless you know the source text."

                The only truly uncrackable cipher is the one-time pad (because without the key you can "decrypt" the ciphertext into anything of equal length), and that has practical limitations.

                Homophonic substitution can still be cryptanalyzed through several rounds of hill climbing. Plus, by making the code stand out in plain sight, you attract attention to yourself. Steganography has to be part of your plan if you want to avoid attention, and this necessarily limits your ciphertext range. And even with stego, you run the risk of leaving a detectable pattern that can be seen by someone with enough resources to spot them.

        2. Yes Me Silver badge

          undetectable threats

          AC asked "How do you tell your citizens that they are under perpetual existential threat from rogue, undetectable threats and there's sod all they can do about them?"

          That has been true for every human being since before we were human beings. Understanding that fact has been part of the human rite of passage from child to adult for 200,000 years or so. But you're right in the sense that attempting to weaken crypto is a massive act of CYA on the part of the governments concerned. As has been argued for 20+ years, any serious bad actors will not tolerate weakened crypto anyway, so they will use something from another source.

        3. Vic

          How do you tell your citizens that they are under perpetual existential threat from rogue, undetectable threats and there's sod all they can do about them?

          You don't, because that would be simple scaremongering.

          Add up every single fatality, ever, in any coutry, that is down to terrorism - or even suspected to be so. Now compare that to the provable deaths from tobacco; you won't need many months of figures from any paritcular country you might choose to meak it quite clear that, if saving lives is your goal, then terrorism is the wrong target[1]. A war on Philip Morris would be much more effective, amd very much cheaper and safer to boot.

          What happens when one man gains the capacity to ruin civilization and has the will and determination to actually do it.

          That's exactly the scenario we're all trying to avoid - but the next one along will just kjeep repeating the same mantra of "encryption evil"...

          Except most of them are the result of single-human factors: a chaos factor considered too difficult to really treat.

          It's only too difficult because the will is not there to do so; were it to be considered a problem as heinous as terrorism, and the budget made available accordingly, it suddenly wouldn't be so difficult. The results would certainly mean more lives saved per $currency spent than waging a war in the Middle East. But none of this is about saving lives, it's all about control.

          It's a "crap happens" situation, much like getting struck by a bolt out of the blue.

          This is a defeatist attitude, and is explicitly singled out as a cause of bad driving in Roadcraft. Once you have accepted crashes as "accidents", they will occur. This is why the abbreviation "RTC" is now used, rather than "RTA"; calling it an "Accident" implies that no-one is to blame.

          Vic.

          [1] It's arguable - and I would do so - that inflating the terrorism problem is in fact a major cause of terrorism; the UK had a deliberate policy during the '70s and '80s of downplaying terrorist incidents perpetrated by the IRA This is very effective; there were fewer such incidents than there might have been had each one led to blanket TV and newspaper coverage. Today, any insignificant occurrence is treated as Terrorism until proven otherwise; such an elevation of status means that a certain type of individual is actually attracted to that sort of activity. Thus running around, Chicken Licken-style, actually contributes to the problem, rather than resolving it.

          1. Charles 9

            "A war on Philip Morris would be much more effective, amd very much cheaper and safer to boot."

            Nope. They tried declaring war on booze in the 1920's. Guess what? People would rather ignore the laws of their country than abandon their vice. Point is, they'd sooner declare war on their country. Some things you can't deny people.

            "It's only too difficult because the will is not there to do so; were it to be considered a problem as heinous as terrorism, and the budget made available accordingly, it suddenly wouldn't be so difficult."

            War on Drugs ring a bell? We've bee putting trillions into the problem, but it's just like Prohibition above. Vice is a Chaos Factor. You can't get rid of it even if you want to because trying to do do only results in more Chaos Factor until it can become self-feeding and you find yourself in a no-win situation, where neither the status quo nor any way to combat it is acceptable.

