Yoda
Member
Master keys, are master keys; there is no way around it and our government has failed and continues to fail at protecting its own IT assets. As much as I agree with most of Obama's policies, this is an unwarranted for power-grab.
-
Hey Guest. Check out your NeoGAF Wrapped 2025 results here!
President Obama: 'You Cannot Take an Absolutist View' on Encryption Issue :(
- Thread starter HUELEN10
- Start date
- Status
Master keys, are master keys; there is no way around it and our government has failed and continues to fail at protecting its own IT assets. As much as I agree with most of Obama's policies, this is an unwarranted for power-grab.
Horseshit Obama.
It's fucking math.
Are we really going to start outlawing mathematics in this country?
One time pad encryption has existed and been legal for well over 100 years, and it is mathematically unbreakable to a degree that Apple could only dream of. I haven't heard any outcry over old fashioned ciphers.
The only difference is that the government is salty that Apple made strong encryption not only easy, but the default state.
It's fucking math.
Are we really going to start outlawing mathematics in this country?
One time pad encryption has existed and been legal for well over 100 years, and it is mathematically unbreakable to a degree that Apple could only dream of. I haven't heard any outcry over old fashioned ciphers.
The only difference is that the government is salty that Apple made strong encryption not only easy, but the default state.
YES
We have a fundamental right to privacy. That is more important for the good of all US Citizens than opening up individual phones for data that may or may not help an investigation.
partyphone
Banned
the isn't the best analogy since the brain is far from a perfect reserve of data. it's a very small and unreliable source.
cpp_is_king
Member
It gets revoked, like certificates do today
It's hard to say that with certainty about an algorithm that literally doesn't exist, don't you think? I'm not a cryptographer, so maybe it's not even possible, but certainly people could think about it
ColtraineGF
Member
If that person had the information in their head, then they would be dead and that's it. Full stop. Any investigator would have to go some different route to get information.
cpp_is_king
Member
No it's a warranted power grab (pun intended). The government has lost the ability to do things it used to be able to do, and nobody had any problems with
Elfforkusu
Member
Who's in charge of the key escrow, and what stops this wonderful target with keys to everyone's data from being hacked?
There's also the non-technical question of "how do you stop it from being secretly abused" (someone always has root), but even the technical side is daunting. Crypto implementations are broken as is. Now we want to increase complexity by an order of magnitude?
Then so can everyone meaning everything is up for grabs and nothing is safe. Considering our whole lives are online and tracked whether you use social networks or not.
cpp_is_king
Member
Who's in charge of issuing search warrants today? I don't hear about massive search warrant abuse.
You could make it a 2 factor key where you need to combine multiple keys to generate OTPs. Idk, get as creative as you want since we're talking about hypothetical algorithms
But we give privacy away all day long. Registering license plates, buying things, IP address, just walking outside!
Who care about phones? We've already lost way worse. So what if the govt looks at my phone? They'll find music, dick pics, linkedin app, Instagram, etc. THEY ALREADY HAVE SO MUCH MORE.
It's not an absolute right.
Elfforkusu
Member
I'm not sure you followed my reasoning? A hacker can't bust into a government server (hello Office of Personnel Management) and get access to everyone's data by way of a search warrant.
Create a database (distributed or centralized!) of backdoor keys? Shit will be on bittorrent before the first year is over.
BlastProcessing
Member
It's not a matter of security vs. privacy. It's security vs. security.
Blake Ross has a really good post on the matter.
Who is asking for absolute privacy besides Ron Swanson? My phone is encrypted, but everything else can be gotten. It's ridiculous that people think just because we have no privacy anywhere else that we can't have it on devices built to have it.
This is absurd.
Certs are different from encryption though. You'd have to reach out and decrypt then re-encrypt all the data that's encrypted with the reversible key. And due to how the algorithm would work, you would have to re-issue new keys to everyone. That's not an easy task.
No, you can make design judgments about an idea without having an example of that idea present. Having this built in weakness automatically detracts the security from a system that doesn't have it.
Base example: There are now two keys that can be used to decrypt the data. That's halving the work for any attacker who's looking for it.
The problem is that it's the equivalent to a key to everything without a warrant and the key can be found by hackers via backdoor too.
veloxStrix
Banned
Privacy from the government isn't even the (main) issue. It's privacy from the people who will take advantage of the flaws in encryption created by enabling the government to have easy access to these devices.
