Crypto War news

Discussion in 'privacy general' started by TheWindBringeth, Mar 12, 2016.

  1. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,085
    http://www.usatoday.com/story/news/...over-encryption-commission-new-bill/81600870/
     
  2. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,085
    Last edited by a moderator: Mar 12, 2016
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Different levels of security are appropriate for different situations. For instance I expect the military to have stronger security in every respect than I personally feel I need for myself. President Obama's point of view is rational in the context of a free and open society.
     
  5. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Aren't you presuming that context!? Given the behavior of the TLAs?

    It's a huge part of the reason high quality encryption has such a thriving market, because of that behavior.
     
  6. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Yes.

    It might be a good moment for readers to consider acquiring the source code of some high quality open source encryption libraries.
     
  7. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    By "TLA" I'm thinking you mean outfits such as NSA, but can you say what this acronym means? More generally I would like to understand how you think an encrypted smartphone significantly protects privacy? Who we are and where we are can be determined in many ways. It seems to me that privacy/safety has to be achieved through other means.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Three Letter Agency ;)
    Well, governments wouldn't be so freaked by them if they didn't protect privacy, would they?
    Indeed. Smartphones are location trackers. By design. If you're serious about privacy, you just don't use them. Or if you must, you nuke the cell radio, and only connect via public WiFi hotspots, using VPN services and Tor. Just as you do with other computers.
     
  9. hjlbx

    hjlbx Guest

    It is just a matter of time before unbreakable encryption is illegalized in the U.S. by federal law and ways to get full, unfettered access to user data is mandated.

    The next thing you know, the U.S. government will be indicting corporations that do not comply with their demands... and no corporation has ever survived a federal indictment.

    So what ?

    Nerds are notorious for their ability to come up with innovative solutions to problems. It might be a real challenge, but I would bet that eventually there will be workarounds developed by the greater IT community.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Yes, it's simple. Relocate outside the US, UK, etc.
     
  11. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    446
    Location:
    U.S. Citizen
    Salutations/Greetings!

    You have too love a nerd! Their always a head of the curve and times.:thumb:
     
  12. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Any responsible business, or citizen who wants to sensibly protect their data on computing devices (including smartphones which are minicomputers) - should encrypt the disks from the outset. Obvious threat models including theft and disposal problems mean that if you do not do so, you are automatically vulnerable to loss of intellectual property, business secrets, in breach of data protection legislation; or having identity theft problems, being doxed...

    This is independent of any views of what the TLAs (Three letter agencies) are up to, and their over-reach - it's 101 stuff because the threats I mention are real and run-of-the-mill.

    Protecting against TLA attack is not within the powers of most people, but then, what most people want is to avoid the indiscriminate bulk surveillance disaster. Even if you try the "I've got nothing to hide" line, you'd better worry about false positives which will get you on some watch list or no-fly before you know it, with no redress.

    PS - improving privacy/safety is by no means confined to technical controls. If you are interested, read up about operational security, which is perhaps even more critical.
     
  13. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Certainly those potential scenarios are real, but security should be proportional to threat don't you think? What I observe is most people could do a whole lot better with security without venturing into encryption. People can't even remember the passwords to their email accounts, or understand how web based automated password recovery systems can be back doors.

    Encryption also poses risks. You only need to read forums for encryption software where desperate users are trying to recover their data because they lost the password or something malfunctioned...whatever.

    TLA = "Three Letter Agencies" thank you! lol And by the way, I don't buy the "I have nothing to hide" philosophy. When people say they have nothing to hide I think they mean they're not engaging in criminal activity, but I bet there's a lot going on in their lives that they don't want other people & TLAs rummaging around in. But as you say defending against TLA attack is beyond most people.

    Can you say more about operational security? Does this include things like not putting your critical passwords on sticky notes attached to your monitor, posting on social media when you going to be away on vacation (so people know when it's a good time to burgle your house)...things along those lines? ;) Taking a stand on cell phone encryption seems almost silly when you consider all the ways that people do not protect their privacy.
     
    Last edited: Mar 13, 2016
  14. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Let's start with businesses. In my view, almost all businesses are not fulfilling their fiduciary responsibility to their shareholders if they fail to encrypt their business data. You only have to think of recent data breaches to understand why (Sony etc). In some countries, the data protection registrar would be very unhappy if you failed to protect your data in this way, and in some industries, it's mandated (HIPAA etc). Obviously, this needs to be combined with access controls, and protection against remote threats, disk encryption is not the only measure you need by any means.

    For end users, encryption can be invisible if done correctly, or require a pin and/or dongle to boot. A TPM chip helps if you use Windows/Bitlocker. Anyone has to make their own risk/reward calculations, I find it pretty straightforward to justify, things like smartphones & laptops have a high risk of theft, and desktop systems have to be encrypted if only because you have to dispose of the disks safely when they fail.

    Backup (including password management) is necessary regardless of encryption, so that argument is a pretty poor one. If a person can't be bothered with backup, then that's their lookout frankly.

    It sounds to me as if you're somewhat fearful of the scene, and I understand that coming from a place where you haven't operated it for a time. What I can confirm is that the water is pretty nice once you take the plunge, and you can include strong protection of even the technologically illiterate (e.g. family).
     
  15. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
  16. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Just like put down your gun. Easy to say when the man voicing that is surrounded by scores of armed secret service agents.
     
  17. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
  18. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,766
    Location:
    Outer space
    Former US anti-terror chief tears into FBI over iPhone unlocking case

    http://www.theregister.co.uk/2016/03/14/former_counterterrorism_chief_tears_into_fbi/
     
  19. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,085
  20. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Without seeing the actual bill it's hard to know how accurate the stated opinions are. For instance the article offers this quote (supposedly) from the bill:

    “To uphold the rule of law and protect the security and interests of the United States, all persons receiving an authorized judicial order for information or data must provide, in a timely manner, responsive and intelligible information or data, or appropriate technical assistance to obtain such information or data.”

    Based on this Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology says “This basically outlaws end-to-end encryption". Someone else latter states “this would seem to also be a massive internet censorship bill.”

    That goes far beyond what is stated about the bill in the article. I would like to see a lot more substantive information to support such sweeping conclusions.
     
  21. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,085
    I believe the discussion pertains to the draft bill, which Wired linked to and I quote included that link. Did you read it?
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Well, the Drug War hasn't worked out so well, has it?
     
  23. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    I had not read it; I based my first post on the content of the Wired article. However I have read it now, and I still do not see how it "basically outlaws end-to-end encryption" or constitutes "a massive internet censorship bill". I am interested though in hearing others make the case.
     
  24. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Lol, the bill is utterly ridiculous.

    They just do not get the fact they are trying to outlaw math. It is even more futile than the war on drugs.

    A more viable solution to the problem is to stop teaching math (well that has partially happened), bar cryptography/math research and wipe the brains/execute all the cryptographers. Maybe that will be in the revised draft.
     
  25. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    That and totally cut off international Internet connectivity. Or conquer the world ;)
     
Loading...