I listened to Comey’s blithering on C-SPAN Radio and I was stunned by what was either his complete ineptitude and ignorance or the most obviously fatuous lies I have ever heard. Perhaps even both. He even ADMITS that he hasn’t done any kind of cost/benefit research (or even thought much about) on the consequences to business, society, and our rights! Never mind that’s it’s impossible to make a “front door” (silliest doublespeak ever) in any cryptological system that does not fatally weaken the system.
I wonder what people driving next to me on 495 thought of me yelling and raving at the radio =x …
The FBI says they can’t Crack the crypto and demand the manufacturers reverse course. This presents the two possible outcomes:
Manufacturers cave. FBI wins big.
Manufacturers do nothing. FBI looses.
What if the premise is false and what are the options?
What if the FBI can already circumvent the crypto?
Manufacturers cave. FBI wins big.
Manufacturers do nothing. FBI wins.
Manufacturers work harder. FBI looses.
By using a little misdirection they have convinced us it works and at the same time restored trust in what the manufacturers sell us.
I have seen no indepth security audit that confirms the crypto systems are secure. I’m skeptical of the government’s claims that they can do. It is very odd they would come out in public like this when they could quietly fuck with Apple et al. These companies are all government contractors too, and the Government can really screw contractors.
Maybe I’ll upgrade from tin foil to lead.
TLDR: We have been Clipper Chipped and the feds are trying to convince us of the opposite.
The only manufacturer who has taken a very principled for-the-user-only stance is OpenMoko, community designed since the mid 2000s they are now working on a 100% FOSS system board to be inserted in new cases designed for a Nokia N900. Whether it is for the FBI, NSA, or At&t the phones most people receive rather than go out and buy are designed to satisfy a telecom supplier not the user.
(edit) I am a member of the talk.maemo.org community, I just want a critical mass to drop the price of the new phone. If they make the POCSAG pager receiver internal plug-in module so you leave the GSM radio off yet get messages and return calls even Richard Stallman has shown some interest in what he called an ethical phone, http://neo900.org
“It has also touched off a debate inside the government that highlights the difference between cybersecurity and traditional crime fighting. Any technology that allows the United States government to bypass encryption in the name of solving crimes could also allow hackers and foreign governments to bypass encryption in the name of stealing secrets.”
This paragraph, and really the whole NYT article, is surprisingly candid and free of phony “balance.” I am surprised (pleasantly, but sad that it is a surprise at all).
Also, the fact that our authorities need reminding that the limits on their power exist for a reason reminds me of http://www.dailymail.co.uk/news/article-2786764/Harvard-students-think-America-bigger-threat-world-peace-ISIS.html (which my dad recently called me to rant about, and I promptly informed him I agree 100% with the survey results no matter what the US’ ideals and intentions are). As the part of the system with the most power, you also have to be held to the highest standard, and the closest scrutiny. Deal with it.
Some say that the average citizen has too much privacy. Others say that government agencies and their oh-so-friendly contractors have too many secrets.
Why don’t we put an end to all secrecy, starting with the federal government and company.
If you don’t need the rotary dial, would be a simple casemod. Otherwise a microcontroller would be needed to interface with the phone, and some additional software.
A shoe-phone for sms messaging could be made that way. Use a GSM module and a microcontroller, use a vibration motor or some other haptic interface instead of sound, and use Morse code for communication. Could be handy for cases of being stripped of non-concealed electronics e.g. during police encounter during e.g. a protest. The shoe-phone could then be used as a tracker and an acoustic bug, too.
The whole system is lazy. American prosecutors don’t want to go to court and will push hard for plea bargains. Over 90% of cases are settled through plea bargains yet many courts still complain of being overworked. Perhaps this tough on crime and zero tolerance nonsense has gone too far if the system is creaking even when all the judge has to do is bang his gavel.
Wow, Really? I think these agencies are in my intimate life space quite enough without permitting them access to sensitive, private genitalia. To each their own though…
Convinced “us”, who are us? IMO there is no point in being convinced of anything. If you need to know about how cryptography might work or not, you can read some books and/or papers on cryptography. If you need to test it, encrypt some things and try to break it. But be prepared, the math is intense (rather beyond me, unfortunately).
Another question worth considering is whether governments would bother using encryption to falsely secure their own information, simply to convince citizens of its efficacy. If so, how do they truly secure anything?
No system can truly offer assurances of being completely secure. Anything accessed by one party, can possibly be accessed by another. This is part of the task involved, knowing who you are trying to keep your information from. For many purposes, even just a moderately secure means of obfuscating your data will be enough to prevent casual abuse. Not unlike locking your car door - of course someone who is determined could smash in and hotwire it anyway - but most people don’t give up and leave their keys in. Because it may not be perfect security, but it is some security.
More often than not, don’t bother with the crypto algo itself. These tend to be well vetted and pretty much can be considered secure.
The devil is in the implementation.
Bruce Schneier said in some book that using strong crypto can be in such cases like putting a bank vault door to a tent. Sure you won’t get through the front - but you can go with a knife from the back.
And then there are the users, who need simplicity of use, and all the we-make-it-easier-for-you third parties…
By “us” I do not mean those of us who are wily to the ways of deception. I mean the general public and the media at large. Sure this is in the conspiracy theory camp, but we are talking about National Security stuff here. Before the various leaks regarding what the government was up to, those leaked ideas were conspiracy theories. The media needs to be more skeptical of what the government says, because it’s track history on this sucks.
As shaddack has said, the devil is in the implementation and there is more to implementation than just the parts of the code we would normally interact with. I am less interested in the crypto algorithm and more interested in everything else about the crypto subsystem. The crypto is probably fine, the subsystem is where the problems will lie.
First off there is the programming. Unless we can read the code the secure subsystem is running, we will never know if it has been backdoored. To continue in this vain unless we do xray microscopy, we will never know if the hardware has been backdoored (extra undocumented instructions or instructions that behavior differently when fed specific values). Given that a number of the NSA projects involve replacing surface mount components on circuit boards, it is not far fetched that they might substitute their own chips in anywhere along the supply chain. The same goes for the programming of said chips (many of which are their own embedded systems). And this is all before we have even talked about side channel attacks. Side channel attacks are hard to predict and hard to defend against.
What I have read suggests that at least for Apple, the crypto subsystem as it is programmed by default cannot be read, but Apple can update that programming. Which basically means the previous statement about not being able to read the contents goes out the window. You just have to trust Apple not sell you out, for them to have secured their private crypto keys they use to sign updates, and to pray that nobody has brute forced said keys.
Given the complexity of chips these days (billions of transistors) I do wonder if it would be possible to sneak extra circuitry into the designs and have the foundry unwittingly produce it.
Thought… would a FPGA be safer in this regard? It’s nothing much more than lots and lots of regularly repeating simple-ish substructures, which should be possible to compare by computer-vision software. Much less space to sneak backdoors in (double-check the factory test circuits and the JTAG stuff!).