Privacy not absolute: US among consortium of nations calling for encryption back doors

24

Comments

  • Reply 21 of 67
    blastdoor said:
    A secure "backdoor" for governments to lawfully obtain personal/private information in order to pursue criminals and protect law-abiding citizens would be a very good thing

    An insecure "backdoor" that criminals or hostile governments could use to access the private information of law-abiding citizens (or companies, or governments) would be a very bad thing

    The problem is that a "secure backdoor" simply may not exist, and any attempts to create one might land us in the second case. 

    I wonder if a solution might be to have variation in encryption schemes with respect to the computational cost of breaking the encryption. So, encryption of personal communication among ordinary folks (iMessage, mail, social media, etc) uses encryption that is strong enough that it can't be broken using, say, a $10k computer crunching for a week but can be broken using, say, a $1 million computer crunching for an hour or two. 

    Then use progressively stronger (aka, more costly to break) encryption for higher value data and for more trusted individuals/groups. 


    So spying should only be for rich people, corporations and governments? What problem does your method solve?
  • Reply 22 of 67
    JUST SAY NO TO BACKDOORS!:

    https://www.eff.org


    Technojihad


    SpamSandwich
  • Reply 23 of 67
    mac_128mac_128 Posts: 3,454member
    I see some nasty early morning tweets coming in Tim Cook’s future. Remember the Apple boycott of 2016 over this exact same issue? 
  • Reply 24 of 67
    badmonk said:
    Crap, I am so pissed off.  They already have access to our Twitter, FB, Google, iCloud data and access to location data.  What more do they want???
    Emh...everything else they don't have access to? Isn't that clear?
    baconstangmuthuk_vanalingamwatto_cobra
  • Reply 25 of 67
    The dystopia future can't arrive soon enough. Welcome 1984.
  • Reply 26 of 67
    chelinchelin Posts: 106member
    With the exception of Canada and NZ the commonality of these nations are that they are rules by powertripping narcistic rulers. A sad day for democracy indeed!


    watto_cobra
  • Reply 27 of 67
    Our government can't even keep classified military technology secret. Imagine if they had back doors to mobile devices. I guarantee you that software would leak out for anyone to use. 
    chelinanton zuykovwatto_cobra
  • Reply 28 of 67
    The day our governments stop throwing whistleblowers in jail while protecting criminals will be the day we start trusting them. Until then... 
    mac_dogLukeCageanton zuykovwatto_cobradavgreg
  • Reply 29 of 67
    These forums should be for good technical debate, not one-sided arguments stating mostly the obvious. Obviously there is rationale for the other side but nobody on this forum is expressing it. So I will.

    Here's one question of interest: Apple's product's users are from America and a wide variety of other countries, many of which are hostile to the US. Do all of Apple's customers require the same degree of privacy? Is it technically possible for Apple to build, or for the US government to require, different levels of security for users in different countries? Or do all users all over the world expect and get maximum privacy and security from US products? E.g., should Apple product users in Iran or ISIS get unbreakable cryptographic protection with no key escrow? Is Apple morally right to provide high grade privacy to its users everywhere equally?

    This is just one issue of interest. There are other interesting questions. Too bad this forum doesn't raise any of the thought provoking issues. What websiet must I visit to find the interesting issues debated?
  • Reply 30 of 67
    flaneurflaneur Posts: 4,526member
    chelin said:
    With the exception of Canada and NZ the commonality of these nations are that they are rules by powertripping narcistic rulers. A sad day for democracy indeed!


    We can also observe that they are all "Anglo-Saxon" countries, commonly so-called, the most "advanced" of the Indo-European (formerly known as Indo-Aryan) cultures. ("Advanced" -- hah!) 

    White supremacists should be proud of their champions in law enforcement here. 😑
    watto_cobra
  • Reply 31 of 67
    chelin said:
    With the exception of Canada and NZ the commonality of these nations are that they are rules by powertripping narcistic rulers. A sad day for democracy indeed!


    Why "exception of Canada and NZ"?  They are willing and active participants in this and have been for a long time.  Just cause they don't currently have conservative government doesn't mean that was always the case or will always be the case.  Unfortunately all major parties in these countries support ever increasing mass surveillance.
    watto_cobra
  • Reply 32 of 67
    GHammer said:
    I think that tech companies are going to find that they are NOT larger than government interests. Along with their censorship, techs seem to think they answer to no other authority. Unless it is worth dollars as in China. When it involves hard cold cash, your privacy doesn't take a back seat, it's dumped along side the road. All Five Eyes needs do is make a revenue arrangement and all your data will be cheerfully delivered.
    Our US government exists because of the people, not the other way around. We are the ones who have given the States permission to form a Federal government and at some point in the future we may decide to end that agreement.
    StrangeDayswatto_cobra
  • Reply 33 of 67
    flaneurflaneur Posts: 4,526member
    These forums should be for good technical debate, not one-sided arguments stating mostly the obvious. Obviously there is rationale for the other side but nobody on this forum is expressing it. So I will.

    Here's one question of interest: Apple's product's users are from America and a wide variety of other countries, many of which are hostile to the US. Do all of Apple's customers require the same degree of privacy? Is it technically possible for Apple to build, or for the US government to require, different levels of security for users in different countries? Or do all users all over the world expect and get maximum privacy and security from US products? E.g., should Apple product users in Iran or ISIS get unbreakable cryptographic protection with no key escrow? Is Apple morally right to provide high grade privacy to its users everywhere equally?

    This is just one issue of interest. There are other interesting questions. Too bad this forum doesn't raise any of the thought provoking issues. What websiet must I visit to find the interesting issues debated?
    One semi-technical area of debate not yet covered here, or left unstated: How does your phone differ from your filing cabinet, your closet, your car, your safe -- all of which are open for inspection by investigators with a warrant?

