Obama On Encryption - Bad If He Can't Read Your Messages

[Real_PhillBert]

Maybe the part of congress that oversees the internet perhaps.

Considering the amount of members here who have spent just about every penny they have on their PCs, I dont really want LTT members in charge of the national budget either lol.

[Trik'Stari]

Considering the amount of members here who have spent just about every penny they have on their PCs, I dont really want LTT members in charge of the national budget either lol.

Maybe. If they would pour it all into the development of space travel, I'd be okay with that.

[LAwLz]

Still a unanimous vote in favour of no, LTT should become congress.

I think the people who want to say yes are a bit afraid to vote. Chances are they would be flamed. Maybe I should just make the votes anonymous.

[Colonel_Gerdauf]

OP, not only was the thread over-the-top sensationalist, but that was a very loaded and biased poll question. At the end of the day, someone of the higher level will have access to your electronic information, and "network privacy" is something that, in the grand scheme of things, never actually existed. There really isn't anything that makes Google's polling of information, for the advertising networks no less, any more acceptable than what the NSA and others have been doing since the birth of the internet we know today, and saying otherwise is a blatant double-standard.

 

Here is a question for the people reading this: what is a secure computer?

 

Is it a computer with anti-virus installed? LOL nope!

Is it a computer that has end-to-end-encryption? No, because an external party still has direct access to the information, regardless of how "secure" you make it.

Is it a computer that is isolated from the networks? No, because anything electronic can be theoretically broken into, and a vulnerability is not exclusive to Ethernet/WiFi/Bluetooth.

 

What is the answer then? A computer that is shut down, unplugged, put in a box, and sealed in a metal safe in Sedna, with no way to open it.

In other words, a "secure computer" is an oxymoron that many people are in denial of.

[LAwLz]

OP, not only was the thread over-the-top sensationalist, but that was a very loaded and biased poll question. At the end of the day, someone of the higher level will have access to your electronic information, and "network privacy" is something that, in the grand scheme of things, never actually existed. There really isn't anything that makes Google's polling of information, for the advertising networks no less, any more acceptable than what the NSA and others have been doing since the birth of the internet we know today, and saying otherwise is a blatant double-standard.

 

Here is a question for the people reading this: what is a secure computer?

 

Is it a computer with anti-virus installed? LOL nope!

Is it a computer that has end-to-end-encryption? No, because an external party still has direct access to the information, regardless of how "secure" you make it.

Is it a computer that is isolated from the networks? No, because anything electronic can be theoretically broken into, and a vulnerability is not exclusive to Ethernet/WiFi/Bluetooth.

 

What is the answer then? A computer that is shut down, unplugged, put in a box, and sealed in a metal safe in Sedna, with no way to open it.

In other words, a "secure computer" is an oxymoron that many people are in denial of.

You have absolutely no idea what you're talking about...

 

1) How is it over-the-top sensationalistic? What he is saying is that it is bad unless the US government can get access to it.

2) How is the poll biased? I tried to be fair when I made it. I added an extra sentence after yes/no to ensure that it was clear what you were voting for. If I just put yes/no then people might have gone "yes encryption is good!"

 

No, it's not always the case that someone with a higher level will have access to your data. An example of this would be the FDE in Android. Another example would be Truecrypt. As for network privacy we have technologies such as Tor to improve anonymity. The whole "you will never be safe" bandwagon is very ill informed.

 

There is one major difference between Google collecting data (which I also dislike by the way) and the NSA collecting data. Google is a first party while the NSA is a third party. What you are essentially saying is that "why do you get mad at the douche in your class for eavesdropping on the conversation you are having with your friend? Your friends will know what you said so everyone should be free to hear it!". I am not saying that Google is your friend but when I connect to a Google service I expect Google to get the info and respond. I should not have to expect the NSA as well as a bunch of other third parties to eavesdrop as well.

I don't see how that's a double standard.

 

A system with proper end-to-end encryption will not be readable by an external party. That is the entire point of end-to-end encryption. Don't give me some crap about there not being a single, proper end-to-end encryption system either because there are plenty.

