Do you have adblock enabled?
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Ars Technica)   DOJ: "strong encryption is unreasonable." Fourth Amendment: "Fark you"   ( arstechnica.com) divider line
    More: Scary, Law enforcement agency, Federal Bureau of Investigation, strong encryption, law enforcement, United States Department of Justice, local law enforcement, unexpected encryption warrior, Politico Pro  
•       •       •

2599 clicks; posted to Politics » on 10 Nov 2017 at 2:33 AM (10 weeks ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



49 Comments     (+0 »)
 
View Voting Results: Smartest and Funniest
 
2017-11-10 12:09:40 AM  
The market has spoken. At this point, isn't it the role of a good "Conservative" government to realize that people have felt threatened enough to feel the need to encrypt information, and thus their privacy--which is guaranteed as the right to firearms--so maybe the DOJ needs to back off until they are willing to back stronger gun control measures...
 
2017-11-10 12:14:32 AM  
two days after the FBI said it could not get into the Sutherland Springs shooter's seized iPhone

Why, if we can't break into his phone we might never know who murdered all those people!
 
2017-11-10 12:16:50 AM  
You mean they were not already monitoring the GIGO on all the phones in the country already thanks to the Patriot Act?  I am rather shocked by that.  So of course this administration is taking the strongest stance about encryption.  I am almost surprised D2S does not encourage and increase encryption to undo what Obama tried to do, but that would mean he is not being authoritarian enough, for which he will be mocked by his international counterparts.

Quick, put everything behind seven proxies!
 
2017-11-10 12:21:51 AM  

harleyquinnical: You mean they were not already monitoring the GIGO on all the phones in the country already thanks to the Patriot Act?  I am rather shocked by that.  So of course this administration is taking the strongest stance about encryption.  I am almost surprised D2S does not encourage and increase encryption to undo what Obama tried to do, but that would mean he is not being authoritarian enough, for which he will be mocked by his international counterparts.

Quick, put everything behind seven proxies!


It doesn't count if the gub'mint can't crack it to keep track of the folks who are going to raise Holy Hells with them.

/There's a reason that the SVR-RF has invested so heavily in their hacker community
//And likewise in their own domestic intelligence services...
 
2017-11-10 12:45:24 AM  
Not to mention math.
 
2017-11-10 12:47:20 AM  
"In the interview, Rosenstein also said he "favors strong encryption."

"I favor strong encryption, because the stronger the encryption, the more secure data is against criminals who are trying to commit fraud," he explained. "And I'm in favor of that, because that means less business for us prosecuting cases of people who have stolen data and hacked into computer networks and done all sorts of damage. So I'm in favor of strong encryption."

"This is, obviously, a related issue, but it's distinct, which is, what about cases where people are using electronic media to commit crimes? Having access to those devices is going to be critical to have evidence that we can present in court to prove the crime. I understand why some people merge the issues. I understand that they're related. But I think logically, we have to look at these differently. People want to secure their houses, but they still need to get in and out. Same issue here."

He later added that the claim that the "absolutist position" that strong encryption should be by definition, unbreakable, is "unreasonable."


tl;dr: Cop math.

To elucidate: Mr. Rosenstein thinks "strong", in the context of cryptography, means "Kinda difficult for bad guys to get past but easy for us to crack."

You are wrong, Mr. Rosenstein. "Strong," in the context of cryptography, is a mathematical concept. Not cop math. Real math. It means "Given what is currently known about the mathematics of computability and complexity, it is impossible to break it without spending the entire planet's GDP for the next several thousand years."

The DOJ and IC are more than welcome to find ways of bypassing strong crypto. Got a warrant? Plant a camera above the target's keyboard. Go nuts. Hell, if your target's got Intel Inside, compromise IME (or the Platform Security Processor in AMD chips) and pick up every keystroke of his passphrase (or every byte of RAM when he loads a private key from disk). If they don't know how to do that in-house, shame on them, they need to git gud they're free to hire contractors like Cellebrite to do the work on their behalf.