            "It's arguable - and I would do so - that inflating the terrorism problem is in fact a major cause of terrorism;"

            I would say it depends on the attitude of the terrorist. If he feels he MUST get attention by any means necessary, then nothing will stop him. Sooner or later, he'll commit something that MUST be answered, say something of 9/11 caliber (Because if not, what next? Nuking of the State of the Union Address?). Notice how we didn't pay that much attention to them until THEN, when we HAD to answer? I can see it from the point of view of the bully. Some bullies will give up when you ignore them, but others will seek attention even if they have to beat it out of you, at which point you either respond or die.

            1. Vic

              "A war on Philip Morris would be much more effective, amd very much cheaper and safer to boot."

              Nope. They tried declaring war on booze in the 1920's. Guess what? People would rather ignore the laws of their country than abandon their vice.

              I didn't say it would work - just that it would be more effective than their "War On Terror".

              War on Drugs ring a bell? We've bee putting trillions into the problem

              That's because we've been putting trillions into creating the problem. An artificial pinch in the supply of something people want leads to an increased price - that's basic economics. If the price is high enough, the profit margins are sufficient to warrant some very risky behaviour - and so the drugs gangs are born. It would be trivial to take them out of business simply by undercutting them to the point where the trade is no longer profitable.

              But that's different from putting some effort into getting people to take driving more seriously; a temporary removal of the driving licence has quite an effect.

              If he feels he MUST get attention by any means necessary, then nothing will stop him

              I said "major cause", not "single cause". This attitude is endemic in the way governments seem to work these days; they seem to want to find a single factor that will make the difference between unicorns frollicking in the streets and a plague of toads. Very few situations in life are truly caused by a single factor, and those that are have already often been tamed.

              Vic.

              1. Anonymous Coward
                Anonymous Coward

                "That's because we've been putting trillions into creating the problem. An artificial pinch in the supply of something people want leads to an increased price - that's basic economics. If the price is high enough, the profit margins are sufficient to warrant some very risky behaviour - and so the drugs gangs are born. It would be trivial to take them out of business simply by undercutting them to the point where the trade is no longer profitable."

                I don't know if you can. These drugs lords are pretty vertically integrated already. Plus they have governments in their pockets (besides ours) so they can loss-lead as well as the Mafia can. How would the state be able to curb a well-entrenched, vertically-integrated, and international industry that thrives on a human chaos factor practically impossible to stop? Not even alcohol and tobacco are completely under control in America, BTW, even today. Moonshine and tobacco smuggling are still thriving black industries if hiding under the radar.

                "I said "major cause", not "single cause". This attitude is endemic in the way governments seem to work these days; they seem to want to find a single factor that will make the difference between unicorns frollicking in the streets and a plague of toads. Very few situations in life are truly caused by a single factor, and those that are have already often been tamed."

                I disagree. If someone wants to make a problem big enough, they'll MAKE it a cause major enough to force you to pay attention. It's like the wheel squeaks louder and louder until it becomes a shriek and you either fix the wheel or find yourself minus one. And since it's a human factor, I don't think you can really tame it.

  7. thomas k

    "I really am not a maniac (or at least my family says so)."

    That would suggest he's asked them point blank and they all said, "No."

    If that's the case, it's possible they lied to avoid the awkward silence which would follow a "Yes".

    1. Rich 11

      Re: "I really am not a maniac (or at least my family says so)."

      No, they wouldn't lie to him. If he suspected they were lying, he might have them waterboarded for their own protection.

    2. elDog

      Re: "I really am not a maniac (or at least my family says so)."

      Akin to my asking if my butt is too big. If you leave an awkward silence before answering, off to the torture chamber with you.

  8. Winkypop Silver badge
    Big Brother

    I encrypt

    Therefore I am

    1. Anonymous Coward
      Anonymous Coward

      I encrypt

      Therefore I am a paedophile terrorist incarcerated until I decrypt.

      (Someone appears to have chopped the end of your sentence there citizen Winkypop)

    2. Anonymous Coward
      Anonymous Coward

      Re: I encrypt

      Crypto is the bomb.

  9. Anonymous Coward
    Anonymous Coward

    Ross Anderson...

