Apple, other tech companies continue to resist encryption backdoor proposals by FBI, U.S. ...

Posted:
in General Discussion
A group made up of Apple and other major technology companies is increasing its efforts to fight attempts by government agencies to force the addition of encryption backdoors, following reports US law enforcement bodies are forming new proposals to gain access to protected data.

J. Edgar Hoover FBI Building
J. Edgar Hoover FBI Building


The privacy-focused coalition, Reform Government Surveillance (RGS), issued a statement following reports the FBI and the U.S. Department of Justice are preparing another push to get tech companies to add backdoors to their products, to defeat end-to-end and device-based encryption measures.

"Recent reports have described new proposals to engineer vulnerabilities into devices and services - but they appear to suffer from the same technical and design concerns that security researchers have identified for years," the statement first spotted by ZDNet reads. "Weakening the security and privacy that encryption helps provide is not the answer."

RGS refers to a report from March 26, claiming the FBI and Justice Department members had met with security researchers on ways to enable "extraordinary access" to encrypted devices, and are apparently convinced it is possible to enable a backdoor without weakening security completely.

The technique suggested apparently involved using a special access key that would be generated whenever a device encrypts itself, which would be used to detour around passcodes. Such a key would be stored locally in a separately encrypted space, similar to the Secure Enclave on iOS devices.

Such a system could require a number of people at Apple and other firms to have access to the key, but the large numbers of people involved would raise the risk of leaks that would undermine the security.

RGS recently agreed to add a sixth core principle to its list, to guide its future advocacy efforts. The principle, titled "Ensuring Security and Privacy through Strong Encryption," calls for governments to stop attempting to force companies to add backdoors to their devices, apps, and services.

"Strong encryption of devices and services protects the sensitive data of our users," the principle reads, noting encryption protects governments as well as individuals and businesses. "Strong encryption also promotes free expression and the free flow of information around the world."

Forcing technology companies to create vulnerabilities that work against encryption would "undermine the security and privacy of our users, as well as the world's information technology infrastructure."

While RGS acknowledges that governments are "responsible for protecting the safety and security of their citizens," and are increasing their demands for law enforcement officials to gain access to user data as part of an investigation, the group "respectfully disagrees" with calls for legislation that would require the creation of purpose-built vulnerabilities.

Rather than adding a backdoor, RGS advises the companies that make up the coalition would continue to collaborate with policymakers to "seek out common sense solutions that are consistent with established norms of privacy, free expression, and the rule of law."

The normal argument against law enforcement backdoors is that they are inherently unsafe, due to the possibility of being misused by hackers or foreign governments with malicious intents.

Apple senior vice president of software engineering Craig Federighi advised last month "Proposals that involve giving the keys to customers' device data to anyone but the customer inject new and dangerous weakness into product security. Weakening security makes no sense when you consider that customers rely on our products to keep their personal information safe, run their businesses, or even manage vital infrastructure like power grids and transportation systems."

RGS counts Apple as one its members, along with other well-known firms, including Google, Facebook, Microsoft, Oath, LinkedIn, Dropbox, Evernote, Snap, and Twitter. A previous effort by RGS involved writing an open letter to members of the US government and law enforcement, urging for a drastic change in surveillance laws, following the bulk-collection of data revealed by former NSA contractor Edward Snowden, with the revelations prompting the creation of the group.
«1

