New US Bill would require makers of encrypted devices to leave a backdoor

[Bombastinator]

10 hours ago, straight_stewie said:

This is incorrect. Both the CIA and NSA are "spy agencies" in every sense of the phrase.

The CIA primarily focuses on HUMINT, or HUMan INTelligence. That is, the CIA is really good at running informants, flipping foreign nationals, having insiders in enemy governments... Generally what you would consider "traditional" spy activities.

The NSA, on the other hand, primarily focuses on SIGINT, or SIGnals INTelligence. These days that mostly means intercepting internet based communications, but it can also include radio transmissions and other such things.

Of course, there is some overlap between the capabilities of the organizations. The NSA has field agents, and the CIA does do wiretapping and other such things. In modern times, the NSA also serves to provide off-the-shelf capabilities to the other intelligence organizations (this is what the ANT catalog is).

 

10 hours ago, straight_stewie said:

This is incorrect. Both the CIA and NSA are "spy agencies" in every sense of the phrase.

The CIA primarily focuses on HUMINT, or HUMan INTelligence. That is, the CIA is really good at running informants, flipping foreign nationals, having insiders in enemy governments... Generally what you would consider "traditional" spy activities.

The NSA, on the other hand, primarily focuses on SIGINT, or SIGnals INTelligence. These days that mostly means intercepting internet based communications, but it can also include radio transmissions and other such things.

Of course, there is some overlap between the capabilities of the organizations. The NSA has field agents, and the CIA does do wiretapping and other such things. In modern times, the NSA also serves to provide off-the-shelf capabilities to the other intelligence organizations (this is what the ANT catalog is).

So claims of breaking their charters again

[LAwLz]

7 minutes ago, AluminiumTech said:

I see they gave up on the Earn it act and are now being upfront with their intention to end Encryption.

Or maybe they are just proposing this law to make EARN-IT seem more reasonable and increase the likelihood of that passing. 

Both of these acts are being pushed by the same people. I doubt they will stop pushing bills until they pass one of them. Sooner or later one of these anti-encryption/anti-privacy laws will pass, because power hungry people will not stop pushing for it. 

[AlTech]

44 minutes ago, LAwLz said:

Or maybe they are just proposing this law to make EARN-IT seem more reasonable and increase the likelihood of that passing. 

Both of these acts are being pushed by the same people. I doubt they will stop pushing bills until they pass one of them. Sooner or later one of these anti-encryption/anti-privacy laws will pass, because power hungry people will not stop pushing for it. 

True; I did not think of that but that seems like a totally scummy thing they could do.

[DavidKalinowski]

On 6/28/2020 at 8:21 AM, paddy-stone said:

If this bill passes, I wonder how many companies will just go "fuck the US then!" and not sell in the US so they don't have to have a backdoor and thus break encryption.

Honestly not many. the US is a very very large consumer base, and that would be a very very large profit loss. Most big companies are publicly traded, and they have shareholders and a board of directors to answer to (make money for) any thing that lessens that flow of money will not be tolerated. If adding a back door means keeping profits up, they will comply.  If they see a drop in sales after the compliance, then they will act to get the rule over turned.

[paddy-stone]

6 minutes ago, DavidKalinowski said:

Honestly not many. the US is a very very large consumer base, and that would be a very very large profit loss. Most big companies are publicly traded, and they have shareholders and a board of directors to answer to (make money for) any thing that lessens that flow of money will not be tolerated. If adding a back door means keeping profits up, they will comply.  If they see a drop in sales after the compliance, then they will act to get the rule over turned.

If it's a product that up 'til now has been a secure encryted device though, and having a backdoor is a big security risk, then it'd be stupid to do it IMO. Anyone that wants encryption would/should stay away from it IMO.

Buy our new phone, that has a new feature called "bash my backdoor"  

You'll get your data backed up by the NSA, blahblah, and anyone else that manages to find the backdoor. It'll happen at some point, either by someone secretly working for someone else, or someone selling the backdoor access to criminals and foreign intelligence agencies etc.

[DavidKalinowski]

2 minutes ago, paddy-stone said:

If it's a product that up 'til now has been a secure encryted device though, and having a backdoor is a big security risk, then it'd be stupid to do it IMO. Anyone that wants encryption would/should stay away from it IMO.

Buy our new phone, that has a new feature called "bash my backdoor"  

You'll get your data backed up by the NSA, blahblah, and anyone else that manages to find the backdoor. It'll happen at some point, either by someone secretly working for someone else, or someone selling the backdoor access to criminals and foreign intelligence agencies etc.

