FBI Backs Away from the Backdoor and Asks for Private Sector Co-op

Discussion in '[H]ard|OCP Front Page News' started by Kyle_Bennett, Mar 12, 2018.

  1. Kyle_Bennett

    Kyle_Bennett El Chingón Staff Member

    Messages:
    51,800
    Joined:
    May 18, 1997
    The FBI and access to your encrypted devices have been in the news a lot over the last year (here, here, and here are just a few examples). Even last week stories of the FBI using Geek Squad employees as confidential informants surfaced. The common thread, and biggest point of disgust with the public, has been the FBI angling for backdoors to devices, which as we all know will simply compromise device security in a big way. The FBI is now backing away from that position, which is likely a good tactic as chances of that happening look to be slim to none. While it is still a tad bit unclear, it seems that the FBI is asking for encryption keys be provided with proper warranting, rather than backdoor access to every phone on the planet. The FBI does note a working structure in place with Symphony for access, however that same scenario is not going to happen with many companies.

    Let me be clear: The FBI supports information security measures, including strong encryption. Actually, the FBI is on the front line fighting cyber crime and economic espionage. But information security programs need to be thoughtfully designed so they don’t undermine the lawful tools we need to keep the American people safe.

    A responsible solution will incorporate the best of two great American traditions—the rule of law and innovation. But for this to work, the private sector needs to recognize that it’s part of the solution. Again, I’m open to all kinds of ideas. But I reject this notion that there could be such a place that no matter what kind of lawful authority you have, it’s utterly beyond reach to protect innocent citizens. I also can’t accept that anyone out there reasonably thinks the state of play as it exists now—much less the direction it’s going—is acceptable.
     
    lostin3d likes this.
  2. oROEchimaru

    oROEchimaru [H]ardness Supreme

    Messages:
    4,539
    Joined:
    Jun 1, 2004
    This would make the most sense ... similar to an IT staff member using a key to unlock or reimage a phone. You dont need all the keys to solve all the worlds crimes when you have a backlog of 1000 crimes you need to get to.
     
  3. sadsteve

    sadsteve Limp Gawd

    Messages:
    408
    Joined:
    Oct 1, 2010
    Dear FBI, it's too late. The encryption cat is out of the bag and you can't get it back in. You're going have to fall back on standard old style police work to get your job done. There are no shortcuts, no easy path.
     
    panhead likes this.
  4. macksomerville

    macksomerville [H]ard|Gawd

    Messages:
    1,947
    Joined:
    May 18, 2000
    When the Federal, State and Local Governments can be trusted to stop violating the constitution and due process; sure Ill relinquish encryption keys. Right after I hand over all my firearms, peacefully of course.
     
  5. IcePickFreak

    IcePickFreak Gawd

    Messages:
    915
    Joined:
    Dec 1, 2010
    I think they mean the FBI is at the forefront of committing cyber crimes and economic espionage. Let's be realistic here.
     
    panhead and mynamehere like this.
  6. Arcygenical

    Arcygenical Will Watercool for Crack

    Messages:
    25,677
    Joined:
    Jun 10, 2005
    I wonder if there is actually backdoor access to common encryption schemes on the pc like bitlocker.
     
  7. sadsteve

    sadsteve Limp Gawd

    Messages:
    408
    Joined:
    Oct 1, 2010
    I don't trust Microsoft so I don't trust bitlocker. I'd be using something like Veracrypt (I do) to protect my private data.
     
    panhead likes this.
  8. Arcygenical

    Arcygenical Will Watercool for Crack

    Messages:
    25,677
    Joined:
    Jun 10, 2005
    Thanks for the great program, though the only sensitive information I have is related to bitcoin - so I'm not too worried about the FBI, especially being in Canada. I missed Trucrypt, glad to see it's alive, and compilable for ARM.
     
  9. katanaD

    katanaD [H]ard|Gawd

    Messages:
    1,096
    Joined:
    Nov 15, 2016

    so, we need to give them access.. you know.. for our own good..

    yeah, sorry not buying that.

    i think they forgot to add the other standard line.. you know.. think of the children

    *sigh*
     
    mynamehere likes this.
  10. Dead Parrot

    Dead Parrot [H]ard|Gawd

    Messages:
    1,659
    Joined:
    Mar 4, 2013
    The Bank/DFS/Symphony agreement worked because banks are used to being regulated and failure to come to an agreement would have likely meant that certain regulatory paperwork would have been put on the slow track for any of the 4 banks that didn't go along.

    Even if Microsoft didn't include a deliberate backdoor, the long lead time between something being proposed for inclusion in Windows and it being deployed makes it fairly likely that by the time it gets to the consumer, ways to crack it have be found or will be shortly.
     
  11. Krazy925

    Krazy925 epeen +10

    Messages:
    2,425
    Joined:
    Sep 29, 2012
    Being tonedeaf and realizing the public isn’t buying your bullshit anymore, priceless.
     
    mynamehere and GlowingGhoul like this.
  12. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    9,529
    Joined:
    Jul 16, 2008

    They were saying this exact same thing back in 2015. Industry wouldn't play ball. Then they started talking like they would force Industry to play, that didn't do anything but make Industry even more resistant, then the courts tried to just ignore the word encryption and demand the product, I'm still having a hard time finding out how that case went.

    But the real point is that this isn't a change in attitude, it's just a return to what they have asked for in the past and not received, the cooperation of industry to help find a way to leverage the security of encryption and other technologies while maintaining a method for responding to valid court orders and warrants.