(I'll actually give him credit for "People want to secure their houses, but they still need to get in and out. Same issue here." - he's allowed to steal a key or copy a key. But that's not the same as picking a lock. A strong lock is still strong even if someone steals the owner's key and opens it.)

But no, Mr. Rosenstein, none of those legal options to bypass strong crypto qualifies as breaking it. Because the definition of "strong," in the context of matthematics, is that which cannot be broken.

img.fark.netView Full Size


And no, Mr. Rosenstein, the issues aren't merged. Tim Cook and the rest of the tech communite are not rogue High Programmers bent on subverting Alpha Complex. (And no, in the context of the specific issue of civilian access to strong cryptography, I'll grudgingly grant that neither your position in this interview, nor Comey's position after San Bernardino, suggest that you see yourselves as High Programmers bent on eliminating the rights your own citizens' and corporations' freedom to freely express themselves through code - or to remain silent by refusing to implement backdoors in their products - in order to protect them from CommieMutantNinjaTraitors wherever you imagine them to be. Even if you sure do sound like it sometimes.)

At the end of the day, what you are going to have to accept is the third panel: what you are doing is playing a neverending game cat-and-mouse in a wild car chase down the information superhighway. That's the job. You and your predecessors should have known this when you took it. You, and those who you purport to protect, will both be a lot better off once you accept this fact. You might even begin to enjoy it.
 
2017-11-10 01:46:04 AM  
Encryption is a thing. Good luck stopping it.

i.memecaptain.comView Full Size
 
2017-11-10 02:43:22 AM  
Relevant XKCD:

imgs.xkcd.comView Full Size
 
2017-11-10 02:45:13 AM  

Erder: Relevant XKCD:

[imgs.xkcd.com image 740x242]


Also relevant xkcd:

imgs.xkcd.comView Full Size
 
2017-11-10 02:48:41 AM  
Given that our government has been infiltrated by agents of a hostile foreign national, the DOJ can go fark themselves.  We have the right to express ourselves at way we want in plaintext, and if we don't want you to read it, you won't.

This Government doesn't provide anything to anyone anymore.  Go fix a real problem, you biatch
 
2017-11-10 02:59:14 AM  
Bu..Bu.Bu...Buu....SMALL GOVERNMENT!!!!! WHARRRGAARRRBLLEEE

Make up your damn minds right wing nut farks...
 
2017-11-10 03:02:45 AM  

backhand.slap.of.reason: Given that our government has been infiltrated by agents of a hostile foreign national, the DOJ can go fark themselves.  We have the right to express ourselves at way we want in plaintext, and if we don't want you to read it, you won't.

This Government doesn't provide anything to anyone anymore.  Go fix a real problem, you biatch


If they're going to try to get companies to be required to store the plaintext, then obviously we need to start filling the plaintext with a fun variety of words and phrases:

anthrax
polonium
bomb
assassination
plutonium
Allah
ammonium nitrate
ricin
enriched
red mercury
Tom Clancy's masturbatory fantasies
etc.
 
2017-11-10 03:26:00 AM  
VITSN LXRVR TVDCF YYWPZ MPRFQ EMXGB AAVZY VCLLE ZYUUG IABHZ XAMZM QWGVK STQXH NYVQI BUXZG JPKNS FAPHF KLTMJ AOZBP
 
2017-11-10 04:10:59 AM  
Zombie Forth Amendment says what?
 
2017-11-10 04:12:07 AM  

UsikFark: VITSN LXRVR TVDCF YYWPZ MPRFQ EMXGB AAVZY VCLLE ZYUUG IABHZ XAMZM QWGVK STQXH NYVQI BUXZG JPKNS FAPHF KLTMJ AOZBP


DRINKMOREOVALTINE...
 
2017-11-10 04:30:41 AM  

Mad Canadian: UsikFark: VITSN LXRVR TVDCF YYWPZ MPRFQ EMXGB AAVZY VCLLE ZYUUG IABHZ XAMZM QWGVK STQXH NYVQI BUXZG JPKNS FAPHF KLTMJ AOZBP

DRINKMOREOVALTINE...


Nein!
 