Comments

  • Reply 1 of 28
    rob53rob53 Posts: 1,915member
    Makes sense to not allow backdoors, which is why governments and police forces won’t listen or care. 
    SpamSandwichracerhomie3jbdragonivanhbluefire1steven n.acejax805tzm41lostkiwi
  • Reply 2 of 28
    SpamSandwichSpamSandwich Posts: 29,902member
    When encryption is declared illegal, only criminals will have real security.
    edited May 2 racerhomie3macseekerrob53pslicegeorgie01cornchipjbdragonbluefire1steven n.acejax805
  • Reply 3 of 28
    LukeCageLukeCage Posts: 161member
    As they should, it's black and white and they know it you can't put a backdoor in and only expect the "good guys" to use it. Also ask one of the many 3 or 4 letter agencies for their many zero day hacks and stop BSing the public. 
    racerhomie3designrStrangeDaysbshankwatto_cobra
  • Reply 4 of 28
    nunzynunzy Posts: 662member
    Apple is doing right by its customers. More big corrporations should be like Apple.
    racerhomie3psliceacejax805StrangeDayslostkiwibaconstangwatto_cobra
  • Reply 5 of 28
    racerhomie3racerhomie3 Posts: 706member
    Meanwhile at Facebook,
    give us your WhatsApp data. We are good people.
    edited May 2 cornchipolslostkiwibaconstangwatto_cobra
  • Reply 6 of 28
    sflocalsflocal Posts: 4,244member
    The only certainty here is that the moment a government-mandated back-door is implemented, every nefarious hacker will be spending countless hours finding that key to enter.

    What then will the government do WHEN that happens?  Blame Apple and others for allowing a hacker to download everyone's text history for ransom?
    edited May 2 lostkiwiwatto_cobra
  • Reply 7 of 28
    rob53rob53 Posts: 1,915member
    sflocal said:
    The only certainty here is that the moment a government-mandated back-door is implemented, every nefarious hacker will be spending countless hours finding that key to enter.

    What then will the government do WHEN that happens?  Blame Apple and others for allowing a hacker to download everyone's text history for ransom?
    The government won't care and will do nothing more than give some lip service (with their own spin to it). They will have what they want and to them, that's all that matters. Once again, We The People will be left out in the cold having to fend for ourselves. 
    georgie01cornchipolslostkiwibaconstangwatto_cobra
  • Reply 8 of 28
    pslicepslice Posts: 63member
    I support Apple's efforts to stop the backdoor to it's encryption. I know that some use it to do bad, but for the most part folks want their "stuff" safe from intrusion. The way the government seems to be operating, I am happy that Apple is telling them "No."
    georgie01olsbaconstangwatto_cobra
  • Reply 9 of 28
    cornchipcornchip Posts: 1,098member
    When encryption is declared illegal, only criminals will have real security.
    Well, and the government.
    watto_cobra
  • Reply 10 of 28
    SpamSandwichSpamSandwich Posts: 29,902member
    cornchip said:
    When encryption is declared illegal, only criminals will have real security.
    Well, and the government.
    In many cases, the criminals are the government (this comment applies to all political parties).
    edited May 2 designrwatto_cobra
  • Reply 11 of 28
    jbdragonjbdragon Posts: 1,865member
    If the U.S. requires a backdoor, other Government would request the SAME access. Countries like China and Russia. Now they have Backdoor access to anyone's phones also, including U.S. Citizens!!! The Keys would end up leaked at some point as the list of people that have those keys grow. Sure they'll say one thing like Apple would only have the keys. But in time they would requests those keys. China already requested Apple's iCloud keys in their own country for their citizen's. That's now where they're at!!!

    The Government wanted weakened security because of a TINY fraction of people. So screw everyone for the minority!!! More dumb logic. There's a reason most Encryption software development is done outside of the U.S. It's because of this crap. It should have been done and over with, with the whole Clipper Chip garbage when ended up getting cracked. The government saw reason finally and stopped it. What country would buy U.S. products knowing there was backdoor access in the hardware? That was the biggest reason they stopped it.

    Fact of the matter is, you can buy a Android Phone and throw on any number of 3rd party Open source Encryption software that has NO BACK DOOR, and the U.S. Government can't do anything to stop that. So most users are screwed, and the Criminals will figure out can to protect themselves.

    Once people know there's a backdoor that exists, people will be trying to figure it out and at some point getting in. Though the keys will get out anyway. How many leaks now has the Government have so far. Many!!! Once the Key spreads around from the FBI to the Police departments and around the world to all the other countries, it's only a period of time before someone puts them out there. Maybe someone gets bribed for them. It's going to happen. Then it's all of US that start being screwed over.
    edited May 2 ivanhbaconstangwatto_cobra
  • Reply 12 of 28
    Cesar Battistini MazieroCesar Battistini Maziero Posts: 135unconfirmed, member
    There is no such thing as a backdoor for the FBI!!!