    ,,, an outstanding exanple of All that is Good in UK Computing.

    The Eternity Service:

    http://www.cl.cam.ac.uk/~rja14/Papers/eternity.pdf

  10. Destroy All Monsters Silver badge
    Mushroom

    "I am appealing to the emotions of dumb fucks, which is you!"

    But my job is to try to keep people safe.

    No, arsehole, your job is to run a governmental law enforcement agency. Which means tackling people breaking the law (now, apparently that also means setting poor sods up for terrorist charges via agents provocateurs for rank publicity and lying in court about it and in my book is a firing offense, Chinese version, but let's not go there)

    Keep people safe "proactively" and with no particularity is NOT your job description. It is the job description if a nanny.

    1. Anonymous Coward
      Anonymous Coward

      Re: "I am appealing to the emotions of dumb fucks, which is you!"

      "Keep people safe "proactively" and with no particularity is NOT your job description. It is the job description if a nanny."

      Well, guess what, nannying the clueless IS the job demanded of us by the huddled masses. Unless the populace can actually show they mean business and demonstrate some intelligence, this is the best we can do since we get blasted for murders (which by definition we can never truly remedy). So if you want us to change our job description, you smart lot tell the stupid sheep to grow up. Because they outnumber you.

      1. Vic

        Re: "I am appealing to the emotions of dumb fucks, which is you!"

        Well, guess what, nannying the clueless IS the job demanded of us by the huddled masses

        It isn't. It's the job certain people set for themselves, when the general population is insufficiently interested to disagree particularly vehemently.

        Vic.

        1. Anonymous Coward
          Anonymous Coward

          Re: "I am appealing to the emotions of dumb fucks, which is you!"

          I guess you never actually heard the helpless sheep. Instead of "Baa! Baa!" you hear "Save us! Save us"

  11. Six_Degrees

    So, can Comey cite even a single example of a case where encryption stopped him from doing his job?

    <crickets>

    1. Anonymous Coward
      Anonymous Coward

      Well, there's always Daniel Dantas who, despite being a complete and utter banker, was canny enough to entrust his secrets to a Truecrypt cascade.

      1. SolidSquid

        Canny enough to use encryption, but still ended up getting 10 years in prison for trying to bribe police officers involved in the investigation.

    2. dan1980

      @Six_Degrees

      Didn't you hear him? He said it "will inexorably affect [his] ability to do that job".

      Isn't that proof enough? No? Oh, right.

  12. Anonymous Coward
    Anonymous Coward

    This is the Tommy Gun argument.

    When the Thompson sub-machine gun came out, the makers touted it as something which would ensure the police could always outgun criminals. Because, of course, no criminal would ever get hold of one.

    1. Rich 11

      Re: This is the Tommy Gun argument.

      And no innocent civilians would ever accidentally get hit by the hail of lead.

      1. Anonymous Coward
        Anonymous Coward

        Re: This is the Tommy Gun argument.

        And actually, this didn't really happen much during the early part of the Roarin' 20's. Part of the reason the public tolerated the gangs was because they kept their dirty business to themselves. Drive-bys and hits and so on were kept to other gangsters. "Let them whack each other" was their thinking. Only later on when more-violent leaders rose to the top did cases of crossfire and mistaken identity start to rise as well as the ire of the public. The St. Valentine's Day Massacre was the last straw, as it saw seven men dead in a display of gore and overkill that basically went beyond the pale.

  13. fredsmith999

    But encryption is only useful against NSA. (Or on wireless.) If you have a wired network and you send your credit card number to a site without encryption, the chances of being intercepted by a criminal are tiny. Anderson said in Security Engineering that SSL was insisted on because of hysteria and that eavesdropping on conversations is rather hard if you don't have isp access.

    1. Anonymous Coward
      Anonymous Coward

      No its not. If you're on aDSL, all it takes is a screwdriver and a couple of clipleads and I can see everything you send and receive. with cable, it's even easier because I can insert a box inline and not have to mess with the alligator clips.