 

Don't make ridiculous ultimatums please. Security is not black and white. There are things that are more secure, and things that are less secure. Just because we might not be able to protect ourselves from all possible attacks all the time and any possible future attack doesn't mean we should just flat out give up on all kinds of security.

[jaggysnake57]

Exactly.

A backdoor is not just something a third party has access to. If Microsoft are able to decrypt a Bitlocker partition then the method they use to decrypt it is called a backdoor.

just because they dont have access does not mean they couldnt get access ad that is the issue i have with it.  once you add a back door to encryption you make it weaker. there are still encryption methods that have not been broken 

for the record i thought your op was fairly on point

[Almercenary]

Yeah, cos terrorists and bank robbers are are snap chatting each other with selfies of were they're going to strike. 

 

Also, I'm sure a newspaper company will just hack in and get the info anyways.

 

Fuck off Obama.

[Trik'Stari]

Here's a thought.

 

If it needs to be mandatory that the government have a backdoor to everything we do, then maybe it should be mandatory that WE have a backdoor to everything they do.

[Albatross]

Screw Obama and the rest of his lackeys. They are all idiots.

 

"Obama has publicly declared that he thinks encryption is a good thing, but only if the US government has a backdoor so they can read your messages."

So what is the point of encryption then if it's crack able??

 

Good question. 

 

But I think they get around it by calling it a "backdoor", even though it isn't any different.

[Colonel_Gerdauf]

You have absolutely no idea what you're talking about...

 

1) How is it over-the-top sensationalistic? What he is saying is that it is bad unless the US government can get access to it.

2) How is the poll biased? I tried to be fair when I made it. I added an extra sentence after yes/no to ensure that it was clear what you were voting for. If I just put yes/no then people might have gone "yes encryption is good!"

 

No, it's not always the case that someone with a higher level will have access to your data. An example of this would be the FDE in Android. Another example would be Truecrypt. As for network privacy we have technologies such as Tor to improve anonymity. The whole "you will never be safe" bandwagon is very ill informed.

 

There is one major difference between Google collecting data (which I also dislike by the way) and the NSA collecting data. Google is a first party while the NSA is a third party. What you are essentially saying is that "why do you get mad at the douche in your class for eavesdropping on the conversation you are having with your friend? Your friends will know what you said so everyone should be free to hear it!". I am not saying that Google is your friend but when I connect to a Google service I expect Google to get the info and respond. I should not have to expect the NSA as well as a bunch of other third parties to eavesdrop as well.

I don't see how that's a double standard.

 

A system with proper end-to-end encryption will not be readable by an external party. That is the entire point of end-to-end encryption. Don't give me some crap about there not being a single, proper end-to-end encryption system either because there are plenty.

 

Don't make ridiculous ultimatums please. Security is not black and white. There are things that are more secure, and things that are less secure. Just because we might not be able to protect ourselves from all possible attacks all the time and any possible future attack doesn't mean we should just flat out give up on all kinds of security.

 

OK, I am going to be blunt here; what you said above is filled with false equivalencies. 

 

I'll get to your first question later, but the question you posted in the thread is indeed loaded, as it taints the answers in a way that forces a particular response when a small picture has been painted. 

 

I call BS on the claim of "true" end-to-end encryption. How do you know for certain that the NSA does not have direct access to the end devices, where E2EE is not used? How how will you know for certain that the NSA will not use sleeper agents to break it open? I am pretty certain that the NSA revelations are only a speck of dust to the actual scale of surveillance that is occurring. If they want it, they can get it; simple as that.

 

People in higher levels have access to equipment and techniques that the tech-savvy Joe does not even know the existence of. For example, can you tell me how SAVILLE and JOSEKI-1 algorithms work? No you cannot; in fact, almost nobody can. These are Type 1 algorithms, closed to the NSA. The algorithms that you use on a regular basis (AES, Serpent, SHA, etc.) are also closely vetted by the NSA and related government agencies, and those that are not can be broken into with ease. Remember that they have supercomputers, as well as very skilled network security specialists in their facilities. Their very job is to create and break network algorithms and paradigms.