Since we seem to like the door analogy, here is a decent one. You have a lock on your door, with a PIN Code to open it. You are the only person who knows it - you have it memorized in your head. Not even the company who made the lock knows your exact code. But then you write it down and give it to someone else who is ABSOLUTELY trust worthy. They would NEVER lose that slip of paper. But that point stands, now the code that used to be only in your head is written down on a piece of paper out in the world.
Let's say you sign up for a Thornton card. You save a few pennies every time you shop there. Meanwhile, they're storing a dossier on everything you've ever bought. "So what?" you say. Well, suppose you slip on a puddle of water outside Thornton's and decide to sue. Thornton's can respond by introducing into the record your habit of purchasing alcohol and paint you as an alcoholic. It's happened in an arbitration case in the US.
Maybe in college you signed up with Amnesty International because the girl at the table was cute. You never went to a meeting and you forgot about it. Let's say ten years from now AI is somehow linked to the humanitarian work done by Hamas and the Conservative government in power labels Amnesty International a terrorist organization. Then, in a pageant of nationalism, some government official decides that everyone who has any ties to terrorists should be compelled to explain themselves to the CIA. In private. Don't know if that's happened in the UK, but it happened in the US twice.
I could go on. The basic issue is that your behavior at the moment may be completely harmless, but at any point in the future, anyone with an axe to grind against you or anything you've touched can use your behavior against you, out of context, on the offensive, simply because the information is available. Say, for example, you meet a nice girl. You fall in love. You want to marry her. She's got an old flame who she dumped because he was a nasty fuck, but he still holds a candle. Suppose he finds your Reddit username. Downloads a compilation of your GW submissions, prints out a stack of color copies and staples them up around your neighborhood, mails them to your grandma, etc. Have you done anything wrong? No. Has he? Yes. Is he going to be punished? No. Is your relationship with your true love in jeopardy?
Since we seem to like the door analogy, here is a decent one. You have a lock on your door, with a PIN Code to open it. You are the only person who knows it - you have it memorized in your head. Not even the company who made the lock knows your exact code. But then you write it down and give it to someone else who is ABSOLUTELY trust worthy. They would NEVER lose that slip of paper. But that point stands, now the code that used to be only in your head is written down on a piece of paper out in the world.
Let's say you sign up for a Thornton card. You save a few pennies every time you shop there. Meanwhile, they're storing a dossier on everything you've ever bought. "So what?" you say. Well, suppose you slip on a puddle of water outside Thornton's and decide to sue. Thornton's can respond by introducing into the record your habit of purchasing alcohol and paint you as an alcoholic. It's happened in an arbitration case in the US.
Maybe in college you signed up with Amnesty International because the girl at the table was cute. You never went to a meeting and you forgot about it. Let's say ten years from now AI is somehow linked to the humanitarian work done by Hamas and the Conservative government in power labels Amnesty International a terrorist organization. Then, in a pageant of nationalism, some government official decides that everyone who has any ties to terrorists should be compelled to explain themselves to the CIA. In private. Don't know if that's happened in the UK, but it happened in the US twice.
I could go on. The basic issue is that your behavior at the moment may be completely harmless, but at any point in the future, anyone with an axe to grind against you or anything you've touched can use your behavior against you, out of context, on the offensive, simply because the information is available. Say, for example, you meet a nice girl. You fall in love. You want to marry her. She's got an old flame who she dumped because he was a nasty fuck, but he still holds a candle. Suppose he finds your Reddit username. Downloads a compilation of your GW submissions, prints out a stack of color copies and staples them up around your neighborhood, mails them to your grandma, etc. Have you done anything wrong? No. Has he? Yes. Is he going to be punished? No. Is your relationship with your true love in jeopardy?
But why do you expect to have a sliver of privacy when you haven't had any your entire life? That is more absurd.
This line of logic baffles me. Someone steals something and steals more and suddenly people are okay with giving them something valuable?
"He stole my car, my tv, and even my wallet, but sure I'll give him my sofa"
It's defeatist and weird
It also doesn't magically delete all the cached copies of the ciphertext waiting to be decrypted by the compromised key from the world.
Elfforkusu
Member
I mean, there's a reason the entire academic crypto community is united on this. Past moral quandaries, there's not a viable technical solution in sight.