I would not put it past some marketing department to try that honestly.  "Our data policy, is to let the U.S Government access and keep records of your data for archival purposes in the national archives. So it is more secure for you, our beloved customers"

[SpaceGhostC2C]

10 hours ago, wanderingfool2 said:

Honestly though, one thing I think that should be discussed amoungst politicians is the "self incrimination" argument.  While I agree that people should have some right to not self incriminate, I feel it goes to far in that people can't be compelled by warrant to give up things such as a safe password, or a password to their phone,

How exactly would you go about it? Will you make forgetting a password (because how will you determine if it's forgetting or "forgetting") a punishable offense? Will it be a fine? Jail time? Or do we legalize the authoritarian practices currently used at airports for internal use too?

How would we do the "compelled" part? 

 

Also, there is this underlying, mistaken idea that you can only self-incriminate if you are guilty...

Spoiler

 

[straight_stewie]

7 hours ago, Bombastinator said:

So claims of breaking their charters again

You keep referring to this "charter" but no where anywhere can I find anything that spells out that their primary charges are any different than I've specified (except for that they use COMINT in some places instead of SIGINT: the two are understood to be the same in internet times)

 

If you have a link to something please post it.

 

Also, you seem to be arguing that it's ok for the NSA to be running "bulk collection" programs. Am I interpreting your replies correctly or am I off base here?

[Orangeator]

I pray that our leaders have enough common sense to vote against this bill. As if something like this were to pass, it would only be a matter of time until the U.S. bans foreign devices that do not comply... Which would essentially mean there is no privacy on devices at all in the U.S. With my biggest concern being, how are companies even supposed to do this safely? I believe the answer is that they could not... 

[Bombastinator]

21 minutes ago, straight_stewie said:

You keep referring to this "charter" but no where anywhere can I find anything that spells out that their primary charges are any different than I've specified (except for that they use COMINT in some places instead of SIGINT: the two are understood to be the same in internet times)

 

If you have a link to something please post it.

 

Also, you seem to be arguing that it's ok for the NSA to be running "bulk collection" programs. Am I interpreting your replies correctly or am I off base here?

A “state your source” demand.  Right back atcha.  
 

Off base I think, though this sounds like a trap question. “Bulk collection” is a term so vague it’s in quotes.  I strongly suspect they do such things on any foreign national in the US that fit some criteria set.  They may also do keyword searches or whatnot on data they produce.  This is different than doing such to all residents in the US or worldwide. 
It’s not a question of what I think is or is not OK.  It’s a question of what their posted duties are not whether I think it’s fine or not.  

[jagdtigger]

17 minutes ago, Orangeator said:

Which would essentially mean there is no privacy on devices at all in the U.S.

At least for the law abiding citizens, criminals on the other hand will get their devices without the backdoor from the black market ...

[Bombastinator]

3 minutes ago, jagdtigger said:

At least for the law abiding citizens, criminals on the other hand will get their devices without the backdoor from the black market ...

Starting to sound like the guns argument.

[wanderingfool2]

1 hour ago, SpaceGhostC2C said:

How exactly would you go about it? Will you make forgetting a password (because how will you determine if it's forgetting or "forgetting") a punishable offense? Will it be a fine? Jail time? Or do we legalize the authoritarian practices currently used at airports for internal use too?

How would we do the "compelled" part? 

 

Also, there is this underlying, mistaken idea that you can only self-incriminate if you are guilty...

  Reveal hidden contents

 

Well, it would be compelled by warrant (the way I phrased it), so there would need to be a reasonable suspicion of guilt already (and showing that the evidence exists on said device).

 

The way I look at things, it is a sliding scale based on what crime is being investigated in terms of punishments (of fines or jail time).  Punishable offenses being in cases where they can prove that to a reasonable expectation you would have known the password (or a means of getting it) at the time of the request.  [i.e. Claiming you forgot your pin to your cell phone when you were on the phone just the day prior...but claiming you forgot the password to a device that hasn't been used in a month would likely not be successful in court].  With proper due process in writing a law, I think it would be feasible to do (and a lot better than the other approach).

*When I also say provide passwords, I also mean allowing a person to unlock a phone/account/device without providing the password for access*  They key being a warranted access though

 

It is a lot better approach than building in backdoors, or weakening encryption to allow authorities to break it (or paying device makers to leave unpatched vulnerabilities that aren't disclosed)

[straight_stewie]

15 hours ago, Bombastinator said:

“Bulk collection” is a term so vague it’s in quotes.  I strongly suspect they do such things on any foreign national in the US that fit some criteria set.

I use the term "Bulk collection" as an ironic replacement for "mass surveillance" because every single time someone asks NSA leadership if they do mass surveillance they literally say "no, we do 'bulk collection'". It's a thing they do there's video of them doing it all over the place.