    Maybe tech companies can climb down off their moral high horse long enough to realize that this must happen. Maybe enough things have happened in the recent past that have made this apparent to them.

    I agree with the FBI Stance from 2015 and the one now in this article. First off, I refuse to believe that it's not possible, second, I know government won't let the current situation stand, and third, I know it's not possible without industry help because I know I don't want a government developed solution.

    If left alone, the Government will fuck it up for sure and shove it down our throats.
     
  13. theBrownLlama

    theBrownLlama Limp Gawd

    Messages:
    334
    Joined:
    Aug 3, 2017
    once American ITs open up their personal-level programs to backdoors, independents are waiting in line to fill the gap . (corporate level programs are all logged anyways, in one form or another)
     
  14. Spaceninja

    Spaceninja [H]ard|Gawd

    Messages:
    1,596
    Joined:
    Sep 15, 2004
    You forgot the worlds largest host of kiddie porn.
     
    mynamehere likes this.
  15. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    9,529
    Joined:
    Jul 16, 2008
    I see this as part of the same old problem, one word that creates and drives an entire attitude, "backdoors".

    Why is it that some people can not conceive of a solution that is not a backdoor?

    I see people sit on this mantra and claim that encryption works because it's math so it can't be changed because it's math. Encryption didn't come into being because it's math, it came into being because it was a solution to a problem and it's based on math. What is needed is a new solution, it can still use encryption, it can still be secure and it can allow access to the data when it's needed, and I am not one of those people that believes this is a problem that can't be solved.

    It's not a backdoor.

    And if you just don't want this solution then fine, really, I don't expect the entire world to agree with me. But it does push my buttons when people can't just say that and instead they stick their fingers in their ears and say "backddors backdoors backdoors" like a child going "na na na na na".

    Now if I got you wrong please, just let me know, I'm not above offering a well deserved apology.
     
  16. theBrownLlama

    theBrownLlama Limp Gawd

    Messages:
    334
    Joined:
    Aug 3, 2017
    a deliberately flawed algorithm that leaves room for recoverability without explicit consent is a backdoor in other words
     
  17. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    9,529
    Joined:
    Jul 16, 2008

    Wow, again, someone who thinks that full disk encryption means the data remains fully encrypted at all times.

    Guys try to keep up. Apps generally do not process data in an encrypted state. As apps access encrypted files they are frequently unencrypted for processing and if modified, encrypted again at the end of use.

    Some apps do process data in an encrypted state, but they do it by first, decrypting the file being processed, then encrypting it again as part of the process so that as it is manipulating the file it is held in RAM using the application's keys, when it's done, the file is returned to the OS and encrypted again under the user's keys. This is data encrypted in-process. A few rare systems actually can process the data in it's natively encrypted state.

    So in short, there are ways to engineer reasonably secure methods for both safeguarding our data and being able to comply with court orders for data, insisting otherwise is just not even smart and only shows what you don't know about the subject.

    What, do you think these people are just so completely clueless that they keep asking industry to do the impossible?

    Wrong ..... They are not asking the impossible, they are only asking for a solution, not a backdoor, not stupidity, and not stubborn refusal.

    And if they don't get it then they will force it on us. I don't understand why you guys do not get the alternative. Is it that you think that the government can't force it on business?

    They don't want to but these Industry Leaders aren't giving the government a lot of room to move over this.
     
  18. __hollywood|meow

    __hollywood|meow [H]ard|Gawd

    Messages:
    1,487
    Joined:
    Feb 20, 2006
    so the same alphabet agency whose agents posed for pictures, smiling, in the rubble of waco hours after burning women & children alive, wants an encryption key if they ask politely? sounds perfectly reasonable.

    but seriously, lets just acquiesce about this whole privacy vs govt strongarm issue, guys. its not like theyre supposed to work towards our interests, employed by our tax dollars...
     
  19. somebrains

    somebrains Limp Gawd

    Messages:
    351
    Joined:
    Nov 10, 2013
    That's always something anyone that worked at AT&T was pissed about, bc other providers would have datacenter monkeys pull after they'd exhausted arguing a warrant.
    AT&T would just hand data over without a being served warrant.

    Amazing how many IT guys are the sons of cops, Feds, lawyers for the State or Fed.

    It rubs us wrong, we kinda absorb how things work as kids and a lot of things offend our sensibilities.
     
  20. Biznatch

    Biznatch [H]ard|Gawd

    Messages:
    1,881
    Joined:
    Nov 16, 2009
    So they aren't asking for a 'back door' they are asking for a copy of our encryption key from the manufacturer by request (with a warrant).....

    So now we are expected to let the manufacturer have a copy of our private encryption key, hope they are storing it securely and don't get hacked, and trust they are only going to hand it over when requested via a warrant? I'm sure they'll promise to let us know when that happens too, just like the other requests they get for data on users......

    Sorry, that's going to be a hard no for me. I don't trust companies to store my keys securely with the large number of leaks. I also don't trust that this will be transparent following due process.....
     
  21. tetris42

    tetris42 2[H]4U

    Messages:
    3,785
    Joined:
    Apr 29, 2014
    Challenge accepted.
     
  22. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    9,529
    Joined:
    Jul 16, 2008

    Well then ... shit ......we'll just have to go back to the old fashioned way


    images?q=tbn:ANd9GcSDyk4hV4vxKjAjwwaC1afaX8UrD0rT-aOBjN0jyVSu3mATlRfJ.jpg
     

    Attached Files:

    tetris42 likes this.
Tags: