1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News 'Five Eyes' countries hint at mandatory encryption back door demands

Discussion in 'Article Discussion' started by bit-tech, 4 Sep 2018.

  1. bit-tech

    bit-tech Supreme Overlord Lover of bit-tech Administrator

    Joined:
    12 Mar 2001
    Posts:
    3,676
    Likes Received:
    138
    Read more
     
  2. yuusou

    yuusou Multimodder

    Joined:
    5 Nov 2006
    Posts:
    2,953
    Likes Received:
    1,031
    I'm fine with letting these countries have back doors. As long as China, Russia and North Korea can have access to them as well. If you don't give them the access, they'll find a way to get it anyway, so may as well be open about it.
     
  3. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    7,089
    Likes Received:
    983
    It is impossible to create an encryption with selective backdoor access while maintaining security.

    You can either deliberately have a vulnerability in the software and tell those you want to have access all about it, which does nothing to prevent others from discovering said vulnerability on their own, or you force companies that make the software to run a permanent man in the middle attack and hand over the data, which then allows the company making the software to abuse the data in whatever manner they damn well please.
     
  4. yuusou

    yuusou Multimodder

    Joined:
    5 Nov 2006
    Posts:
    2,953
    Likes Received:
    1,031
    Ah, crap, forgot to use the [sarcasm] [/sarcasm] tags. I thought they were implied.
     
    The_Crapman likes this.
  5. liratheal

    liratheal Sharing is Caring

    Joined:
    20 Nov 2005
    Posts:
    12,908
    Likes Received:
    2,009
    It perturbs me that people who get to make decisions about things like this simply don't have any idea what they're talking about.
     
  6. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    7,089
    Likes Received:
    983
    Yeah I kind of missed the sarcasm, although to be fair the sheer stupidity of the government proposal doesn't help in detecting sarcasm in replies to it.
     
  7. yuusou

    yuusou Multimodder

    Joined:
    5 Nov 2006
    Posts:
    2,953
    Likes Received:
    1,031
    It's even worse than that. They preach their misinformed misinterpreted opinion as if it's the gospel. Saying that people don't care about privacy? Then why the hell do they have curtains?!
     
    The_Crapman, Corky42 and liratheal like this.
  8. faugusztin

    faugusztin I *am* the guy with two left hands

    Joined:
    11 Aug 2008
    Posts:
    6,953
    Likes Received:
    270
    I wouldn't say impossible, just not secure enough and bad idea in general.

    Most encryption schemes support multiple target public keys, so any of the recipients with corresponding private keys could decrypt the message. A company could make a pair of keys for every customer - one key per customer for legal purposes stored on company servers and second key for the actual customer. Thus company could decrypt the message too, as they public key would be included in message too.

    Problem then shifts to legal and safety side - can the companies keep their private key safe from governments ? Which court orders will the companies accept ? I mean, if let's say Chinese court will order all data of Taiwanese prime ministers iPhone, will US based Apple comply with court order ?

    It is obvious the 'Five eyes' think about the access for themselves exclusively, but how can they stop other countries forcing the hand of companies too ?
     
  9. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    7,089
    Likes Received:
    983
    Hence the impossible bit.
    Multiple keys? You can't guarantee the company doesn't access the data (or grant another 3rd party access, or gets hacked).

    And the biggest irony of it all, in the hypothetical scenario that someone actually succeeded in creating an encryption with selective access for 3rd parties they would automatically defeat the concept of selective 3rd party access:

    Just stack two encryptions with different 3rd party access to kill all 3rd party access, if you used one encryption that only Russia can get through and stacked another on top of it that only GCHQ can get through then neither can get to your data.
     
  10. l3v1ck

    l3v1ck Fueling the world, one oil well at a time.

    Joined:
    23 Apr 2009
    Posts:
    12,956
    Likes Received:
    17
    "'real people' don't care about encryption" my arse.
    Boring politicians and people who don't know much about computers, don't care about encryption.
    They are getting fewer and fewer in number. Those of us who grow up in a tech environment are becoming an increasing majority as time goes by.
    We want and we use encryption, and we don't want pen pushers spying on us in their Orwellian way at the drop of a hat....... And no, we don't have anything to hide. But that still doesn't mean we find it acceptable.
     
  11. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    Simple, when we do it it's good and should be allowed because we're the good guys, when someone we don't like want's to do it we'll say no as they're the bad guys. ;)

    At least that's how it seems to work when governments want to drop bombs on things.

    EDIT: If governments are so adamant that lawful access solutions can be implemented without putting citizens in danger maybe they should try it out on government sites and politicians first, it should be easy for them to insert a backdoor into a modified TLS, if that backdoor goes undiscovered for 5 years then have at it.
     
    Last edited: 4 Sep 2018
  12. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    7,089
    Likes Received:
    983
    Also will the ASA mandate "not intended to be actually secure" disclaimers in all encryption related advertisements? :p
     
  13. MLyons

    MLyons 70% Dev, 30% Doge. DevDoge. Software Dev @ Corsair Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    4,222
    Likes Received:
    2,814
    Speak for yourself :worried:
     
    The_Crapman likes this.
  14. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    15,686
    Likes Received:
    3,163
    Don't worry, you can easily be made to look like you have.

    'If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.' -Cardinal Richelieu [Disputed]
     
  15. David

    David μoʍ ɼouმ qᴉq λon ƨbԍuq ϝʁλᴉuმ ϝo ʁԍɑq ϝμᴉƨ

    Joined:
    7 Apr 2009
    Posts:
    17,753
    Likes Received:
    6,303
    I think your interests are skewing your viewpoint.

    The majority of older, pension age folk are largely tech-ignorant, but I find most of the younger generation are apathetic towards and almost equally ignorant of the tech they make use of every day. I think we're already beyond the peak of the bell curve of tech savvy people who give enough of a damn to make a stand.

    IMO, governments are in a golden age of a largely ignorant/apathetic/lazy electorate. A great deal of policy can be pushed through parliament with little more than a few standouts raging in protest. Civil rights groups are marginalised and vilified as subversives, to mitigate their impact or appeal, and the right fear-mongering PR campaign can accomplish astonishing feats these days. Exhibits a and b: Trump and Brexit.
     
    The_Crapman, adidan and Corky42 like this.
  16. Broadwater06

    Broadwater06 Minimodder

    Joined:
    10 Apr 2016
    Posts:
    278
    Likes Received:
    14
    Indeed, not only it's a golden age of what you mentioned, they also don't trust the experts. Something got to be done soon otherwise Idiocracy could become a reality.
     
Tags: Add Tags

Share This Page