      1. Anonymous Blowhard

        @theodore

        Spot on; the only reason criminals don't bother infiltrating ISPs and communications facilities is that strong encryption means there's no point. Any data of financial value is encrypted (right up until it is decrypted and left lying around on a server at T J Maxx).

      2. Anonymous Coward
        Anonymous Coward

        fredsmith999 also seems to have failed to grasp things like Phorm

        Paying for a company for a product doesn't magically preclude you from also becoming one of said companies products.

        There are many layers of twats sniffing our pipes.

  14. Anonymous Coward
    Anonymous Coward

    affect my ability to do that job

    well, then you'll get replaced by somebody who can do it, eh?

  15. Robert Grant

    Is this a good analogy?

    Currently, law enforcement can get a warrant and search our house. With unbreakable encryption, we're saying the equivalent of that our house should be impossible to get into, regardless of the legality of the attempted search.

    Is that right?

    1. dv

      Re: Is this a good analogy?

      It either is right, or the Fourth and Fifth are not worth the paper they've been printed on. You choose.

    2. PapaD

      Re: Is this a good analogy?

      Not quite

      They are asking for the right to peruse our data, with or without a warrant - they want a master key to unlock everything.

      Its the equivalent of them having a skeleton key to your house - they can pop in and have a look whenever they want, and as long as they don't get caught rifling through your cupboards, then everything is fine.

      If they have a warrant for my data, then by law I'm obliged to give them the encryption key - not doing so is a crime in itself. If they don't have a warrant, they shouldn't have the key to my data, or my house.

      1. Robert Grant

        Re: Is this a good analogy?

        No idea what the stuff about some US Constitution amendments is about, as it seems to imply that warrant-based searching is unconstitutional in the US.

        Anyway, to the non-crazy response: thanks - that makes sense. Except, as far as I understand things, that's not 100% correct, because you can forcibly open someone's house while they aren't there with a warrant. It doesn't require their cooperation. Basically the equivalent of a skeleton key.

        Does it just boil down to the process not being in place to restrict law enforcement access, or is there some other genuine issue?

        1. Charles 9

          Re: Is this a good analogy?

          "Except, as far as I understand things, that's not 100% correct, because you can forcibly open someone's house while they aren't there with a warrant."

          It depends on the warrant. If the warrant allows only for "peaceable entry," then you can't just break the door down. However, if you find a way to enter the property in a reversible way (an unlocked window, unscrewing a gate hinge, etc.), then you can still go inside, provided you leave the place in the same condition it was when you entered. Only when the warrant allows for "forcible entry" can police break a door down.

          IANAL, but I think search and property seizure warrants are typically peaceable entry while arrest warrants are forcible.

        2. Vic

          Re: Is this a good analogy?

          Does it just boil down to the process not being in place to restrict law enforcement access, or is there some other genuine issue?

          Yes, there is some other genuine issue. It doesn't work. Mathematics doesn't care whether or not you are authorised to do something - if you've got the keys, you can decrypt the comms.

          For this crazy scheme to work, you've got to have everyone in the world - including th bad guys - using your dual-keyed algorithm. That means both eliminating the current algorithms that don't fit this model - all of them - and also convincing every country in the world - even the ones ou really, really don't like - to keep it that way.

          And even if you do achieve this utopian global accord, you've then got to hand the master keys out to all those countries, to distribute throughout their "law enforcement"[1] agencies as they see fit. That means that all those rogue states - North Korea, for example - has a master key that can break into all messages sent by their population. That's great for repressive regimes. It also - and this bit is monumentally important - means that those same rogue states have a master key that can break into all messages sent by your population. Try running a business when the Chinese can break into all your on-line communications, including your VPNs.

          Now hopefully, the above should show you why even attempting this is stupid beyond belief. But we've only just started - it gets worse. This world has a class of people known as "criminals". They're bad people. They're also often rich people, and often powerful people. And many of them would like to be able to listen in to, say, your banking session to steal your credentials, since that would allow them to open your bank account and take all your money. And all they need is a single copy of the master decryption key - which, as we've seen above, has now been distributed to every country in the world, and from there to a large number of people within that country[2]. If any single one of those recipients is susceptible to corruption, or even to simple threats of violence, the key is now in the hands of the criminals, and nothing is ever safe again.

