New US Bill would require makers of encrypted devices to leave a backdoor

[Drama Lama]

I mean software encryption would be not effected right? 

So bitlocker yes

encryption directly build into the drive‘s firmware not

Edited June 28, 2020 by Drama Lama

[Trik'Stari]

10 hours ago, Master Disaster said:

These morons do realise their own jobs & employment also heavily rely on encryption to keep secrets safe from prying eyes, right? It will suddenly become much easier to access that lost White House USB Drive or stolen pentagon laptop if every device has a built in backdoor.

As I've said in the past, let them pass it.

 

And within what, 48-72 hours of these backdoors being implemented, someone posts all of Congress' text messages to the internet?

 

Oh and look, online privacy just became a basic human right.

[RejZoR]

6 minutes ago, Trik'Stari said:

As I've said in the pass, let them pass it.

 

And within what, 48-72 hours of these backdoors being implemented, someone posts all of Congress' text messages to the internet?

 

Oh and look, online privacy just became a basic human right.

That's exactly what I want to happen if this crap passes.

[Trik'Stari]

Just now, RejZoR said:

That's exactly what I want to happen if this crap passes.

It would pretty much have to happen. Assuming the manufacturers have the balls to go with malicious compliance and refused to make "exempted" devices for the government.

 

Which, if this law does pass, should not exist, at all.

[captain_to_fire]

2 hours ago, lewdicrous said:

It would be hilarious if government agencies ban the use of devices with backdoors in them.

Makes me wonder why the US gov't didn't banned and sanctioned Cisco for the multiple backdoors in their networking equipment [here] [here] [here]

[Master Disaster]

15 minutes ago, Trik'Stari said:

It would pretty much have to happen. Assuming the manufacturers have the balls to go with malicious compliance and refused to make "exempted" devices for the government.

 

Which, if this law does pass, should not exist, at all.

See below

1 hour ago, suicidalfranco said:

one rule for me, another for them

This is the unfortunate status quo for government and law enforcement. They get privilege to break the rules they're there to create and enforce.

[jagdtigger]

Next up in the news: Tech companies leaving the US.

[ExplodingRubber]

12 minutes ago, Master Disaster said:

This is the unfortunate status quo for government and law enforcement. They get privilege to break the rules they're there to create and enforce.

They think we are too distracted by other current events for us to notice that they are stripping us of our rights. It is time for a fundamental change in the way our country is governed, and this begins with American voters becoming educated  on our candidates.

[paddy-stone]

If this bill passes, I wonder how many companies will just go "fuck the US then!" and not sell in the US so they don't have to have a backdoor and thus break encryption.

[Jotoco]

Encryption is the second amendment of computers

[Doobeedoo]

That's a yikes imagine the "terrorism" card. Encryption btw but leave a hole btw haha. 

[GDRRiley]

wow again after the last time it got no where?

[Bombastinator]

This is stupid ignoring all the other aspects.  If there is a backdoor ANYONE can open it. It might not be easy to do, but a way will be found eventually.  Getting it open would become the IT holy grail. And it would eventually be cracked.  This will produce insane levels of problems.  It’s a foregone conclusion.  a short duration convenience with a gigantic eventual cost.  Lindsay Graham huh?  GOP leadership.

[PocketNerd]

12 hours ago, straight_stewie said:

-snip-

The scary part is that I can't tell if you're talking about the US or China.

[lewdicrous]

5 minutes ago, PocketNerd said:

The scary part is that I can't tell if you're talking about the US or China.

Why not both?

[Intergalacticbits]

Personally I would like Federal and state level law enforcement in the USA to be able to access any ones data easily on any device through some means legally.

 

I want it to be fast and quick for them to be able to get that evidence.

 

I don't like the way everything digital seems to work against the victims but for the criminals and terrorists.

It shouldn't be a super hard up hill battle to collect digital evidence any more then it is for them to collect other forms of evidence.

 

Bad people will adjust to that back door pretty fast anyway so I feel why not catch the stupid ones quickly before they can hurt more people.

 

I want them to be able to use all this technology to do some good, something that really matters.

Just the way I feel about it.

 

 

 

[straight_stewie]

7 minutes ago, PocketNerd said:

The scary part is that I can't tell if you're talking about the US or China.

As far as I can tell China is pretty overt about whether or not they are targeting their own citizens: They are, and their citizens and the rest of the world know they are, and they admit it. They do other stuff against their citizens that they try to keep a secret though.

The US is kind of the opposite. They'll talk all day long about successful cyber-operations they've waged against other governments, but ask them if they collect information on their own citizens and they get all "that's a secret"-y and "it's complicated"-y.

 

@Intergalacticbits That would be very nice, and I agree with your sentiment that it would be nice if governments could access data for which they have a warrant against a specific individual obtained from a judge in a public court. However, that's not how encryption works: Encryption is either secure or not, there really isn't a middle ground. 

If you design your encryption platforms such that there is a way to access the data as if it weren't encrypted, then there is no point in encrypting it in the first place, because you can just access the data as if it weren't encrypted anyway.

[Bombastinator]

Just now, straight_stewie said:

As far as I can tell China is pretty overt about whether or not they are targeting their own citizens: They are, and their citizens and the rest of the world know they are, and they admit it. They do other stuff against their citizens that they try to keep a secret though.

The US is kind of the opposite. They'll talk all day long about successful cyber-operations they've waged against other governments, but ask them if they collect information on their own citizens and they get all "that's a secret"-y and "it's complicated"-y.