 

They do such things on any person whose data they can get their hands on. Here's a video of a two term POTUS admitting to mass surveillance, or so-called "bulk collection" programs in a public broadcast announcement, about 6 months to a year after the initial Snowden leaks.

 

The "two programs" he is talking about are called PRISM and xKeyscore.

There are some clarifications: "a federal judge" actually means a FISA judge. He does clarify this point. He also admits that they must only seek the permission of a FISA judge after they've seen something they don't like, and they want to start digging deeper. Here's a CNN link about the FISA court: https://www.cnn.com/2014/01/17/politics/surveillance-court/index.html

He literally says the words: "What the intelligence community is doing is looking at phone numbers and durations of calls. By sifting through this so-called metadata, they may identify potential leads with respect to folks who might engage in terrorism." If that information is allegedly anonymous, as President Obama said in the video, then how does it turn into a useful lead?

 

Here's a "transparency report", from the Director of National Intelligence, that shows that in 2017 they collected "Call Data Records" on 534,396,285 different phone calls. You're going to be very hard-pressed to convince me that foreign spies operating on US soil made half a billion phone calls in one year. https://www.dni.gov/files/documents/icotr/2018-ASTR----CY2017----FINAL-for-Release-5.4.18.pdf

 

Here is a video of the CTO of the CIA talking all about how they use or plan to use data collection:

 

Seriously. Watch this whole video. This is the video that Edward Snowden claims flipped him, and finally made him understand how all the pieces he was collecting fit into the bigger picture about what was going on, ultimately leading to his decision to disclose what we now call the Snowden Trove.

I really don't know why you want to argue this point. It's common knowledge, at least here in the states, that mass surveillance is a thing the government does. There's evidence of it and admissions of it all over, like the videos I posted above.

15 hours ago, Bombastinator said:

A “state your source” demand.  Right back atcha.  

Every link I clicked that was on the first page when I googled "NSA charter" or "what does the NSA do". Most of them were .gov sites.

You keep saying that it's actually in the NSA charter that they are to conduct spying operations domestically. I cannot find any information about a "charter", nor can I find anything on a .gov website that claims that it is one of the NSAs charges to conduct domestic operations.

We know they do it, I've been admitting that all along. My argument is that they aren't supposed to be doing it. This is kind of like one of those things when you're at a party about to jump off the second floor balcony onto the pong table and all of your buddies are cheering you on, but then when you land on the table and break it and the homeowners all mad now, suddenly all of your buddies don't have a clue what was going on.

[Worstcaster]

15 hours ago, Bombastinator said:

Starting to sound like the guns argument.

Along those line, I wonder if a Github project could get around this.  You don't sell a or give out a functional encryption program, but you offer some perfectly legal non-functional encryption code.  Then you mention in the documentation that it becomes functional if you edit a few lines of the code.  Sort of like not selling a functional gun, but instead selling a barrel, stock, and receiver, but "if someone happens to assemble it, we have no control over that."

[Stormseeker9]

Well.. not surprising that this comes out of the US. I think it’s invasion of our privacy and human rights. Who’s going to monitor the US gov what devices they search and when.. 

[GDRRiley]

Some of you’ll have clearly forgotten or never learned what Snowden taught us. Giving governments power like this never ends well and is stupid to believe this wouldn’t be abused. 
 

this like every other try should be shot down and those who keep proposing it should  end up just like the majority leader of the senate, removed and shamed 

[RejZoR]

13 minutes ago, GDRRiley said:

Some of you’ll have clearly forgotten or never learned what Snowden taught us. Giving governments power like this never ends well and is stupid to believe this wouldn’t be abused. 
 

this like every other try should be shot down and those who keep proposing it should  end up just like the majority leader of the senate, removed and shamed 

Yeah, but they'll call anyone who opposes such ridiculous laws and bills as "unpatriotic" and "threat to the state". You damn well know they'll pull that card. And nothing is worst than not being a "patriot" in Murica...

[Bombastinator]

1 hour ago, straight_stewie said:

I use the term "Bulk collection" as an ironic replacement for "mass surveillance" because every single time someone asks NSA leadership if they do mass surveillance they literally say "no, we do 'bulk collection'". It's a thing they do there's video of them doing it all over the place.

 

They do such things on any person whose data they can get their hands on. Here's a video of a two term POTUS admitting to mass surveillance, or so-called "bulk collection" programs in a public broadcast announcement, about 6 months to a year after the initial Snowden leaks.

 

The "two programs" he is talking about are called PRISM and xKeyscore.

