A secure "backdoor" for governments to lawfully obtain personal/private information in order to pursue criminals and protect law-abiding citizens would be a very good thing
An insecure "backdoor" that criminals or hostile governments could use to access the private information of law-abiding citizens (or companies, or governments) would be a very bad thing
The problem is that a "secure backdoor" simply may not exist, and any attempts to create one might land us in the second case.
I wonder if a solution might be to have variation in encryption schemes with respect to the computational cost of breaking the encryption. So, encryption of personal communication among ordinary folks (iMessage, mail, social media, etc) uses encryption that is strong enough that it can't be broken using, say, a $10k computer crunching for a week but can be broken using, say, a $1 million computer crunching for an hour or two.
Then use progressively stronger (aka, more costly to break) encryption for higher value data and for more trusted individuals/groups.
So spying should only be for rich people, corporations and governments? What problem does your method solve?
With the exception of Canada and NZ the commonality of these nations are that they are rules by powertripping narcistic rulers. A sad day for democracy indeed!
Our government can't even keep classified military technology secret. Imagine if they had back doors to mobile devices. I guarantee you that software would leak out for anyone to use.
These forums should be for good technical debate, not one-sided arguments stating mostly the obvious. Obviously there is rationale for the other side but nobody on this forum is expressing it. So I will.
Here's one question of interest: Apple's product's users are from America and a wide variety of other countries, many of which are hostile to the US. Do all of Apple's customers require the same degree of privacy? Is it technically possible for Apple to build, or for the US government to require, different levels of security for users in different countries? Or do all users all over the world expect and get maximum privacy and security from US products? E.g., should Apple product users in Iran or ISIS get unbreakable cryptographic protection with no key escrow? Is Apple morally right to provide high grade privacy to its users everywhere equally?
This is just one issue of interest. There are other interesting questions. Too bad this forum doesn't raise any of the thought provoking issues. What websiet must I visit to find the interesting issues debated?
With the exception of Canada and NZ the commonality of these nations are that they are rules by powertripping narcistic rulers. A sad day for democracy indeed!
We can also observe that they are all "Anglo-Saxon" countries, commonly so-called, the most "advanced" of the Indo-European (formerly known as Indo-Aryan) cultures. ("Advanced" -- hah!)
White supremacists should be proud of their champions in law enforcement here. 😑
With the exception of Canada and NZ the commonality of these nations are that they are rules by powertripping narcistic rulers. A sad day for democracy indeed!
Why "exception of Canada and NZ"? They are willing and active participants in this and have been for a long time. Just cause they don't currently have conservative government doesn't mean that was always the case or will always be the case. Unfortunately all major parties in these countries support ever increasing mass surveillance.
I think that tech companies are going to find that they are NOT larger than government interests.
Along with their censorship, techs seem to think they answer to no other authority. Unless it is worth dollars as in China.
When it involves hard cold cash, your privacy doesn't take a back seat, it's dumped along side the road.
All Five Eyes needs do is make a revenue arrangement and all your data will be cheerfully delivered.
Our US government exists because of the people, not the other way around. We are the ones who have given the States permission to form a Federal government and at some point in the future we may decide to end that agreement.
These forums should be for good technical debate, not one-sided arguments stating mostly the obvious. Obviously there is rationale for the other side but nobody on this forum is expressing it. So I will.
Here's one question of interest: Apple's product's users are from America and a wide variety of other countries, many of which are hostile to the US. Do all of Apple's customers require the same degree of privacy? Is it technically possible for Apple to build, or for the US government to require, different levels of security for users in different countries? Or do all users all over the world expect and get maximum privacy and security from US products? E.g., should Apple product users in Iran or ISIS get unbreakable cryptographic protection with no key escrow? Is Apple morally right to provide high grade privacy to its users everywhere equally?
This is just one issue of interest. There are other interesting questions. Too bad this forum doesn't raise any of the thought provoking issues. What websiet must I visit to find the interesting issues debated?
One semi-technical area of debate not yet covered here, or left unstated: How does your phone differ from your filing cabinet, your closet, your car, your safe -- all of which are open for inspection by investigators with a warrant?
I'd argue that your phone is closer to the memory in your own brain than it is to any external repository of "evidence," and we usually don't allow "back doors" into the brain, like torture or drugs. Yet.
A quick google search for encryption software turned up 101,000,000 results. These governments may want (or order) cellphone and computer makers to provide a back door to their products encryption but the internet is rife with encryption software products without backdoors from developers all around the world. This is like them trying to push toothpaste back into the tube. Data encryption is here worldwide and is not going away. Sure, they could try to pass a law that would attempt to put you in jail for not giving them the passkey but this has been litigated here and for now the SCOTUS has said they can't do that. Users who encrypt their data with very long alpha-numeric keys can be quite confident that these governments or hackers best supercomputers will not hack your passcode in your lifetime.
Lets look at the math: There are typically ~192 possible options for each passcode character. So the formula is 192 to the nth power where n is the number of characters in the passkey. 4 character passkey would make 1,358,954,496 possible combinations. (192x192x192x192) 6 character passkey would make 50,096,498,540,544 possible combinations. (192x192x192x192x192x192) 8 character passkey would make 1,846,757,322,198,610,000 possible combinations. (192x192x192x192x192x192x192x192) 12 character passkey would make 2,509,659,166,022,730,000,000,000,000 possible combinations. (192x192x192x192x192x192x192x192x192x192x192x192)
Ok, lets assume you set a 12 character passkey and a government or a hacker would get lucky and hack the passkey after testing only half the possible combinations, that is still 1,254,829,583,011,360,000,000,000,000 possible combinations to test. I know of no law enforcement group or hacker with a bunch of super computers in their garage but for the sake of argument lets assume they bought a bright shiny new $100,000,000 supercomputer that would be able to test 125,000 passkeys a second and be lucky enough to hit the passkey after only 50% of the possible attempts, In this case the passkey may get hacked in 318,323,080,418,915 years. Ok, say they apply 100 bright shiny new $100,000,000 supercomputers to the task that means 3,183,230,804,189.15 years.