    It's a backdoor for anyone who wants in.


    JFC_PAbshankwatto_cobra
  • Reply 13 of 28
    SpamSandwichSpamSandwich Posts: 29,902member
    jbdragon said:
    If the U.S. requires a backdoor, other Government would request the SAME access. Countries like China and Russia. Now they have Backdoor access to anyone's phones also, including U.S. Citizens!!! The Keys would end up leaked at some point as the list of people that have those keys grow. Sure they'll say one thing like Apple would only have the keys. But in time they would requests those keys. China already requested Apple's iCloud keys in their own country for their citizen's. That's now where they're at!!!

    The Government wanted weakened security because of a TINY fraction of people. So screw everyone for the minority!!! More dumb logic. There's a reason most Encryption software development is done outside of the U.S. It's because of this crap. It should have been done and over with, with the whole Clipper Chip garbage when ended up getting cracked. The government saw reason finally and stopped it. What country would buy U.S. products knowing there was backdoor access in the hardware? That was the biggest reason they stopped it.

    Fact of the matter is, you can buy a Android Phone and throw on any number of 3rd party Open source Encryption software that has NO BACK DOOR, and the U.S. Government can't do anything to stop that. So most users are screwed, and the Criminals will figure out can to protect themselves.

    Once people know there's a backdoor that exists, people will be trying to figure it out and at some point getting in. Though the keys will get out anyway. How many leaks now has the Government have so far. Many!!! Once the Key spreads around from the FBI to the Police departments and around the world to all the other countries, it's only a period of time before someone puts them out there. Maybe someone gets bribed for them. It's going to happen. Then it's all of US that start being screwed over.
    If one travels to China or Russia, use a local phone and do not take anything which requires wifi or Internet access to work back and forth to the US. 'Take nothing electronic' is my position. And definitely do not access any online services which require you to enter a password.
    edited May 2 JFC_PAbshankwatto_cobra
  • Reply 14 of 28
    bluefire1bluefire1 Posts: 817member
    If we keep government out of the privacy of our bedrooms, then why allow them into the privacy of our phones.
    jony0watto_cobra
  • Reply 15 of 28
    eightzeroeightzero Posts: 2,159member
    Political forum closing in 3...2...1...

    This is why we can't have nice things.
    tallest skil
  • Reply 16 of 28
    tzm41tzm41 Posts: 70member
    eightzero said:
    Political forum closing in 3...2...1...

    This is why we can't have nice things.
    Discussions here seem pretty informed and civilized. Not sure what you are complaining about?
    SpamSandwichmuthuk_vanalingamwatto_cobra
  • Reply 17 of 28
    FranculesFrancules Posts: 83member
    Does it matter? God is always watching 😉
    lostkiwibaconstangwatto_cobra
  • Reply 18 of 28
    ivanhivanh Posts: 208member
    Nevermind, Siri. Apple has given the master key of iCloud to China. FBI can just ask the same thing from Apple.
  • Reply 19 of 28
    designrdesignr Posts: 357member
    cornchip said:
    When encryption is declared illegal, only criminals will have real security.
    Well, and the government.
    But then you repeat him.
  • Reply 20 of 28
    dewmedewme Posts: 1,689member
    I'd like to see these requests for persistent & pervasive government intrusion into the personal property of US extinguished once and for all by a modern interpretation of the Third Amendment. Unfortunately this is highly unlikely to occur with the current makeup of the Supreme Court and obliviousness that most lawmakers have regarding anything remotely connected to modern technology. IMHO, forcing or sneaking an agent of the government, whether a soldier or a software bot fully controlled by the government, into the personal space of a citizen without their consent is the modern equivalent of forcing citizens to harbor soldiers in their home without consent. 
    designrwatto_cobra
Sign In or Register to comment.