-
Hey Guest. Check out your NeoGAF Wrapped 2025 results here!
President Obama: 'You Cannot Take an Absolutist View' on Encryption Issue :(
- Thread starter HUELEN10
- Start date
- Status
GoldenEye 007
Member
It's theater, nothing more.
You can't make this much sense in a thread about encryption! Come on dude!
cpp_is_king
Member
Which is why 50 years from now, we will not have the same internet that we do today. I envision a fundamentally different method of internet connectivity where anonymity is no longer a thing and your keys are part of your identity.
If a government can obtain a search warrant for your house, which 50 years go would have contained all the mail you received, personal information, files, etc, why can't they now? i mean aside from technical reasons.
There are legitimate reasons governments need access to information that is currently not available to them. They're not going to let this one slide, and policy will gradually reshape the internet over time as a result.
ElectricThunder
Member
Holy hell this isn't a complicated issue and he/they damn well know as much beyond all these theatrics and grasping---sigh, can't we at least get the simple things right?
They could try to find a way to get Walked in a damned game of T-Ball at this rate.
They could try to find a way to get Walked in a damned game of T-Ball at this rate.
So, here's the problem. I work in the infosec biz. I'm not gonna claim I'm some smart researcher, or some hacker wiz. I'm middle of the pack, straight honest.
Nobody should be okay with that, because that means that the solution (phone privacy) was engineered to be broken. And any solution that is engineered to be broken by one person is gonna be broken by another person. And then that shit gets sold or leaked (another Snowden, for example).
Guys like me, we're not necessarily going out and doing cutting edge research. 99% of my work is using open source & free tools to get what I want done. Cycript, Lobotomy, etc. So, as a infosec guy, I'd love something like this because it'd be an awesome tool for me in assessments.
Similarly, as an infosec guy... I'd hate to see this in the wild because that means protecting my company becomes that much harder.
And finally, as an infosec guy, I really like privacy, and this erodes potential protections. I mean, any lock made by man can be unlocked by man, but I'd like to think that my crypto is safe for at least past my lifetime.
Not exactly sure how far down it would go, but I can see that if this backdoor was made, then there would be a precedent to begin having backdoors and other means of the government gaining encrypted data. Not just a phone but basically anything on pretty much any OS that's still having software updates.
Not only that, but encrypted data you have would basically be the only thing that would be beyond the bounds of the fourth amendment.
I find this kinda similar to when Canada introduced that Bill to enable revoking citizenship for terrorists and how everyone hates it because it messes with the idea of citizenship and give the government too much power over the matter because of the fumbling of what it means to be convicted of terrorism.
I can't possibly know how far it reaches down, but I can assume it could be a lot worse than my worst imaginings.
That the Fourth Amendment has that stuff about probable cause and warrants for a reason?
Don't get me wrong: the government has done some pretty outrageous stuff with respect to mass surveillance, but reading the contents of a hard drive in their possession that belonged to a now-dead terrorist is 100% fair game. If there's a way to open that up without significantly compromising security in general it's the right thing to do.
For centuries the state of the art in privacy could be broken with a drill and some bolt cutters, and things were fine (well, at least as far as privacy goes; polio and slavery and whatnot weren't so hot).
Poodlestrike
Banned
Team Alucard
Banned
And people actually want this guy on the Supreme Court.
spookyfish
Gold Member
Hmmm. That's weird. Because apparently I did, and still do.
Mr_Antimatter
Member
First off, let me say i'm 100% pro apple not building any backdoors or violating their own encryption here. It puts too many at risk.
But from an investigation perspective, heavy encryption does present something of a problem. If one has a warrant to search something, and that something is behind an unbreakable door, what logical course of action exists to go forward with the investigation? If the suspect is alive, he could be compelled to unlock it, but if they are dead, their really isn't as many options to proceed.
It's sort of a clash of rights in action: the government has the right to investigate the data with a warrant, while Apple has the right to be secure in their products on behalf of their customers at large. I'm siding with apple here, needs of the many and all that, but I do understand the law enforcement angle here.
But from an investigation perspective, heavy encryption does present something of a problem. If one has a warrant to search something, and that something is behind an unbreakable door, what logical course of action exists to go forward with the investigation? If the suspect is alive, he could be compelled to unlock it, but if they are dead, their really isn't as many options to proceed.
It's sort of a clash of rights in action: the government has the right to investigate the data with a warrant, while Apple has the right to be secure in their products on behalf of their customers at large. I'm siding with apple here, needs of the many and all that, but I do understand the law enforcement angle here.