You can see this brute force approach is futile for users who set reasonably long passkeys.
Here are some typical hack times for these various passkey lengths: 4 characters - 1.5 days to test 50% and up to 3.0 days for 100%. 6 characters - 6.4 years to test 50% and up to 12.7 years for 100%. 8 characters - 234.2 years to test 50% and up to 468.5 years for 100%. 12 characters - 318,323,080,418,915 years to test 50% and up to 636,646,160,837,830.5 years for 100%.
Easy to see why they (government or hackers) might want a back door.
You can not simultaneously make a system more secure by introducing intentional security vulnerabilities. It comes as no surprise to me that such an oxymoron would be promulgated by governments.
Is it technically possible for Apple to build, or for the US government to require, different levels of security for users in different countries? Or do all users all over the world expect and get maximum privacy and security from US products? E.g., should Apple product users in Iran or ISIS get unbreakable cryptographic protection with no key escrow? Is Apple morally right to provide high grade privacy to its users everywhere equally?
This is just one issue of interest. There are other interesting questions. Too bad this forum doesn't raise any of the thought provoking issues. What websiet must I visit to find the interesting issues debated?
It’s not technically possible. You put the back door in there for government and the system is compromised for everyone, and will be exploited by other governments and criminals.
There is no forum where you can have the kind of discussion you want because forums themselves have been compromised.
Look at how Twitter and Facebook are censoring what you can say?
If governments get their way with backdoors this will be everywhere all the time.
Younwont be able to call the president a badgers while alone in your car driving down a highway in the middle of nowhere because your phone will be recording it and AI will determine you made a threat.
thats the future they want. Total control, total power.
this is what evil is and why the responses are “one sided”
Comments
https://www.eff.org
Technojihad
Here's one question of interest: Apple's product's users are from America and a wide variety of other countries, many of which are hostile to the US. Do all of Apple's customers require the same degree of privacy? Is it technically possible for Apple to build, or for the US government to require, different levels of security for users in different countries? Or do all users all over the world expect and get maximum privacy and security from US products? E.g., should Apple product users in Iran or ISIS get unbreakable cryptographic protection with no key escrow? Is Apple morally right to provide high grade privacy to its users everywhere equally?
This is just one issue of interest. There are other interesting questions. Too bad this forum doesn't raise any of the thought provoking issues. What websiet must I visit to find the interesting issues debated?
White supremacists should be proud of their champions in law enforcement here. 😑
I'd argue that your phone is closer to the memory in your own brain than it is to any external repository of "evidence," and we usually don't allow "back doors" into the brain, like torture or drugs. Yet.
but I have news for you and those others who think they can get away with it: encryption doesn’t obey laws.
They can compromise people and companies but it’s much harder to compromise technology.
and if they exploit their backdoors people will quickly switch.
people think PGP wasn’t popular because it was too hard to use- nope it wasn’t popular because it wasn’t needed.
but every generation of kids is more and more tech savvy.
and every generation has better privacy technology at their fingertips.
Lets look at the math:
There are typically ~192 possible options for each passcode character. So the formula is 192 to the nth power where n is the number of characters in the passkey.
4 character passkey would make 1,358,954,496 possible combinations. (192x192x192x192)
6 character passkey would make 50,096,498,540,544 possible combinations. (192x192x192x192x192x192)
8 character passkey would make 1,846,757,322,198,610,000 possible combinations. (192x192x192x192x192x192x192x192)
12 character passkey would make 2,509,659,166,022,730,000,000,000,000 possible combinations. (192x192x192x192x192x192x192x192x192x192x192x192)
Ok, lets assume you set a 12 character passkey and a government or a hacker would get lucky and hack the passkey after testing only half the possible combinations, that is still 1,254,829,583,011,360,000,000,000,000 possible combinations to test. I know of no law enforcement group or hacker with a bunch of super computers in their garage but for the sake of argument lets assume they bought a bright shiny new $100,000,000 supercomputer that would be able to test 125,000 passkeys a second and be lucky enough to hit the passkey after only 50% of the possible attempts, In this case the passkey may get hacked in 318,323,080,418,915 years. Ok, say they apply 100 bright shiny new $100,000,000 supercomputers to the task that means 3,183,230,804,189.15 years.
You can see this brute force approach is futile for users who set reasonably long passkeys.
Here are some typical hack times for these various passkey lengths:
4 characters - 1.5 days to test 50% and up to 3.0 days for 100%.
6 characters - 6.4 years to test 50% and up to 12.7 years for 100%.
8 characters - 234.2 years to test 50% and up to 468.5 years for 100%.
12 characters - 318,323,080,418,915 years to test 50% and up to 636,646,160,837,830.5 years for 100%.
Easy to see why they (government or hackers) might want a back door.
There is no forum where you can have the kind of discussion you want because forums themselves have been compromised.
Look at how Twitter and Facebook are censoring what you can say?
If governments get their way with backdoors this will be everywhere all the time.
Younwont be able to call the president a badgers while alone in your car driving down a highway in the middle of nowhere because your phone will be recording it and AI will determine you made a threat.
thats the future they want. Total control, total power.
this is what evil is and why the responses are “one sided”