 

The difference you are illustrating is largely a facade. Yes, Google is a first party, but the advertising networks that Google gets it's money from does not fall under the same hat. They are third party, as is the NSA. The issue here is not that information is collected, but information is collected without your consent and then put up for sale. Basically you are only looking at face value and saying that one is "less evil" than the other, when in the background, they are doing the exact same thing. The analogy you gave is of no context to this discussion, so it is discarded as irrelevant. So back to my original point, yes it is a double-standard.

 

That is not an ultimatum, it is a demonstration of how silly an image you are making of privacy and security. You claim that security is not black and white, but the overall message you set on the thread says otherwise. And no, I am not against personal security and privacy, despite of your twisting of words. I vouch for security against a nosy neighbor or malicious entity, but to defend yourself against government surveillance is simply effort in vein, for many reasons. Main one being that the internet, by the nature of how it works today, is essentially centralized by nation.

 

My main contention is that people are being selective about who to blame in this situation (or any situation, rather). If the NSA gets heat for mass surveillance, then why did Google get a green pass? The only reason people reacted the way they did is that they were somehow surprised that something like that was possible. My guess is that they were spoon-fed propaganda about a level of privacy that, again, does not exist. Even then, there were (and are) many people that have a dismissive "not my problem" mentality involving the NSA scandal, which tells a whole another story.

[LAwLz]

OK, I am going to be blunt here; what you said above is filled with false equivalencies.

Feel free to point it out.

 

I'll get to your first question later, but the question you posted in the thread is indeed loaded, as it taints the answers in a way that forces a particular response when a small picture has been painted.

How exactly? Obama wants a law that says all encrypted communication services should contain a backdoor the government can use in case they get a warrant. There are only two sides to that. It is either okay and we have backdoors, or it's not okay and we don't have them. There is no middle ground where we have half a backdoor.

 

I call BS on the claim of "true" end-to-end encryption. How do you know for certain that the NSA does not have direct access to the end devices, where E2EE is not used? How how will you know for certain that the NSA will not use sleeper agents to break it open? I am pretty certain that the NSA revelations are only a speck of dust to the actual scale of surveillance that is occurring. If they want it, they can get it; simple as that.

Oh my God it's like debating with a religious person. "You can't be 100% sure so therefore you're wrong!". There have been cases where law enforcers have been unable to break encryption (yes including the FBI and others, not just the local police). Are you going to tell me all those cases are just hoaxes made to fool people? You have to stop spreading this misinformation that there are no encryption algorithms/implementations that are secure, because there are plenty.

 

People in higher levels have access to equipment and techniques that the tech-savvy Joe does not even know the existence of. For example, can you tell me how SAVILLE and JOSEKI-1 algorithms work? No you cannot; in fact, almost nobody can. These are Type 1 algorithms, closed to the NSA. The algorithms that you use on a regular basis (AES, Serpent, SHA, etc.) are also closely vetted by the NSA and related government agencies, and those that are not can be broken into with ease. Remember that they have supercomputers, as well as very skilled network security specialists in their facilities. Their very job is to create and break network algorithms and paradigms.

So what you are saying is that "they are close to the NSA so therefore they are insecure!"?

Just because it was the NSA that picked the algorithm for AES does not mean it has backdoors. The entire algorithm is publicly available and we have a massive amount of people examining it (security companies, academic institutes, hobbyists and so on). Combined that with the long list I posted above and I think it's pretty safe to say that AES does not have a backdoor. AES is very, very, very very strong. Not even all super computers in the world could break a proper implementation of it in any practical amount of time.

 

The difference you are illustrating is largely a facade. Yes, Google is a first party, but the advertising networks that Google gets it's money from does not fall under the same hat. They are third party, as is the NSA. The issue here is not that information is collected, but information is collected without your consent and then put up for sale. Basically you are only looking at face value and saying that one is "less evil" than the other, when in the background, they are doing the exact same thing. The analogy you gave is of no context to this discussion, so it is discarded as irrelevant. So back to my original point, yes it is a double-standard.

How are they doing the exact same thing? Google are fairly open about collecting your information and they are still the first party. When you use a Google product you also agree to their TOS so they do in fact have your consent. For these reasons I do think Google is the lesser of two evils here. They are not the exact same things. I can't believe you are unable to see the difference. You must be trolling.