Spoiler: your new algorithm will not work.
Spoiler: your new algorithm will not work.
Yo, but I ran ROT13 twice!
No, you're missing the point. You've already given away your house but you're now up in arms that they've come back for the sofa. That's my favourite sofa, they can't touch that!
No?
You don't have the right to privacy when you're under a criminal investigation, for example.
I don't know why so many people believe they have the right to withhold potentially crucial evidence because of 'freedom', which you wouldn't necessarily have.
Mr_Antimatter
Member
The problem here is there may be no other way to get the info. If one's criminal conspiracy/plot was heavily encrypted, it may be the only source of that info.
If this was a PC, they would just clone the drive, and brute force it. The problem seems to be you can't do that with the phone (well, the NSA/CIA probably could, but they aren't sharing).
The bigger problem is, as designed, there really isn't a way to give the needed info without also giving away the keys to the kingdom.
Elfforkusu
Member
Well, if it was a PC, and the password was strong and the crypto was right, they could spend the rest of the Sun's lifetime brute forcing it and never get the answer.
But you literally do in the US. I believe you call it the fifth amendment?
When will people understand that it's not about protecting the rights of the person using the encryption to hide evidence, it's about protecting everyone's freedom because there is no way to have strong data security when there are backdoors.
Sure courts can get a search warrant that negates the right to privacy, but that doesn't mean they have the power to alter physical reality.
Technically speaking, drives can be encrypted such that brute forcing them is laughably implausible.
The issue with the phones is that the number of valid inputs is so low that the secondary mechanism must be put in place.
In short, legit criminals can already encrypt things to the point where it would be close to impossible to recover.
Your damn right I wouldn't want some prick to take my sofa when it's my sofa.
Why should I give him my sofa? Because he has my house? What bunk logic are you operating on.
It's pure defeatism.
(Also te idea that people have "given away" their privacy is very much contrary to reality)
HUELEN10
Member
It's my fucking sofa. We don't live in a world without property.
Is there any real political force against it? Politicians that matter?
ISWThunder
Member
I really love his idea of compromise. So, the "middle ground" is the government gets exactly what they are asking for and does the exact opposite of what Apple believes is appropriate?
What part of the constitution allows the government to force a private corporation to act against its will when they have done nothing even remotely criminal? It's a classic case of misdirection. Government makes it all about the phone of a terrorist and how unpatriotic Apple is being but completely ignores what they are actually doing.
What part of the constitution allows the government to force a private corporation to act against its will when they have done nothing even remotely criminal? It's a classic case of misdirection. Government makes it all about the phone of a terrorist and how unpatriotic Apple is being but completely ignores what they are actually doing.
No he couldn't (as long as the password in question wasn't a fingerprint iirc)
Unreliable yes ...small no
Elfforkusu
Member
The Berninator is a proponent of civil liberties, he'd probably the closest thing. Rand Paul/Ron Wyden too, but it's not clear if they count.
Well good for you for wanting to protect your sofa. I hope it provides you some comfort.
The Technomancer
card-carrying scientician
That's not the right argument to make here, that just invites the warrant comparison
ColtraineGF
Member
Well if it was a criminal conspiracy, then maybe there are other conspirators. Maybe there is surveillance footage at the local deli where the guy eats. Maybe said person always contacts certain people to organize his plots, and the police subpoenas the phone company (who already collects call and message metadata) for the call records. Maybe he had sent some interesting emails, and Google gets a little letter asking for all the emails he ever sent (and they definitely don't encrypt those things).
Or maybe he was the only one and now he's dead, so he can't do anything to anyone.
As far as I know, you can't unburn a paper. And in the case of the PC hard drive, you are most definitely not brute forcing that if it's using full drive encryption and you have a good password. It's good enough that all the OS has to do is delete the relatively small key used to encrypt it, and that data is as good as deleted.
uhhh, no way. PC encryption is already at the "totally unbreakable" point with the right setup.
People are so caught up in what this may morph into in the future that they ignore this simple fact: the Government cannot and should not force Apple to do this.
If they want to make this a thing, then they should get to writing laws that apply equally to all manufacturers...
...and watch the rest of us laugh as it dies in congress/supreme court.
ISWThunder
Member
Except that if this was a PC using encryption, it's highly unlikely that the password would be 4 digits long and the encryption would be impossible to brute force.
- Status