2017-11-10 04:37:36 AM  
This has been going on since the Clinton adminstration (remember Clipper?). Don't expect them to stop any time soon
 
2017-11-10 05:08:02 AM  
If it's breakable, it isn't strong. When encryption is breakable, bad actors will get information just as easily (if not more easily) than the good guys. I'm sure these guys look forward to more bank and credit agency hacks.

For some reason authoritarians never seem to get this through their thick heads.
 
2017-11-10 05:12:47 AM  

pheed: If it's breakable, it isn't strong. When encryption is breakable, bad actors will get information just as easily (if not more easily) than the good guys. I'm sure these guys look forward to more bank and credit agency hacks.

For some reason authoritarians never seem to get this through their thick heads.


Well, don't look for change under this administration - we have a AG who tried to put a woman in prison for laughing at him.
 
2017-11-10 05:31:49 AM  
... And anyone even remotely professional could tell you three things that make all of this a moot point.

/They could.
//But they won't.
///Because a professional knows better.
 
2017-11-10 06:36:38 AM  
I love the speeches where the speaker wants to scare everyone into agreeing with whatever it is they want, so they throw the word "terrorist" in there, as if invoking that boogeyman is going to encourage big budget increases.
 
2017-11-10 06:46:32 AM  

Literally Addicted: I love the speeches where the speaker wants to scare everyone into agreeing with whatever it is they want, so they throw the word "terrorist" in there, as if invoking that boogeyman is going to encourage big budget increases.


It would be funny if it didn't work....
 
2017-11-10 06:47:25 AM  
img.fark.netView Full Size
 
2017-11-10 07:16:13 AM  

pheed: If it's breakable, it isn't strong. When encryption is breakable, bad actors will get information just as easily (if not more easily) than the good guys. I'm sure these guys look forward to more bank and credit agency hacks.

For some reason authoritarians never seem to get this through their thick heads.


If it's easily breakable it isn't strong.

All encryption is breakable given enough time and/or resources, and the time and resource requirements always go down eventually.
 
2017-11-10 07:16:44 AM  
This shiat again?

"Let's make all devices less secure and allow for a bunch more crimes so we can maybe stop a handful of other crimes. Trust us. It's not like we spied on everyone before."
 
2017-11-10 07:24:04 AM  
Twilight Farkle:

Encrytption means you don't trust Friend Computer. Not trusting Friend Computer is Treason. Please report to the nearest Disintegration Booth for Readjustment.
 
2017-11-10 07:36:58 AM  

pkjun: Erder: Relevant XKCD:

[imgs.xkcd.com image 740x242]

Also relevant xkcd:

[imgs.xkcd.com image 448x274]


Or he could just ask the courts to jail the suspect until they provide the password.  You know, like they've done before.
 
2017-11-10 08:32:13 AM  

Likwit: This shiat again?

"Let's make all devices less secure and allow for a bunch more crimes so we can maybe stop a handful of other crimes. Trust us. It's not like we spied on everyone before."


They aren't even claiming that they will stop crimes because of it at this point. They are claiming that they need to break encryption so that they can investigate the crimes after they are already over and perpetrator(s) dead.
 
2017-11-10 08:32:33 AM  

Literally Addicted: I love the speeches where the speaker wants to scare everyone into agreeing with whatever it is they want, so they throw the word "terrorist" in there, as if invoking that boogeyman is going to encourage big budget increases.


Well, considering who they're trying to elect to the Senate, they can't exactly use the other word for the other boogeyman they use to scare their voters into increasing their budgets, now, can they?

MordenkainensFaithful Hound: Twilight Farkle:

Encrytption means you don't trust Friend Computer. Not trusting Friend Computer is Treason. Please report to the nearest Disintegration Booth for Readjustment.


Okay, now I can report for Readjustment!
 
2017-11-10 08:33:17 AM  

Mr. Shabooboo: Bu..Bu.Bu...Buu....SMALL GOVERNMENT!!!!! WHARRRGAARRRBLLEEE

Make up your damn minds right wing nut farks...


They have...whatever suits them personally is best.  Always.
 