There are some clarifications: "a federal judge" actually means a FISA judge. He does clarify this point. He also admits that they must only seek the permission of a FISA judge after they've seen something they don't like, and they want to start digging deeper. Here's a CNN link about the FISA court: https://www.cnn.com/2014/01/17/politics/surveillance-court/index.html

He literally says the words: "What the intelligence community is doing is looking at phone numbers and durations of calls. By sifting through this so-called metadata, they may identify potential leads with respect to folks who might engage in terrorism." If that information is allegedly anonymous, as President Obama said in the video, then how does it turn into a useful lead?

 

Here's a "transparency report", from the Director of National Intelligence, that shows that in 2017 they collected "Call Data Records" on 534,396,285 different phone calls. You're going to be very hard-pressed to convince me that foreign spies operating on US soil made half a billion phone calls in one year. https://www.dni.gov/files/documents/icotr/2018-ASTR----CY2017----FINAL-for-Release-5.4.18.pdf

 

Here is a video of the CTO of the CIA talking all about how they use or plan to use data collection:

 

Seriously. Watch this whole video. This is the video that Edward Snowden claims flipped him, and finally made him understand how all the pieces he was collecting fit into the bigger picture about what was going on, ultimately leading to his decision to disclose what we now call the Snowden Trove.

I really don't know why you want to argue this point. It's common knowledge, at least here in the states, that mass surveillance is a thing the government does. There's evidence of it and admissions of it all over, like the videos I posted above.

Every link I clicked that was on the first page when I googled "NSA charter" or "what does the NSA do". Most of them were .gov sites.

You keep saying that it's actually in the NSA charter that they are to conduct spying operations domestically. I cannot find any information about a "charter", nor can I find anything on a .gov website that claims that it is one of the NSAs charges to conduct domestic operations.

We know they do it, I've been admitting that all along. My argument is that they aren't supposed to be doing it. This is kind of like one of those things when you're at a party about to jump off the second floor balcony onto the pong table and all of your buddies are cheering you on, but then when you land on the table and break it and the homeowners all mad now, suddenly all of your buddies don't have a clue what was going on.

So Snowden.  Assumption is is Snowden was 100% correct (might be true might not) and goes farther than Snowden did.  I personally think Snowden was at the very least partially correct.  The claim of Snowden is they were breaking their charter.  It’s not impossible they are breaking their charter.  It’s more likely they are running closer to the edges of their charter than they are admitting.  Doesn’t change the charter though.

[GDRRiley]

6 hours ago, RejZoR said:

Yeah, but they'll call anyone who opposes such ridiculous laws and bills as "unpatriotic" and "threat to the state". You damn well know they'll pull that card. And nothing is worst than not being a "patriot" in Murica...

What other card would they pull? They go no way to polish this turd 

[LAwLz]

30 minutes ago, GDRRiley said:

What other card would they pull? They go no way to polish this turd 

They have already used the "it's used by pedophiles and terrorists" cards. 

Because then people who go against this law will be seen as defending pedos and terrorists. 

[GDRRiley]

28 minutes ago, LAwLz said:

They have already used the "it's used by pedophiles and terrorists" cards. 

Because then people who go against this law will be seen as defending pedos and terrorists. 

of course

[straight_stewie]

25 minutes ago, Grumpy Old Man said:

Is U.S. becoming NEW "North Korean" ???

No. The US wants to look at your data.

North Korea doesn't let you have any.

 

6 hours ago, Bombastinator said:

Assumption is is Snowden was 100% correct (might be true might not) and goes farther than Snowden did.  I personally think Snowden was at the very least partially correct.

I don't so much believe what Snowden says, rather I believe that the evidence he released was not fabricated.

I believe this partially because of my own bias against authority (let's just be honest here), the lengths that the US government went to to try to capture him without any consideration at all for collateral damage, and because there have been enough partial admissions from people in our government that if you put all of the partial admissions together you basically get a full admission of guilt.

[Bombastinator]

9 minutes ago, straight_stewie said:

No. The US wants to look at your data.

North Korea doesn't let you have any.

 

I don't so much believe what Snowden says, rather I believe that the evidence he released was not fabricated.

I believe this partially because of my own bias against authority (let's just be honest here), the lengths that the US government went to to try to capture him without any consideration at all for collateral damage, and because there have been enough partial admissions from people in our government that if you put all of the partial admissions together you basically get a full admission of guilt.

I also believe the evidence, but you seem to be coming to an even more extreme conclusion than he did about it.

[straight_stewie]

11 minutes ago, Bombastinator said:

I also believe the evidence, but you seem to be coming to an even more extreme conclusion than he did about it.

The conclusion that I come to is that the US conducts mass surveillance operations supported by a secret court.

The assumption that I make is that the allegations that they do this against all people are true.

 

From my research this seems to be the same conclusion that Snowden draws. Actually, he goes further than I have and says that there is evidence that they collect this information en masse.