 

That is not an ultimatum, it is a demonstration of how silly an image you are making of privacy and security. You claim that security is not black and white, but the overall message you set on the thread says otherwise. And no, I am not against personal security and privacy, despite of your twisting of words. I vouch for security against a nosy neighbor or malicious entity, but to defend yourself against government surveillance is simply effort in vein, for many reasons. Main one being that the internet, by the nature of how it works today, is essentially centralized by nation.

Oh please... The only one trying to paint a silly image regarding privacy and security is you. Security is not black and white, but this particular question is. Having a backdoor or not in a product is a yes/no question. Something being secure or not is not a yes/no question. See the difference?

You want protection from nosy neighbors and criminals, but what you don't realize is that handing the government a backdoor to your computer undermines that protection as well. Would you buy a door lock that would unlock if you twisted the handle a certain way? The lock manufacture says that only they are the government knows about it so you should be okay with it. The problem is that anyone can potentially discover the secret twist and all of a sudden your lock is completely useless. A security product that has backdoor is defect by design. That is why I am so against it.

 

My main contention is that people are being selective about who to blame in this situation (or any situation, rather). If the NSA gets heat for mass surveillance, then why did Google get a green pass? The only reason people reacted the way they did is that they were somehow surprised that something like that was possible. My guess is that they were spoon-fed propaganda about a level of privacy that, again, does not exist. Even then, there were (and are) many people that have a dismissive "not my problem" mentality involving the NSA scandal, which tells a whole another story.

Google gets a (very light) green pass because they are a first party, and you give them consent to collect information on you when you use their products. The NSA is a third party which are far less transparent and you never gave them your consent.

See the difference? What do you mean by "react this way"? Get upset when there is talk about laws that undermine the core principal of all security products? I am not reacting like this because I have been "spoon-fed propaganda about privacy that doesn't exist". I suspected that something like this was happening before the Snowden leaks but I am still upset that Obama is talking about wanting backdoors in all products. A chain is only as strong as the weakest link, and a backdoor is like making one of the links out of uncooked spaghetti.

 

 

I don't think you answered my questions so I am going to ask them again.

1) How is this over-the-top sensationalistic? Is he or is he not saying that he wants backdoors in products? Remember, he said that he has a problem with being unable to read encrypted messages if the court has given them a warrant. The only way he could read them would be to have a backdoor.

 

2) How sit he poll biased? Can you give me an example of how I should have worded the question differently to make it unbiased? To me, having a backdoor in a product or not is a yes/no question.

[mr moose]

I think the people who want to say yes are a bit afraid to vote. Chances are they would be flamed. Maybe I should just make the votes anonymous.

 

I'm never afraid to say what I think, sometimes I won't say it because I don't want to hear the infinite drool of a thousand inexperienced teenagers with next to no education try to tell me why I'm wrong.  

 

On topic: I voted no because I genuinely would like to have the right to transmit a message to a friend with absolute assurance to confidentiality and that only the intended recipient can read it.   If this cannot be done then I feel an integral part of my civil rights are being denied.   Having said that, I would also like that if the Authorities can prove to an independent judge that a person of interest is a genuine threat to the people (be it financial or physical) then they can be given the power to obtain recorded information.  If that means they have to acquire intelligence the old fashion way then so be it.  Chances are in this day and age that terrorists don't use the internet or computers to pass messages anyway. I wouldn't.

[LAwLz]

I'm never afraid to say what I think, sometimes I won't say it because I don't want to hear the infinite drool of a thousand inexperienced teenagers with next to no education try to tell me why I'm wrong. 

Well yeah... There might be plenty of yes voters not wanting to vote because they would end up being flamed and feel a need to justify themselves and so on. Sadly I can't make the poll anonymous since it's already made (at least I can't find the option for it).

 

 

On topic: I voted no because I genuinely would like to have the right to transmit a message to a friend with absolute assurance to confidentiality and that only the intended recipient can read it.   If this cannot be done then I feel an integral part of my civil rights are being denied.   Having said that, I would also like that if the Authorities can prove to an independent judge that a person of interest is a genuine threat to the people (be it financial or physical) then they can be given the power to obtain recorded information.  If that means they have to acquire intelligence the old fashion way then so be it.  Chances are in this day and age that terrorists don't use the internet or computers to pass messages anyway. I wouldn't.

