Tuesday, February 23, 2016

light on the encryption issue

A ‘Key’ for Encryption, Even for Good Reasons, Weakens Security

Bruce Schneier
Bruce Schneier, a security technologist and chief technology officer at Resilient Systems, Inc., is the author, most recently, of "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World."
...as a technologist I can tell you that there is no way to give the FBI that capability without weakening the encryption against all adversaries. This is crucial to understand. I can't build an access technology that only works with proper legal authorization, or only for people with a particular citizenship or the proper morality. The technology just doesn't work that way.
If a back door exists, then anyone can exploit it. All it takes is knowledge of the back door and the capability to exploit it. And while it might temporarily be a secret, it’s a fragile secret. Back doors are how everyone attacks computer systems.
This means that if the F.B.I. can eavesdrop on your conversations or get into your computers without your consent, so can cybercriminals. So can the Chinese.
some comments to the above:


 hoboken,nj 4 hours ago
I think a single de-encryption device, designed by Apple, and in Apple's control, that must physically connect to the offending iphone could be a workable solution. The only access to the device would be within Apple. No company is above the law. 

John M

 is a trusted commenter Oakland, CA 4 hours ago
It doesn't work that way - any device that one company can build can be built by others.

It's like giving the fire department a skeleton key that opens all the doors to all the buildings in a city. It would save lives in the case of a fire - but once a criminal got a copy of the skeleton key, nobody would be safe until all the locks were replaced.

Look at how many law enforcement personnel get their firearms stolen every year. How long would it take before someone was careless with the decryption device?

Indeed, nobody is above the law - but do we really want to pass laws making it easier for the police to decrypt the bad guys' information at the cost of making it easier for criminals and terrorists to steal confidential information? 

David Gregory

 Deep Red South 5 hours ago
Our government has shown a total disregard for the privacy rights of citizens & an all encompassing desire to keep the surveillance as hidden from citizens & public oversight as possible. Regardless of your personal viewpoint on the need for such snooping, this pattern of behavior is not good for or conducive to a representative democracy that is accountable to citizens.
Various government entities have tapped the backbone of the Internet, hacked the SIM cards of cell phones, hacked the baseband radios of cell phones, hacked browsers & operating systems. Law enforcement from local to Federal is deploying Stingrays without probable cause or a warrant & scooping up massive amounts of data from innocent Americans by spoofing the cell towers of our phone companies.

Encryption is just about the only way private citizens have any expectation of privacy online from nefarious actors, for profit data miners & every level of government that feels entitled to spy upon law abiding citizens. There is no way to open Pandora's Box & keep the contents inside.

Citizens have a right to not be forced to incriminate themselves and have the protection of probable cause or specific warrants before being subjected to surveillance by law enforcement. That is simply not possible with the rampant government and for-profit stalking of every person using a cell phone or internet connected device.

Encryption is the last line of defense citizens have for personal privacy. Tell the FBI to pound sand.

Lord Koos

 USA 5 hours ago
"Is this level of security necessary to keep hackers, criminals and foreign governments out of our communications...?

I'm much more worried about keeping our own government out of my communications.


 NYC 3 hours ago
That's Bruce's point - the public welfare benefits greatly from strong(aka unbreakable) encryption. When everyone's carrying around an item worth a few hundred dollars, that ought to be a thieves' paradise. Why isn't it? Why has robbery actually dropped despite odds of potential success skyrocketing?

Because the phones can no longer be broken into and are easy to brick. So even if someone is carrying a phone worth a couple of hundred of dollars, it can't be resold. Even to someone who specializes in breaking weak encryption and who might find value in all your personal data...

There are a lot of other similar benefits, such as making it really difficult for a hacker to break into your email or purchase items from say Amazon as an example via two-step verification.

And what you're offering to exchange all these benefits for?


 21 5 hours ago
"Let us say that a bunch of terrorists acquires a fool-proof encryption technology and use it to plan and execute another 9/11 or worse...", what people have to realise is that such technology already exists, and there is nothing that can be done about it. Free to use software such as TAILS on Linux offer precisely that. The only people who will be left holding the bag when the encryption on commonly used devices is lowered are regular citizens, who will be more exposed to hackers and such... It is delusional to think otherwise and we have to accept that evil people willing to put in the effort will always be able to securely communicate with each others (such as they have been able to in the past)

Stephen J Johnston

 Jacksonville Fl. 5 hours ago
The entire point of encryption was to secure private communications. Now it actually works!
    Terrorists can use strong encryption, cars, shovels, etc., in their efforts;  therefore 

strong encryption, cars, shovels, etc., are bad.  Uh huh./hmmmmm/what?   But if 

one builds and advances a two-tier society where the privileged few have endless 

immunities and the rest are altogether crushable peasants, then of course you
might like the alliance of upper-level Wall Street, various insiders, most leaders of 

CIA, FBI, NSA, many police commissars, Bill Gates, the Chinese Communist Party         
and many compromisers.       -R.
Apple is by far the largest holder of offshore money not subject to U.S. taxes, with $181.1 billion. If those profits were taxed at U.S. rates, the company would pay $59.2 billion.

No comments:

Post a Comment