Discussion in 'privacy general' started by TheWindBringeth, Mar 12, 2016.
Obama puts down his encrypted phone long enough to tell us: Knock it off with the encryption
It lists highlights from Obama's comments at SXSW https://www.youtube.com/watch?v=FhFibpHSJFE#t=41m01s
Different levels of security are appropriate for different situations. For instance I expect the military to have stronger security in every respect than I personally feel I need for myself. President Obama's point of view is rational in the context of a free and open society.
Aren't you presuming that context!? Given the behavior of the TLAs?
It's a huge part of the reason high quality encryption has such a thriving market, because of that behavior.
It might be a good moment for readers to consider acquiring the source code of some high quality open source encryption libraries.
By "TLA" I'm thinking you mean outfits such as NSA, but can you say what this acronym means? More generally I would like to understand how you think an encrypted smartphone significantly protects privacy? Who we are and where we are can be determined in many ways. It seems to me that privacy/safety has to be achieved through other means.
Three Letter Agency
Well, governments wouldn't be so freaked by them if they didn't protect privacy, would they?
Indeed. Smartphones are location trackers. By design. If you're serious about privacy, you just don't use them. Or if you must, you nuke the cell radio, and only connect via public WiFi hotspots, using VPN services and Tor. Just as you do with other computers.
It is just a matter of time before unbreakable encryption is illegalized in the U.S. by federal law and ways to get full, unfettered access to user data is mandated.
The next thing you know, the U.S. government will be indicting corporations that do not comply with their demands... and no corporation has ever survived a federal indictment.
So what ?
Nerds are notorious for their ability to come up with innovative solutions to problems. It might be a real challenge, but I would bet that eventually there will be workarounds developed by the greater IT community.
Yes, it's simple. Relocate outside the US, UK, etc.
You have too love a nerd! Their always a head of the curve and times.
Any responsible business, or citizen who wants to sensibly protect their data on computing devices (including smartphones which are minicomputers) - should encrypt the disks from the outset. Obvious threat models including theft and disposal problems mean that if you do not do so, you are automatically vulnerable to loss of intellectual property, business secrets, in breach of data protection legislation; or having identity theft problems, being doxed...
This is independent of any views of what the TLAs (Three letter agencies) are up to, and their over-reach - it's 101 stuff because the threats I mention are real and run-of-the-mill.
Protecting against TLA attack is not within the powers of most people, but then, what most people want is to avoid the indiscriminate bulk surveillance disaster. Even if you try the "I've got nothing to hide" line, you'd better worry about false positives which will get you on some watch list or no-fly before you know it, with no redress.
PS - improving privacy/safety is by no means confined to technical controls. If you are interested, read up about operational security, which is perhaps even more critical.
Certainly those potential scenarios are real, but security should be proportional to threat don't you think? What I observe is most people could do a whole lot better with security without venturing into encryption. People can't even remember the passwords to their email accounts, or understand how web based automated password recovery systems can be back doors.
Encryption also poses risks. You only need to read forums for encryption software where desperate users are trying to recover their data because they lost the password or something malfunctioned...whatever.
TLA = "Three Letter Agencies" thank you! lol And by the way, I don't buy the "I have nothing to hide" philosophy. When people say they have nothing to hide I think they mean they're not engaging in criminal activity, but I bet there's a lot going on in their lives that they don't want other people & TLAs rummaging around in. But as you say defending against TLA attack is beyond most people.
Can you say more about operational security? Does this include things like not putting your critical passwords on sticky notes attached to your monitor, posting on social media when you going to be away on vacation (so people know when it's a good time to burgle your house)...things along those lines? Taking a stand on cell phone encryption seems almost silly when you consider all the ways that people do not protect their privacy.
Let's start with businesses. In my view, almost all businesses are not fulfilling their fiduciary responsibility to their shareholders if they fail to encrypt their business data. You only have to think of recent data breaches to understand why (Sony etc). In some countries, the data protection registrar would be very unhappy if you failed to protect your data in this way, and in some industries, it's mandated (HIPAA etc). Obviously, this needs to be combined with access controls, and protection against remote threats, disk encryption is not the only measure you need by any means.
For end users, encryption can be invisible if done correctly, or require a pin and/or dongle to boot. A TPM chip helps if you use Windows/Bitlocker. Anyone has to make their own risk/reward calculations, I find it pretty straightforward to justify, things like smartphones & laptops have a high risk of theft, and desktop systems have to be encrypted if only because you have to dispose of the disks safely when they fail.
Backup (including password management) is necessary regardless of encryption, so that argument is a pretty poor one. If a person can't be bothered with backup, then that's their lookout frankly.
It sounds to me as if you're somewhat fearful of the scene, and I understand that coming from a place where you haven't operated it for a time. What I can confirm is that the water is pretty nice once you take the plunge, and you can include strong protection of even the technologically illiterate (e.g. family).
Why Are We Fighting the Crypto Wars Again?
Just like put down your gun. Easy to say when the man voicing that is surrounded by scores of armed secret service agents.
How Cops Could Wiretap Encrypted iMessage and WhatsApp Chats
Former US anti-terror chief tears into FBI over iPhone unlocking case
Without seeing the actual bill it's hard to know how accurate the stated opinions are. For instance the article offers this quote (supposedly) from the bill:
“To uphold the rule of law and protect the security and interests of the United States, all persons receiving an authorized judicial order for information or data must provide, in a timely manner, responsive and intelligible information or data, or appropriate technical assistance to obtain such information or data.”
Based on this Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology says “This basically outlaws end-to-end encryption". Someone else latter states “this would seem to also be a massive internet censorship bill.”
That goes far beyond what is stated about the bill in the article. I would like to see a lot more substantive information to support such sweeping conclusions.
I believe the discussion pertains to the draft bill, which Wired linked to and I quote included that link. Did you read it?
Well, the Drug War hasn't worked out so well, has it?
I had not read it; I based my first post on the content of the Wired article. However I have read it now, and I still do not see how it "basically outlaws end-to-end encryption" or constitutes "a massive internet censorship bill". I am interested though in hearing others make the case.
Lol, the bill is utterly ridiculous.
They just do not get the fact they are trying to outlaw math. It is even more futile than the war on drugs.
A more viable solution to the problem is to stop teaching math (well that has partially happened), bar cryptography/math research and wipe the brains/execute all the cryptographers. Maybe that will be in the revised draft.
That and totally cut off international Internet connectivity. Or conquer the world
Separate names with a comma.