Paris attacks: Silicon Valley in crosshairs over encryption

By COKid
in Real World News

 Share

Recommended Posts

Grand Master

COKid

Posted
Posted

Grief over the Paris attacks will soon make way to demands for action.

As well as increased military activity, and the controversial suggestions to close the door on refugees, the next battle in the "surely something can be done" arena will be aimed squarely, and angrily, at Silicon Valley.

Tech companies were already under pressure to make it easier for governments to access "private" communication apps and services. Those calls have intensified greatly since the attacks in Paris.

"If you create a product that allows evil monsters to communicate in this way, to behead children, to strike innocents - whether it's at a game in a stadium, in a small restaurant in Paris, take down an airline - that is a big problem," Dianne Feinstein, who chairs the Senate Intelligence Committee, told MSNBC.

"We need hi-tech's help in securing an internet [where] even with a court order you can't get to what they're saying.

"That's a big problem."

Cracking comms

The "problem" is to do with encryption.

Without encryption, all of the things we do online would be insecure, be it emailing, or shopping, or banking. They all rely on the principle that if you encrypt data using complex mathematics it is nigh-on impossible to crack.

If you're using communication apps such as WhatsApp, Apple's iMessage, WeChat and so on, your messages are encrypted by default.

It means that even if those companies wanted to hand over your messages to law enforcement, they couldn't.

That's bad, some say.

"There are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it," said CIA director John Brennan at a security forum on Monday.

"And I do think this is a time for particularly Europe, as well as here in the United States, for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people that they are asked to serve."

Source and rest of article: http://www.bbc.com/news/technology-34855462

 

Link to comment
Share on other sites
Grand Master

neufuse Veteran

Posted
  • Veteran
Posted (edited)

person 1: we need to encrypt! people are stealing our personal data like credit card numbers!

person 2: we can't encrypt! terrorists are winning!

person 3: we should encrypt everything, the NSA is watching!

person 4: ban encryption! you might do something evil!

Zuckerberg: Give me all your data screw encryption!

Edited by neufuse
  • hagjohn and DConnell
  • Like 2
Link to comment
Share on other sites
Grand Master

DocM

Posted
Posted

The would be Sen. Dianne Feinstein, Democrat Senator from California, and a female, who graduated from Stanford University, and is the former Chair of the Senate Intelligence Committee and now it's ranking minority member.    

I may not agree with her politically, but she's a sharp blade and knows the issues far better than you do.

Link to comment
Share on other sites
Grand Master

hagjohn

Posted
Posted

Nobody in congress is well informed on issues. In fact, I think its a qualification, of the job, to be a dumb ass. I can appreciate the gov't needing to know if anything nefarious is happening but I also would like my device to be protected from thieves across the world. 

Link to comment
Share on other sites
Mentor

Veiva

Posted
Posted (edited)

The would be Sen. Dianne Feinstein, Democrat Senator from California, and a female, who graduated from Stanford University, and is the former Chair of the Senate Intelligence Committee and now it's ranking minority member.    

I may not agree with her politically, but she's a sharp blade and knows the issues far better than you do.

You seem to think you know a lot about me, but evidently you don't. And for the record, I'm certain I have a much better idea on security and encryption than she does. Hands-on experience, too--I managed to circumvent Windows Media DRM some years ago with a pretty novel attack I developed on my own. Woop, decrypted WMVs... :)

What they're considering is giving security agencies a back door, not doing away with encryption entirely. 

Seems I know more than you, too. Pray tell, how would you create a backdoor that can't be exploited by anyone but authorized individuals? It's never been successful, and never will be. Unless you're saying the government can produce a better tech that is unexploitable? I fear the free market has tried, from game consoles to cell phones to servers to media, and they've failed every time. And even the government doesn't have a good track record--I mean, Snowden's leak from the entity responsible for securing this country, the recent theft of millions of federal workers' data...

For the record, making encryption illegal doesn't prevent attackers. Do you know how the internet works? There's plenty of encryption libraries of various qualities all over the web. They're open source. The most popular being OpenSSL and its forks, LibreSSL and BoringSSL. There is nothing the government can do to prevent individuals from compiling these libraries on their own and using it in their own communications. The neat thing about encryption is I could send encrypted messages via insecure forms of communication by encrypting some media (most likely text) and simply sending some encoded form of the encrypted blob via email, text... I'd provide to peers a public key. They could decrypt, but they couldn't forge messages using the private key I would possess. Verification and security in one go.

How do you stop that? What good is a backdoor in Gmail if I perform the encryption offline? What good is a backdoor in Windows 10 if I am using a disposable Raspberry Pi unit running a light-weight audited OS? When I'm done, I microwave the SD card. Ooops... No tracing it back to me!

By forcing backdoors and limiting encryption, you only make the criminals harder to trace. At the same time, you are compromising your own people, and making it easier for nefarious groups acting in their interests. Or worse, in the interests of some state or terrorist organization... And you're also making criminals out of citizens without merit. Encryption causes no harm when used by almost every citizen of every country, just like your gun fetish causes no harm as long as you don't kill someone. Amazing!

And yes, I put backdoor and limited encryption in the same category. How do you backdoor some data encrypted offline by a user with AES? There's only one very long key that will decrypt it. That's how it works.

And like I said, the Paris attackers were using SMS. Unencrypted. So secure.

Edited by Veiva
  • FloatingFatMan and Ph1b3r0pt1c
  • Like 2
Link to comment
Share on other sites
Grand Master

exotoxic

Posted
Posted

What they're considering is giving security agencies a back door

What exactly would they achieve??

If it's a backdoor for them it's a backdoor for anyone.

If all encryption had backdoors someone would invent a new one that doesn't and wouldn't hand over the source.

It's a danger/loss for everyone except the people who it intends to target.

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.