          You could, of course, make a fresh set of keys when this occurs. That's a monumental effort, and would likely require months or even years to propagate around the world. And it wouldn't prevent captured historical messages from being decrypted, nor would it stop the same breach happening again - there is that much value attached to a single key that can deliver the whole of the Internet into the hands of its posessor; it truly is the One Ring...

          Vic.

          [1] Ha!

          [2] If the key is only held by a small number of people in each country, there will necessarily be a backlog; you've got a choke-point in the flow of message decryption. So it will be duplicated, because that means a higher throughput, meaning less latency from request to decryption. Law enforcement[1] agencies like things to happen quickly, because it means there is less delay in the evidence-gathering process. You've going to get duplication, and on a massive scale. In each country.

    3. SolidSquid

      Re: Is this a good analogy?

      Not really, an impossible to enter house is essentially impossible to build and, as shown with Assange, the police have the option of just camping out until you leave the property. Also a house has a broader range of ways evidence can be discovered and it's possible that someone could be imprisoned there and need rescued (whereas with encryption your never really going to have that "immediate threat to life" angle on needing access)

      If you want to use houses as an example, it'd be more accurate to say that they want police to have access to keys for every house in the country but without any public reporting on how often and for what reason the police use those keys

      1. dan1980

        Re: Is this a good analogy?

        ". . . an impossible to enter house is essentially impossible to build . . ."

        And this is why justifying such measures by way of analogy is misleading. There's the same argument about metadata being "the name and address on the envelope, not the contents of the letter".

        Analogies are fine for understanding non-critical concepts - they give you a way to explain/understand something that is difficult to grasp directly. I do this daily in my discussions of IT with non-technical people and that's works well.

        But, to explain important issues that contain complex nuances with wide-ranging consequences that will affect vast numbers of people and companies in diverse fields in myriad technical, logistical, developmental, financial and legal ways, well, 'think of encryption like a house' just doesn't cut it.

        If it must be compared to some more familiar, physical object, compare it instead to a combination safe. This has and instant benefit over a comparison with a house door in that a (proper) safe is designed explicitly to prevent it being forced open by unskilled people, whereas a standard house door is really only designed to keep out casual intrusion and cold breezes.

        Now, there are many such safes and some are stronger than others with varying levels of complexity and combinations. Safes are, as can be implied, a safe place to store things - not just money but information, passports, personal memories like photos - whatever it is you want to keep, well, safe. And not just safe from thieves but private as well. Perhaps you have correspondences and keepsakes from an ex-lover that are still dear to you but that you don't want your current partner to see. Or cigarettes or a bottle of nice whisky that you don't want someone else to pilfer or find out you've been smoking/drinking.

        And, of course, companies have safes too - usually for money (or equivalent) but also for things like backup drives that they don't want lying around or for copies of the company ledger.

        The encryption algorithm/method is, in this instance, the workings of the safe locking mechanism and an encryption key is the code you put in to unlock it. With this analogy, what the government is asking for is for EVERY safe to be able to be opened by law enforcement, without having to actually ask the owner for the combination.

        Think what that means for a moment . . .

        For a start, we have to come up with a mechanism for this unlocking to occur. There are three main ones that are available.

        First, one can require that everyone who owns a safe must provide the government with the combination. This pretty much requires that you couldn't just go out and buy a safe - you would have to apply for a license to own a safe and register it with the government. You would then be required to update the government every time you changed the combination on the safe. Otherwise, a criminal could simply go and buy a safe and just not tell the government.

        Second, one can require that all safes have a second, fixed, code that is specified by the government or supplied to them by the manufacturer. You could have one code per maker or per model*.

        Last, we can require that all safes have a 'backdoor' - a mechanism of opening them without knowing the combination.

