COKid Posted November 18, 2015 Share Posted November 18, 2015 Grief over the Paris attacks will soon make way to demands for action. As well as increased military activity, and the controversial suggestions to close the door on refugees, the next battle in the "surely something can be done" arena will be aimed squarely, and angrily, at Silicon Valley. Tech companies were already under pressure to make it easier for governments to access "private" communication apps and services. Those calls have intensified greatly since the attacks in Paris. "If you create a product that allows evil monsters to communicate in this way, to behead children, to strike innocents - whether it's at a game in a stadium, in a small restaurant in Paris, take down an airline - that is a big problem," Dianne Feinstein, who chairs the Senate Intelligence Committee, told MSNBC. "We need hi-tech's help in securing an internet [where] even with a court order you can't get to what they're saying. "That's a big problem." Cracking comms The "problem" is to do with encryption. Without encryption, all of the things we do online would be insecure, be it emailing, or shopping, or banking. They all rely on the principle that if you encrypt data using complex mathematics it is nigh-on impossible to crack. If you're using communication apps such as WhatsApp, Apple's iMessage, WeChat and so on, your messages are encrypted by default. It means that even if those companies wanted to hand over your messages to law enforcement, they couldn't. That's bad, some say. "There are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it," said CIA director John Brennan at a security forum on Monday. "And I do think this is a time for particularly Europe, as well as here in the United States, for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people that they are asked to serve." Source and rest of article: http://www.bbc.com/news/technology-34855462 Link to comment Share on other sites More sharing options...
neowin1338 Posted November 18, 2015 Share Posted November 18, 2015 Would have helped if they start to investigate on the guy with Kalashnikov and explosives from Montenegro who had Paris in his navi and was stop in Germany weeks earlier Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted November 18, 2015 MVC Share Posted November 18, 2015 Much like 911 where they didn't let things settle down before making rash decisions. DConnell 1 Share Link to comment Share on other sites More sharing options...
neufuse Veteran Posted November 18, 2015 Veteran Share Posted November 18, 2015 (edited) person 1: we need to encrypt! people are stealing our personal data like credit card numbers! person 2: we can't encrypt! terrorists are winning! person 3: we should encrypt everything, the NSA is watching! person 4: ban encryption! you might do something evil! Zuckerberg: Give me all your data screw encryption! Edited November 18, 2015 by neufuse hagjohn and DConnell 2 Share Link to comment Share on other sites More sharing options...
Veiva Posted November 19, 2015 Share Posted November 19, 2015 (edited) But the Paris attackers were using bog-standard unencrypted texts (SMS) to communicate. What does encryption have to do with it? I think Feinstein being on the Senate Committee on Intelligence is a poor choice. He's not intelligent and he's not informed on technology, either. Link to comment Share on other sites More sharing options...
DocM Posted November 19, 2015 Share Posted November 19, 2015 The would be Sen. Dianne Feinstein, Democrat Senator from California, and a female, who graduated from Stanford University, and is the former Chair of the Senate Intelligence Committee and now it's ranking minority member. I may not agree with her politically, but she's a sharp blade and knows the issues far better than you do. Link to comment Share on other sites More sharing options...
hagjohn Posted November 19, 2015 Share Posted November 19, 2015 Nobody in congress is well informed on issues. In fact, I think its a qualification, of the job, to be a dumb ass. I can appreciate the gov't needing to know if anything nefarious is happening but I also would like my device to be protected from thieves across the world. Link to comment Share on other sites More sharing options...
DocM Posted November 19, 2015 Share Posted November 19, 2015 What they're considering is giving security agencies a back door, not doing away with encryption entirely. Link to comment Share on other sites More sharing options...
Veiva Posted November 20, 2015 Share Posted November 20, 2015 (edited) The would be Sen. Dianne Feinstein, Democrat Senator from California, and a female, who graduated from Stanford University, and is the former Chair of the Senate Intelligence Committee and now it's ranking minority member. I may not agree with her politically, but she's a sharp blade and knows the issues far better than you do. You seem to think you know a lot about me, but evidently you don't. And for the record, I'm certain I have a much better idea on security and encryption than she does. Hands-on experience, too--I managed to circumvent Windows Media DRM some years ago with a pretty novel attack I developed on my own. Woop, decrypted WMVs... What they're considering is giving security agencies a back door, not doing away with encryption entirely. Seems I know more than you, too. Pray tell, how would you create a backdoor that can't be exploited by anyone but authorized individuals? It's never been successful, and never will be. Unless you're saying the government can produce a better tech that is unexploitable? I fear the free market has tried, from game consoles to cell phones to servers to media, and they've failed every time. And even the government doesn't have a good track record--I mean, Snowden's leak from the entity responsible for securing this country, the recent theft of millions of federal workers' data... For the record, making encryption illegal doesn't prevent attackers. Do you know how the internet works? There's plenty of encryption libraries of various qualities all over the web. They're open source. The most popular being OpenSSL and its forks, LibreSSL and BoringSSL. There is nothing the government can do to prevent individuals from compiling these libraries on their own and using it in their own communications. The neat thing about encryption is I could send encrypted messages via insecure forms of communication by encrypting some media (most likely text) and simply sending some encoded form of the encrypted blob via email, text... I'd provide to peers a public key. They could decrypt, but they couldn't forge messages using the private key I would possess. Verification and security in one go. How do you stop that? What good is a backdoor in Gmail if I perform the encryption offline? What good is a backdoor in Windows 10 if I am using a disposable Raspberry Pi unit running a light-weight audited OS? When I'm done, I microwave the SD card. Ooops... No tracing it back to me! By forcing backdoors and limiting encryption, you only make the criminals harder to trace. At the same time, you are compromising your own people, and making it easier for nefarious groups acting in their interests. Or worse, in the interests of some state or terrorist organization... And you're also making criminals out of citizens without merit. Encryption causes no harm when used by almost every citizen of every country, just like your gun fetish causes no harm as long as you don't kill someone. Amazing! And yes, I put backdoor and limited encryption in the same category. How do you backdoor some data encrypted offline by a user with AES? There's only one very long key that will decrypt it. That's how it works. And like I said, the Paris attackers were using SMS. Unencrypted. So secure. Edited November 20, 2015 by Veiva FloatingFatMan and Ph1b3r0pt1c 2 Share Link to comment Share on other sites More sharing options...
exotoxic Posted November 20, 2015 Share Posted November 20, 2015 What they're considering is giving security agencies a back door What exactly would they achieve?? If it's a backdoor for them it's a backdoor for anyone. If all encryption had backdoors someone would invent a new one that doesn't and wouldn't hand over the source. It's a danger/loss for everyone except the people who it intends to target. Link to comment Share on other sites More sharing options...
Recommended Posts