    I'd argue that your phone is closer to the memory in your own brain than it is to any external repository of "evidence," and we usually don't allow "back doors" into the brain, like torture or drugs. Yet.




    wonkothesanepalomine
  • Reply 34 of 67
    When nations speak of back doors it’s time for Apple and others to double down on encryption. 
    watto_cobra
  • Reply 35 of 67
    lkrupp said:
    Because nobody cares. We in the U.S. put our fellow citizens in concentration camps because we were afraid. Ask George Takei how that happened. 
    George is the last person to ask- he votes for and endorsed the very party that put him in that camp.

    but I have news for you and those others who think they can get away with it:  encryption doesn’t obey laws.

    They can compromise people and companies but it’s much harder to compromise technology.

    and if they exploit their backdoors people will quickly switch.

    people think PGP wasn’t popular because it was too hard to use- nope it wasn’t popular because it wasn’t needed.

    but every generation of kids is more and more tech savvy.

    and every generation has better privacy technology at their fingertips.
    cgWerksmac_dogwatto_cobra
  • Reply 36 of 67
    A quick google search for encryption software turned up 101,000,000 results.  These governments may want (or order) cellphone and computer makers to provide a back door to their products encryption but the internet is rife with encryption software products without backdoors from developers all around the world.  This is like them trying to push toothpaste back into the tube.  Data encryption is here worldwide and is not going away. Sure, they could try to pass a law that would attempt to put you in jail for not giving them the passkey but this has been litigated here and for now the SCOTUS has said they can't do that. Users who encrypt their data with very long alpha-numeric keys can be quite confident that these governments or hackers best supercomputers will not hack your passcode in your lifetime.

    Lets look at the math:
    There are typically ~192 possible options for each passcode character.  So the formula is 192 to the nth power where n is the number of characters in the passkey.
    4 character passkey would make 1,358,954,496 possible combinations. (192x192x192x192)
    6 character passkey would make 50,096,498,540,544 possible combinations. (192x192x192x192x192x192)
    8 character passkey would make 1,846,757,322,198,610,000 possible combinations. (192x192x192x192x192x192x192x192)
    12 character passkey would make 2,509,659,166,022,730,000,000,000,000 possible combinations. (192x192x192x192x192x192x192x192x192x192x192x192)

    Ok, lets assume you set a 12 character passkey and a government or a hacker would get lucky and hack the passkey after testing only half the possible combinations, that is still 1,254,829,583,011,360,000,000,000,000 possible combinations to test.  I know of no law enforcement group or hacker with a bunch of super computers in their garage but for the sake of argument lets assume they bought a bright shiny new $100,000,000 supercomputer that would be able to test 125,000 passkeys a second and be lucky enough to hit the passkey after only 50% of the possible attempts, In this case the passkey may get hacked in 318,323,080,418,915 years. Ok, say they apply 100 bright shiny new $100,000,000 supercomputers to the task that means 3,183,230,804,189.15 years.  

    You can see this brute force approach is futile for users who set reasonably long passkeys.

    Here are some typical hack times for these various passkey lengths: 
    4 characters -  1.5 days to test 50% and up to 3.0 days for 100%.
    6 characters - 6.4 years to test 50% and up to 12.7 years for 100%.
    8 characters - 234.2 years to test 50% and up to 468.5 years for 100%.
    12 characters - 318,323,080,418,915 years to test 50% and up to 636,646,160,837,830.5 years for 100%.

    Easy to see why they (government or hackers) might want a back door.

    mac_dogwatto_cobra
  • Reply 37 of 67
    Soli said:
    badmonk said:
    Crap, I am so pissed off.  They already have access to our Twitter, FB, Google, iCloud data and access to location data.  What more do they want???

    Wow. Just wow.  
    edited September 2018 watto_cobra
  • Reply 38 of 67
    You can not simultaneously make a system more secure by introducing intentional security vulnerabilities. It comes as no surprise to me that such an oxymoron would be promulgated by governments.
    JessiReturnswatto_cobra
  • Reply 39 of 67
    badmonkbadmonk Posts: 1,285member
    Soli said:
    badmonk said:
    Crap, I am so pissed off.  They already have access to our Twitter, FB, Google, iCloud data and access to location data.  What more do they want???

    wow thanks for that link...i now demand an appearance from GatorGuy to explain this away...
    SpamSandwichStrangeDayslkruppwatto_cobra
  • Reply 40 of 67
    Is it technically possible for Apple to build, or for the US government to require, different levels of security for users in different countries? Or do all users all over the world expect and get maximum privacy and security from US products? E.g., should Apple product users in Iran or ISIS get unbreakable cryptographic protection with no key escrow? Is Apple morally right to provide high grade privacy to its users everywhere equally?

    This is just one issue of interest. There are other interesting questions. Too bad this forum doesn't raise any of the thought provoking issues. What websiet must I visit to find the interesting issues debated?
    It’s not technically possible.  You put the back door in there for government and the system is compromised for everyone, and will be exploited by other governments and criminals.

    There is no forum where you can have the kind of discussion you want because forums themselves have been compromised.

    Look at how Twitter and Facebook are censoring what you can say?

    If governments get their way with backdoors this will be everywhere all the time.

    Younwont be able to call the president a badgers while alone in your car driving down a highway in the middle of nowhere because your phone will be recording it and AI will determine you made a threat.

    thats the future they want. Total control, total power.

    this is what evil is and why the responses are “one sided”
    mac_dogStrangeDayswatto_cobra
Sign In or Register to comment.