I think that's a reasonable stance to have but sadly it doesn't work in practice (or theory). The only way for authorities to be able to read message is if they have backdoors, and if there are backdoors then your messages will be significantly less safe (from malicious people and the government). Also, it seems like some agencies think they are above court orders so they would probably end up abusing the backdoors even if the court denies them a warrant.

 

If there was a magical way of ensuring that only the government could use the backdoor, and that they could only use it if an independent court granted them permission then I don't think many people would object to it. I certainly wouldn't.

[mr moose]

Well yeah... There might be plenty of yes voters not wanting to vote because they would end up being flamed and feel a need to justify themselves and so on. Sadly I can't make the poll anonymous since it's already made (at least I can't find the option for it).

 

 

I think that's a reasonable stance to have but sadly it doesn't work in practice (or theory). The only way for authorities to be able to read message is if they have backdoors, and if there are backdoors then your messages will be significantly less safe (from malicious people and the government). Also, it seems like some agencies think they are above court orders so they would probably end up abusing the backdoors even if the court denies them a warrant.

 

If there was a magical way of ensuring that only the government could use the backdoor, and that they could only use it if an independent court granted them permission then I don't think many people would object to it. I certainly wouldn't.

You know what they say:  "Power tends to corrupt, and absolute power corrupts absolutely. Great men are almost always bad men." as much as I try not to believe it and give people the benefit of the doubt. 

 

There will be another news report on a similar situation soon enough, just start the new poll then. 

[mikeeginger]

So basically a false feeling of security 

O dear o dear by by freedom 

[holp]

The USA actually already tried to criminalize the publication / export of PGP by classifying it as a "non-exportable weapon" in the early nineties - governments being opposed to strong encryption ciphers / capabilities in hands of the public domain is not particularly new. Interestingly the discussion is completely pointless, no matter your political point of view. After the Snowden leaks the US government proclaimed that the information exposed to the public has been used by terrorists to adapt their behaviour, now encrypting their communication, thus hampering the capability of national agencies to protect citizens from possible threats. In response to that I once read an article showcasing a recruitment pamphlet of Al-Qaeda approximately 5 to 10 years old, requesting any person to encrypt messages to them with PGP. The idea of terrorists communicating over Facebook, Whatsapp, iMessage and similarly is nothing short of ludicrous. They are heavily used by the majority of people because they are convenient. Convenience however is of little concern to "terrorists".  Making this communication easily accessible to the government therefore only implies massive potential for abuse (from the state, or any person who manages to find the backdoor), and enables the government to spy on ordinary citizens and maybe petty criminals. The NSA has claimed their massive and intrusive surveillance program has thwarted several terrorist attacks, just like the CIA did for their torture program in Gitmo. They both were exposed to be false contentions upon closer inspection. Indeed there is reason to assume that national agencies artifcially fabricate threats of terrorism for obvious reasons, see e.g. https://firstlook.org/theintercept/2015/01/16/latest-fbi-boast-disrupting-terror-u-s-plot-deserves-scrutiny-skepticism/

 

If someone calls for a more restrictive gun law in the United States of America, people explain to him that it would be utterly pointless - the "bad guys" don't conform to those laws and will obtain weapons in an illegal manner anyway. For some reason however this argument supposedly does not apply to encryption (I reckon because there's not a multi billion dollar profit and a strong lobby behind it). You will not be able to purge the source code of PGP from the internet. So by definition the mass surveilence of communication will enable you to spy on ordinary civilians for whom the trade off between privacy and convenience leads them to use communication channels like Whatsapp. Any serious, intelligent person will probably be aware that coordinating a major criminal action on Facebook is not such a swell idea. 

 

So basically this argument hinges upon the notion that criminals / terrorists will agree to use government approved encryption methods with built in back doors. 

Therefore people like Cameron are either tremendously stupid and ideologically deluded or they are simply trying to come up with a good marketing for a surveillance state.

I'm not sure which possibility I find more disturbing.

[JAKEBAB]

Terrorists arent going to be using your average messaging app and people can code there own encrypted apps so this is bs!! no terrorist is going to be using snapchat ffs