2017-11-10 08:45:36 AM  
The Founding Father's didn't anticipate this technology.  They meant only free from searches and seizures if protected by a skeleton key.
 
2017-11-10 09:12:23 AM  

qorkfiend: pheed: If it's breakable, it isn't strong. When encryption is breakable, bad actors will get information just as easily (if not more easily) than the good guys. I'm sure these guys look forward to more bank and credit agency hacks.

For some reason authoritarians never seem to get this through their thick heads.

If it's easily breakable it isn't strong.

All encryption is breakable given enough time and/or resources, and the time and resource requirements always go down eventually.


The fark?

I mean, technically, yeah.  But when "enough time and resources" means "more than the sum total of human resources, applied for longer than the total temporal exiatance of humanity"...

We call that "unbreakable" in the same way as we call the solar reaction "stable".
 
2017-11-10 09:33:02 AM  

Chris Ween: The Founding Father's didn't anticipate this technology.  They meant only free from searches and seizures if protected by a skeleton key.


Seriously.  No one, once upon a time, could have imagined that anyone could carry around that much information not only on their person, but in their pocket.
 
2017-11-10 09:53:01 AM  
This is what happens when you put people that dont understand how email works in charge of your Cyber.
 
2017-11-10 10:14:16 AM  
They can crack any cell phone password if they tried, they just want to use this as an end run to get passwords.

Clone the phone enough times and then just brute force the password.

or use the dead guy's fingerprint...
 
2017-11-10 10:24:43 AM  

Literally Addicted: Chris Ween: The Founding Father's didn't anticipate this technology.  They meant only free from searches and seizures if protected by a skeleton key.

Seriously.  No one, once upon a time, could have imagined that anyone could carry around that much information not only on their person, but in their pocket.


Good think the Constitution is flexible enough to contemplate changes in technology by simply making the statement:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
 
2017-11-10 10:40:51 AM  

pueblonative: pkjun: Erder: Relevant XKCD:

[imgs.xkcd.com image 740x242]

Also relevant xkcd:

[imgs.xkcd.com image 448x274]

Or he could just ask the courts to jail the suspect until they provide the password.  You know, like they've done before.


You can't hold a dead man in contempt, which is what they're trying to use as test cases (San Bernardino and Texas).

Also, the courts have ruled (in the case you cited) they can't hold someone in contempt for not giving up a password anymore as it violates the 5th amendment.
 
2017-11-10 10:46:24 AM  

thehobbes: They can crack any cell phone password if they tried, they just want to use this as an end run to get passwords.

Clone the phone enough times and then just brute force the password.

or use the dead guy's fingerprint...


iOS encryption ties the password to a hardware unique key to get the disk encryption key, and that's kept in a Secure Enclave inside the CPU. You can't just clone the SSD and transplant it to a new phone, a different CPU plus the correct password won't get you the correct disk encryption key. You have to do it on the original phone, and if you guess wrong a very limited number of times, the hardware wipes the secure key storage.

You have to brute-force the underlying disk encryption key, which isn't computationally feasible.

As for the fingerprint, iOS locks out Touch ID after 48 hours or too many failed attempts, and it sounds like the cops didn't try to unlock it fast enough.
 
2017-11-10 10:47:29 AM  

Literally Addicted: Chris Ween: The Founding Father's didn't anticipate this technology.  They meant only free from searches and seizures if protected by a skeleton key.

Seriously.  No one, once upon a time, could have imagined that anyone could carry around that much information not only on their person, but in their pocket.


These are people who could quote half the Bible from memory. I'm sure they conceived that people could carry that much information in their minds.
 
2017-11-10 10:54:28 AM  
Please see Riley v. California to understand why the DOJ can go pound sand.
 
2017-11-10 11:56:40 AM  
Strong encryption is math.  You can't ban or regulate math.  There is literally no way to prevent people from strongly encrypting their stuff.  Just like there's no way to prevent people from doing... math.

Back after 9/11, the US passed a law saying all the locks on luggage have to be openable by a master TSA key.  Within only a year, that key was leaked.  I can now download a copy of that key and 3D print one that will open all the luggage in the entire country for free.

It's the same thing with encryption keys, but now the master key that inevitably leaks within a few weeks will be able to open every bank account in the country instead.  There is no such thing as a key that can't be stolen or copied, and so far the NSA/FBI/etc. have not been very good at protecting their electronic secrets.  Especially once every hacker in the world now focuses their sights on that key.
 
2017-11-10 11:57:23 AM  
Rod Rosenstein: "They're moving in favor of more and more warrant-proof encryption"

There's no good way to make encryption susceptible to US-issued warrants without making it susceptible to Chinese warrants.

In practice, I think this is solvable. Most devices have remote exploits discovered inside the statute of limitations. So, issue the warrant, seize the device, and give the owner the option to open the device... or to surrender it while the government wait for someone to figure out how to break into it.
 
2017-11-10 12:13:56 PM  
Twilight Farkle:
The DOJ and IC are more than welcome to find ways of bypassing strong crypto. Got a warrant? Plant a camera above the target's keyboard. Go nuts. Hell, if your target's got Intel Inside, compromise IME (or the Platform Security Processor in AMD chips) and pick up every keystroke of his passphrase (or every byte of RAM when he loads a private key from disk). If they don't know how to do that in-house, shame ...

Nice "Paranoia" reference. I had forgotten about that game.

I'll never forget when my high school buddies graduated from D&D to Paranoia... and then to Call of Cthulhu.
 
2017-11-10 12:18:50 PM  
Cry all you want but banning encryption would be harder to enforce than a gun ban.
 
2017-11-10 12:26:48 PM  
* Crypto doesn't kill. People with guns kill.
* When crypto is outlawed, only outlaws will have crypto.
* You can have my crypto when you pry it from my cold, dead fingers.
 
2017-11-10 12:40:43 PM  

Feepit: Literally Addicted: Chris Ween: The Founding Father's didn't anticipate this technology.  They meant only free from searches and seizures if protected by a skeleton key.

Seriously.  No one, once upon a time, could have imagined that anyone could carry around that much information not only on their person, but in their pocket.

These are people who could quote half the Bible from memory. I'm sure they conceived that people could carry that much information in their minds.


When the subject is about search and siezure of people's brains, I'll be sure to remember this thought of yours.
 
2017-11-10 12:58:25 PM  

joe714: iOS encryption ties the password to a hardware unique key to get the disk encryption key, and that's kept in a Secure Enclave inside the CPU. You can't just clone the SSD and transplant it to a new phone, a different CPU plus the correct password won't get you the correct disk encryption key. You have to do it on the original phone, and if you guess wrong a very limited number of times, the hardware wipes the secure key storage.


Is there any reason you can't clone the CPU?
 
2017-11-10 02:00:06 PM  

qorkfiend: pheed: If it's breakable, it isn't strong. When encryption is breakable, bad actors will get information just as easily (if not more easily) than the good guys. I'm sure these guys look forward to more bank and credit agency hacks.

For some reason authoritarians never seem to get this through their thick heads.

If it's easily breakable it isn't strong.

All encryption is breakable given enough time and/or resources, and the time and resource requirements always go down eventually.


You're splitting a hair here that doesn't need to be split. What the government wants here is what the government has always wanted regarding personal encryption, a back door. That would make any encryption they approve for everyone else 'easily breakable.' Hell, it would be shipping in a known broken state.
 
2017-11-10 03:33:39 PM  

thehobbes: joe714: iOS encryption ties the password to a hardware unique key to get the disk encryption key, and that's kept in a Secure Enclave inside the CPU. You can't just clone the SSD and transplant it to a new phone, a different CPU plus the correct password won't get you the correct disk encryption key. You have to do it on the original phone, and if you guess wrong a very limited number of times, the hardware wipes the secure key storage.

Is there any reason you can't clone the CPU?


Yes, you need the key that's stored in the secure enclave...And if you had that anyway, you wouldn't need to clone the CPU.
 
Displayed 49 of 49 comments

View Voting Results: Smartest and Funniest

This thread is closed to new comments.

Continue Farking

On Twitter





Top Commented
Javascript is required to view headlines in widget.
  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report