        Some may realise that this last options is what most actual safes do, in fact have and the knowledge and ability to 'break in' to them is closely guarded and only provided to approved, accredited locksmiths. There are caveats, however, such as the technique being specific to each model and some of those are destructive, requiring drilling in precise locations, usually using templates. There is also the fact that no safe is actually required to have such a procedure and all such procedures take experts with specialised knowledge and non-trivial amount of time (and hour or more, usually) and generally it's pretty obvious what's going on.

        But even then, with all that comparison, there are still CRITICAL points of difference, such as safes requiring individual attention of an on-site person. I.e. it is not feasible to 'break into' many safes simultaneously or to break into one remotely and usually not without someone knowing you're doing it or have done it.

        And this is where any analogy falls down, because none of them come close to either the breadth of access that 'crackable' encryption would allow or the ease of an 'authorised' person doing so or the scope of how many people could be affected simultaneously or the ability to do all that without anyone knowing.

        Feeding that access back into the safe analogy, the access they are trying to achieve is not just to be able to break into any safe they want but to be able to remotely, secretly and nearly instantly determine the contents of every safe, owned by every person, store, company, pub, rotary club, church, bank, school, oil corporation. Every political action group, every civil rights organisation, every media outlet. They want to be able to find out which pornos a 17 year old has stashed under the mattress and what's written in your daughter's diary.

        But more than that. They want to be able to record it all - not just what is in there but when you put it in and when you take it out and if you transfer it to another person's safe, whose and when they take it out and who they transfer it to. They want the ability to invisibly copy the the contents of your safe - unknown to you - and keep that information forever.

        But it doesn't stop even there because this ability, to break encryption seamlessly and without anyone knowing it's been done, also allows someone to alter the contents of your safe when you're not looking - to remove a photo you've stored or to corrupt a document so you can't read it anymore. Or to add stuff in.

        And that's worse and the analogy can't keep up, even stretched as it is, because the abiity to decrypt your information allows for 'man in the middle' attacks which, in concert with the existing ability to interecept communications can alter your data in transit if so desired. A file downloaded from from a website could be replaced with what would appear to be the same file but was infact altered to infect your computer or device with malware - a key logger, for example.

        The implications of this are just mind-boggling and no analogy, no matter how relevant it might seem, can capture the full scope of what is being proposed. Any attempt to explain it in such a way risks misleading or, is designed to do so.

        No, metadata is not just like the address on the envelope and the ability the government is arguing for is not like being able to enter a house. (Regardless of warrant.)

        * - To keep the analogy in line, we can imagine that individual safes can't be identified - for example by a serial number - and so a per-unit code hard-wired code is impossible.

        1. dan1980

          Re: Is this a good analogy?

          Expanding (really???!?) on my points above, we can investigate the methods of providing access to law enforcement.

          Our first method - requiring people to provide the codes - means that they must be registered and licensed. 'Normal people' (who apparently aren't the target for any of this) will either be restricted from using encryption or simply won't bother with the hassle and so won't use it. Either way, the result is the same - people are less secure.

          The second method - a 'master' code - allows everyone to use encryption but it is a much bigger risk as having just one code compromised would instantly make HUGE numbers of people and businesses vulnerable.

          In practice, the second method is largely the same - if the 'back door' to one algorithm was discovered, anyone using one would be vulnerable.

          Realistically, the first method is only feasible if access to the technology (safes in our analogy; encryption in the proposal) is strictly controlled such that being found to use encryption when not authorised would be a criminal offence. This of course results in ordinary people being less secure from people who do mean to steal their valuables/data.

          So, it must be the second/third method - small number of access methods that work on vast swathes of instances or one master key.

          That said, one would expect that, while access to encryption wouldn't be restricted, you would be stuck with just a few 'approved' choices, the keys for which were known to the government. Any 'rogue' encryption algorithms would be illegal.

          And that is the likely world of their dreams - everyone using one or two encryption algorithms/implementations that the government can decrypt en masse and at will. Which them prompts the question of what happens when (not if) the method of decryption is compromised - either by foreign agencies or malicious actors? How do you keep everyone secure? You have to create new algorithms or new implementations - and that takes time, during which all communications, all downloads, all bank transactions - everything encrypted - is vulnerable to interception, corruption, alteration and theft by any number of people and groups.