HUELEN10
Member
I pray that they are either ignorant or fools and not people actually against the Titan Of Privacy.
hamauzu kaito
Member
When he went on Bear's show he could barely use an iPhone. So, i'll give him a pass.
He's right.
People are foolish for believing that you have the right to own something that no one can get access to, even with a court order.
And Tim Cook... Fucking A. Apple has no issue using your information to give to advertisers, but suddenly he is the bastion of privacy when it stands to make Apple money? It's all bullshit, and it's bad for you.
People are foolish for believing that you have the right to own something that no one can get access to, even with a court order.
And Tim Cook... Fucking A. Apple has no issue using your information to give to advertisers, but suddenly he is the bastion of privacy when it stands to make Apple money? It's all bullshit, and it's bad for you.
HUELEN10
Member
This post proves you aren't as learned on things as you think you are.
Yes. I'm disappointed in Obama's stance here. It's wrong and it's irresponsible.
Oppo
Member
hrm. he should be pivoting, pushing for biometric sensors on guns. pit the NRA against the FBI. I may have been watching House of Cards.
serious answer: there's no "trade off" to make because of the technical nature of the problem. I think the principled yet somewhat disappointing answer is: you let them have it and take this as a natural limit. people can encrypt things. make legal adjustments for compelling the passwords and so forth but if the question is truly, Can People Lock Shit Up? I think the answer has to be yes. and then some platitude about the police fighting with one hand tied even though it is the upper hand etc
serious answer: there's no "trade off" to make because of the technical nature of the problem. I think the principled yet somewhat disappointing answer is: you let them have it and take this as a natural limit. people can encrypt things. make legal adjustments for compelling the passwords and so forth but if the question is truly, Can People Lock Shit Up? I think the answer has to be yes. and then some platitude about the police fighting with one hand tied even though it is the upper hand etc
andythinkpad
Member
He barely gave a slash on the wrist to NSA, what do you expect him to say Libgaf?
Encryption is only an absolute issue. It either works and is secure or its not doing anything. There is no in between. That is how the technology works. I'd rather have secure internet commerce and a measure of privacy then hope that at some point having a back door might possibly help law enforcement arrest someone with info they couldn't get through a myriad of other ways.
Wait, you're the Carson supporter, right?
I take it you don't understand a great many things.
Coriolanus
Banned
And the government is free to devise its own methods to do it, but that's not what this is about.
Not all court orders are legal or constitutional. Judicial review is a thing.
HUELEN10
Member
Wrong.
cpp_is_king
Member
What if someone came up with a new encryption algorithm, where data was encrypted with multiple keys? First is the user's key (eg pin), and that serves as a single element key. Another is a law enforcement key, which uses a key held by the judicial branch to generate one time use keys. Either the master key (PIN) or one time use keys could be used to decrypt things.
Current encryption algorithms don't really work this way, but someone could come up with a new algorithm.
Current encryption algorithms don't really work this way, but someone could come up with a new algorithm.
Okay, this at least makes the argument a more nuanced one... As opposed to the usual 'fuck the government and everything it wishes to do' stance.
I suppose the question should be (and likely will be in the future), should it be legal to make a device which cannot be cracked by any means?
Random Painted HIghway
Member
Obama is correct here. Technology should not be allowed to avoid the execution of search warrants.
The company has the backdoor. Govt requests decrypted files from them. We've had backdoors forever, this isn't some new thing.
Coriolanus
Banned
How would one even determine if a device cannot be cracked?
And when those keys leak or are stolen? What happens to all the compromised devices?
Oppo
Member
but technology already can do this. one time pads do this. not exactly new.
Killing_Joke
Member
If the FBI can't figure it out themselves then move on. Period.
Hes absolutely right.
Its the same selfcentered logic where everyone thinks this is about them and "mah freedomz".
If you can get a deadly weapon, that means everyone else can, including the people you dont want having them. The best solution is limiting everyone. The same applies here.
Its the same selfcentered logic where everyone thinks this is about them and "mah freedomz".
If you can get a deadly weapon, that means everyone else can, including the people you dont want having them. The best solution is limiting everyone. The same applies here.
Okay, allow me to reword it.
Every company must make decryption on their cell phones a possibility, even if it only exists as a backdoor through which only the developer of the phone can access.
If the developers can access it, anyone can.