That’s part of how the CIA and the NSA were set up.  It’s in their charters.  The CIA is completely barred from doing things inside the US, and the NSA is completely barred from doing things outside the US.  The NSA has serious limitations on what it can and cannot do, and if the CIA wants to surveillance someone inside the US they feel is a bad actor they have to hand off to the NSA.  The NSA is even bigger on secrecy than the CIA is, So “secret” and “complicated”.

[jagdtigger]

6 minutes ago, Intergalacticbits said:

Personally I would like Federal and state level law enforcement in the USA to be able to access any ones data easily on any device through some means legally.

So it will get abused blatantly? No thanks..... (If you think it wont or cant be abused then i have burst your bubbles. It will be abused without a doubt.)

[Statik]

13 hours ago, RejZoR said:

You clearly don't understand what is at stake here. XDA doesn't change a damn thing. It's Google, Signal, Protonmail, Microsoft, all these companies and many more would be forced to built in encryption backdoors for US government agencies to tap in at any time without having to defeat encryption

My question is how would this effect things like Protonmail, and VPNs like Express/Nord?

 

Protonmail is hosted/based out of Switzerland, and protected via Swiss privacy laws, and VPN companies like Express/Nord (and I'm sure many others) are hosted abroad (British Virgin Isles, and Panama respectively). So they wouldn't have to comply with the US, would they?

[GDRRiley]

7 minutes ago, Intergalacticbits said:

Personally I would like Federal and state level law enforcement in the USA to be able to access any ones data easily on any device through some means legally.

 

I want it to be fast and quick for them to be able to get that evidence.

 

I don't like the way everything digital seems to work against the victims but for the criminals and terrorists.

It shouldn't be a super hard up hill battle to collect digital evidence any more then it is for them to collect other forms of evidence.

there is no way this is possible the math doesn't work that way.

well it helps everyone if you know how to use it.

 

encription is math no way around that. hell a 512 or 1024bit encryption is almost impossible to crack in any reasonable amount of time

 

we know what happens when they get access just go look at the early 2000s.

Did you forget about Snowden?

[straight_stewie]

@Bombastinator Replace "NSA" with "FBI" and you have it correct.

 

Google search "Can the NSA conduct operations outside the US" and the first result (at least the first result for me) is from NSA.gov and says:

Quote

Under Section 702 of the FISA, NSA is authorized to target non-U.S. persons who are reasonably believed to be located outside the United States. The principal application of this authority is in the collection of communications by foreign persons that utilize U.S. communications service providers.

Clicking the second result you are taken to an NSA.gov FAQ of sorts, which is interesting...

 

Quote

1. What is Signals Intelligence?

 

SIGINT involves collecting foreign intelligence from communications and information systems and providing it to customers across the U.S. government, such as senior civilian and military officials. They then use the information to help protect our troops, support our allies, fight terrorism, combat international crime and narcotics, support diplomatic negotiations, and advance many other important national objectives.

 

NSA/CSS collects SIGINT from various sources, including foreign communications, radar and other electronic systems. This information is frequently in foreign languages and dialects, is protected by codes and other security measures, and involves complex technical characteristics. NSA/CSS needs to collect and understand the information, interpret it, and get it to our customers in time for them to take action. Our workforce is deeply skilled in a wide range of highly technical fields that allow them to this work, and they develop and employ state-of-the-art tools and systems that are essential to success in today's fast-changing communications and information environment. Our researchers are working constantly to help us anticipate and prepare for future developments.

The NSA was designed solely to conduct operations outside of the US. Hell, they are a part of the DoD...

[jagdtigger]

2 minutes ago, straight_stewie said:

Google search "Can the NSA conduct operations outside the US" and the first result (at least the first result for me) is from NSA.gov and says:

Yeah, its pretty interesting how they think they have jurisdiction over ppl who are not US citizens and live on foreign ground......  It would be about time other countries give them a pretty harsh lesson how wrong they are.

[Statik]

11 minutes ago, Intergalacticbits said:

Personally I would like Federal and state level law enforcement in the USA to be able to access any ones data easily on any device through some means legally.

 

I want it to be fast and quick for them to be able to get that evidence.

 

I don't like the way everything digital seems to work against the victims but for the criminals and terrorists.

It shouldn't be a super hard up hill battle to collect digital evidence any more then it is for them to collect other forms of evidence.

 

Bad people will adjust to that back door pretty fast anyway so I feel why not catch the stupid ones quickly before they can hurt more people.

 

I want them to be able to use all this technology to do some good, something that really matters.

Just the way I feel about it.

 

 

 

I understand where you're coming from, and you're intent, but that's just not feasible. The entire world is so far behind the curve on internet privacy laws it's already sickening. But if you give a powerhouse like the US a backdoor into everything encrypted, there's no way it's not going to be abused in every way shape and form.

 

IMHO, it's the equivalent of the government basically wanting to put cameras in every citizens house, but saying "we will only turn on the camera's with a warrant, because ya know, terrorism."

 

Not only is that impossible to regulate, now there's a giant security weak spot in your house, and since the Government is able to tap into it whenever, it's only a matter of time before criminals are able to tap into it too. I'm all for stopping terrorists and pedo's, but removing everyone's right to online privacy is not the way to do it. If anything we need significantly more privacy online.

[GDRRiley]

2 minutes ago, straight_stewie said:

The NSA was designed solely to conduct operations outside of the US. Hell, they are a part of the DoD...

the issue is traffic automatically ends up going around the world. something on gmail or a google drive will get move in or out of the country for data protection  and be scooped up.

NAS claims to be international only but they do plenty domestically.