          There is just no way that this proposal is anything other than a crazy nightmare cooked up by people who either truly don't understand the implications to simply don't give a fuck.

  16. PassiveSmoking
    Unhappy

    It won't make a shred of difference

    The powers that be want their new toy and they will have it. They're not going to let silly little things like common sense or the online safety of the citizenry get in their way.

  17. Ilmarinen
    Big Brother

    Might not be about "keeping people safe"

    Maybe more about increasing the size of the fifedom/budget/prestige of the person in charge of "keeping people safe" ?

    So it wouldn't matter whether the proposal was stupid or no, just as long as it needed more FBI to carry it out.

  18. Graham Marsden
    Facepalm

    The short version...

    ... the Government doesn't trust us, but they expect us to trust them...

  19. Anonymous Coward
    Anonymous Coward

    I hate to be the one to point out the obvious but an envelope is a form of encryption (maybe with invisible ink)

    What if they start communicating by post? Do the government then take this one step further and read everyone's mail?

    Something more sinister is afoot with all this and I don't need a tin foil hat to see it. It seems to me that all these shenanigans were already being put into place then along came Snowden and now they are enshrining them all in law sooner than they had wanted to with lame excuses that quite frankly do not stand up to scrutiny.

    1. Anonymous Coward
      Anonymous Coward

      Mail reading

      "What if they start communicating by post? Do the government then take this one step further and read everyone's mail?"

      Reading all the mail is hard work so they just used to read the mail of Communists (and tap their phones). The fact is that most communists were completely harmless, but a lot of effort was wasted, including MI5 investigating Harold Wilson and Jack Straw (but not, obviously, the real violent paedophiles in politics).

      Of course, it was enough just to know a few Communists to be of interest. One of the minor annoyances of having telephones tapped was that in those days this made the line noisy. Thus when a relative was positively vetted, the tapping of my phone became obvious. I used to pick it up and say "I'm just going out to a public call box to call my KGB minder"; they then punished me by having the GPO disconnect my phone with a "technical fault" for three weeks. Assholes...

      Communists used to amuse themselves sending out innocuous letters stuck down with permanent glue. MI5 were then stuck; if they opened the letters that was a dead giveaway, if they didn't deliver them that became a giveaway too. But no self-respecting Communist entrusted anything to a letter, relying on unoffical means of communication.

      Substitute "Islamist", not a lot has, I expect, changed.

      1. Charles 9

        Re: Mail reading

        "Communists used to amuse themselves sending out innocuous letters stuck down with permanent glue. MI5 were then stuck; if they opened the letters that was a dead giveaway, if they didn't deliver them that became a giveaway too. But no self-respecting Communist entrusted anything to a letter, relying on unoffical means of communication."

        Didn't they get around that problem by either x-raying the letters or having replacement envelopes and skilled forgers at the ready so they can replace canaries (a la Nineteen Eighty-Four)?

  20. Aristotles slow and dimwitted horse

    What a backward country...

    A misguided demand for security backdoors in everything to save lives vs allowing anyone with even the slightest iota of intelligence to own and use guns and bullets?

    Changes to which one would save the most lives year on year I wonder?

  21. Bill Michaelson

    Narcissism in law enforcement

    That's the problem.

    1. Anonymous Coward
      Anonymous Coward

      Re: Narcissism in law enforcement

      Well it's certainly a problem... but one of many I fear.

  22. Spaceman Spiff

    Comey may not be a maniac (in the eyes of his family), but he IS an id10t! Sir, since you obviously have no clue how encryption works, DO NOT try to regulate it!

  23. Anonymous Coward
    Anonymous Coward

    Pissing myself laughing

    > the nation's soft power – it's influence as a bastion of freedom and democracy.

    Oh the irony!

  24. Anonymous Coward
    Anonymous Coward

    James Comey....

    Can go fuck himself...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like