I don't agree with Obama here, but the government is going to continue to push the issue and they could win. It sucks, and I don't like to think that it will happen, but I believe it will.
Under such a compromise, I want a system that requires multiple keys, so the government can't unlock anything on their own even with a court order, it would require cooperation from multiple sources. Make it as difficult as possible. Also a full disclosure on anytime a device is ordered to be opened by any of these companies. Keep an online, publicly accessible database that shows anytime it occurs. I want to know that it is only being done in the most required situations, and we aren't doing shit like helping china persecute dissenters or anything even remotely close to that.
These companies should not have to silently comply with the government behind closed doors anytime they are ordered to open a customer's device. They should be able to disclose that so we can all see, out in the open, what is going on when it comes to government required breaches of anyone's privacy.
Under such a compromise, I want a system that requires multiple keys, so the government can't unlock anything on their own even with a court order, it would require cooperation from multiple sources. Make it as difficult as possible. Also a full disclosure on anytime a device is ordered to be opened by any of these companies. Keep an online, publicly accessible database that shows anytime it occurs. I want to know that it is only being done in the most required situations, and we aren't doing shit like helping china persecute dissenters or anything even remotely close to that.
These companies should not have to silently comply with the government behind closed doors anytime they are ordered to open a customer's device. They should be able to disclose that so we can all see, out in the open, what is going on when it comes to government required breaches of anyone's privacy.
So, what happens when that master key gets leaked?
Ignoring the simplest potential, it wouldn't really work great. You'd essentially be able to derive the master key from enough plaintext/encrypted messages, especially since the same key would have to be used across all instances of the algorithm for the "master" key to work.
I haven't done the math work on it, but I figure it'd essentially looking up like a differential crpto problem.
Coriolanus
Banned
You're saying that every phone should have a built-in weakness. Suppose this legislation passes. This would be limited to companies manufacturing devices on US shores, evidently.
What then, when users start buying phones produced outside the US? Do you prohibit them from importing them? Do you consider it a crime to use good encryption software?
What then, when China or Russia or whoever, manages to exploit that weakness, for they have factories and devs in their own countries? Is the trade-off fair?
Suppose I have a lock on my back door (pun). The lock company has a copy of the key they gave me. What you're saying is that there is no difference between me locking my door and leaving it wide open, which is not true!
if the govt wants to know where I've been in my car they can access street cameras, highway cameras, etc.
If the govt wants knows where I spend my money they can track my credit card #.
If the govt wants to know who I've been talking to then they can get my phone records.
Add on top of this facial recognition, pattern analysis, talking with known associates and family members, etc.
Maybe I've become too used to giving my privacy away via social networks, sites like NeoGAF, using my credit card, etc. But why do we suddenly draw the line with smartphones? Why must they be walled off? Not trolling, serious question. Why do we willingly give up our privacy 99% of the time but when someone wants to access smartphones we freak out.
If the govt wants knows where I spend my money they can track my credit card #.
If the govt wants to know who I've been talking to then they can get my phone records.
Add on top of this facial recognition, pattern analysis, talking with known associates and family members, etc.
Maybe I've become too used to giving my privacy away via social networks, sites like NeoGAF, using my credit card, etc. But why do we suddenly draw the line with smartphones? Why must they be walled off? Not trolling, serious question. Why do we willingly give up our privacy 99% of the time but when someone wants to access smartphones we freak out.
Then so be it?
That's really the argument, in my opinion- Do you have the right to own something that is impossible to open up, even if a court order is issued?
There's no such thing.
Coriolanus
Banned
Yes? You have the right to the contents of your brain.
Well, you can try to open it up, i guess.
You mean, like the human brain?
partyphone
Banned
backdoor is the wrong word. backdoor implies there some way to short circuit or do an end around of the encryption.
it's technically possible to make multiple keys to the front door.
many people have proposed companies keep these keys in escrow so that they can decrypt devices when served with a warrant.
the issue with this is if the keys are exfiltrated due to a hack or insider theft or whatever.
it's possible to create multiparty keys, which would require the cooperation of several different groups or agencies. but this would create extra bureaucracy that no one will want to pay for.
it's technically possible to make multiple keys to the front door.
many people have proposed companies keep these keys in escrow so that they can decrypt devices when served with a warrant.
the issue with this is if the keys are exfiltrated due to a hack or insider theft or whatever.
it's possible to create multiparty keys, which would require the cooperation of several different groups or agencies. but this would create extra bureaucracy that no one will want to pay for.
- Status