It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
The five big lies of the encryption debate
page: 1share:
Note to mods - I had no earthly idea where to place this thread. After a lot of waffling and contemplation, it landed here.... Please feel free to
move it to the appropriate forum, as necessary.
Tomorrow evening I will be debating the topic of encryption and cyber security with a particular ABC agency. This is the first of many such debates, I'm sure... I've been included in the debate about this topic because one of my companies is in the thick of this business, but also happens to work with intel, government, and law enforcement. So I see both sides of the coin... It's tough to find a balance and I honestly believe that MOST agents just want to save lives and catch criminals... No nefarious snooping into your lives or using information against you. Unfortunately, the problems on both sides are not that simple.
In preparing for my debate tomorrow, I went online tonight to look up some legal information that I will likely need to reference. In the midst of my research, I ran into the following article which I felt was very informative and spot on from one side of the aisle.
The five big lies of the encryption debate
For those who don't follow articles, I'll summarize:
1. Terrorists are going dark. Apple/Google need to give us access so we can discover terrorist acts before they happen.
Contrary to popular belief, terrorist cells are not using US-based tech company software to discuss and plan out attacks. Paris and the San Bernadino attacks were planned out in person with little to no online footprint.
2. Tech companies aren't cooperating with government. This impression comes from highly publicized cases such as Microsoft fighting government access to data on servers in Ireland.
There is a process for government agencies to gain legal access to data and the majority of these are fulfilled without any problems. The impression they are leaving is that they'd rather have a real-time PRISM type of access.
3. What the FBI wants to implement is impossible. They want a backdoor with numerous padlocks on it.
Can't say it better than this -
4. It's all about encryption. No it isn't...it's about access.
The FBI and other agencies don't mind encryption EXCEPT when it's used to keep their noses out of it.
5. Regulating tech companies will help us stop terrorist plots
Again...this says it best -
Tomorrow evening I will be debating the topic of encryption and cyber security with a particular ABC agency. This is the first of many such debates, I'm sure... I've been included in the debate about this topic because one of my companies is in the thick of this business, but also happens to work with intel, government, and law enforcement. So I see both sides of the coin... It's tough to find a balance and I honestly believe that MOST agents just want to save lives and catch criminals... No nefarious snooping into your lives or using information against you. Unfortunately, the problems on both sides are not that simple.
In preparing for my debate tomorrow, I went online tonight to look up some legal information that I will likely need to reference. In the midst of my research, I ran into the following article which I felt was very informative and spot on from one side of the aisle.
The five big lies of the encryption debate
For those who don't follow articles, I'll summarize:
1. Terrorists are going dark. Apple/Google need to give us access so we can discover terrorist acts before they happen.
Contrary to popular belief, terrorist cells are not using US-based tech company software to discuss and plan out attacks. Paris and the San Bernadino attacks were planned out in person with little to no online footprint.
2. Tech companies aren't cooperating with government. This impression comes from highly publicized cases such as Microsoft fighting government access to data on servers in Ireland.
There is a process for government agencies to gain legal access to data and the majority of these are fulfilled without any problems. The impression they are leaving is that they'd rather have a real-time PRISM type of access.
3. What the FBI wants to implement is impossible. They want a backdoor with numerous padlocks on it.
Can't say it better than this -
But retaining all that data isn’t technically impossible; it just opens up a huge and unnecessary security hole. It means services can’t delete anything, and whatever database holds those records is going to become target number one for attackers. Whatever system you put in place to protect that database better be absolutely flawless because it will be the first system they try to break. Security is hard enough without painting a target on your back.
4. It's all about encryption. No it isn't...it's about access.
The FBI and other agencies don't mind encryption EXCEPT when it's used to keep their noses out of it.
5. Regulating tech companies will help us stop terrorist plots
Again...this says it best -
This is the most powerful lie, the one we heard after Paris and again after San Bernardino. If only we could have found out where the terrorists were talking and listened in, the whole tragedy could have been averted. What if digging up a few crucial iMessages could have saved dozens of lives?
The problem is, there’s no evidence that that’s true. Hindsight investigations have found lots of tragically dropped leads in the run-up to recent attacks, but they’ve mostly been either available information that was ignored or pre-existing flags within the intelligence system.
I wish you success in your argument.
What they are attempting to justify and render as a new status quo is not something I support or agree with, nor the precedent it would set given - as you said - the existing apparatus for gaining such data. It's not supposed to be even easier for them to get. They're supposed to have to do it in a way that has oversight and has to be justified by someone other than just themselves.
Since 9-11 (well, well before that, but more prominently since then) we've seen organized attempt after organized attempt to justify, enshrine, and institutionalize freer and less restrained access by a litany of alphabet agencies to citizens' effects, data, and activities. There already exists a robust and - in theory - well scrutinized means of acquiring such data. Making it even easier is neither required nor beneficial imho, and is, frankly, scary.
Peace.
What they are attempting to justify and render as a new status quo is not something I support or agree with, nor the precedent it would set given - as you said - the existing apparatus for gaining such data. It's not supposed to be even easier for them to get. They're supposed to have to do it in a way that has oversight and has to be justified by someone other than just themselves.
Since 9-11 (well, well before that, but more prominently since then) we've seen organized attempt after organized attempt to justify, enshrine, and institutionalize freer and less restrained access by a litany of alphabet agencies to citizens' effects, data, and activities. There already exists a robust and - in theory - well scrutinized means of acquiring such data. Making it even easier is neither required nor beneficial imho, and is, frankly, scary.
Peace.
originally posted by: CIAGypsy
4. It's all about encryption. No it isn't...it's about access.
The FBI and other agencies don't mind encryption EXCEPT when it's used to keep their noses out of it.
Back in my day, the hue and cry over encryption was the biggest joke in the office. Everything up to 4096 could be decrypted in seconds.
Access ... oh yeah!! If you couldn't find and record the comms ... somebody was communicating securely. AT&T had a phone ...
a reply to: AceWombat04
I agree with you on this topic. It's a slippery slope to a 'Big Brother' 1984 state. Things always start out this way with good intentions, but then powers get abused.
I agree with you on this topic. It's a slippery slope to a 'Big Brother' 1984 state. Things always start out this way with good intentions, but then powers get abused.
originally posted by: CIAGypsy
but then powers get abused.
I hope you aren't going to tout that. There may be abuse, but that's such stretch. I'd have a hard time defining it and the extent of it. Let's just say it's the kids gettin' stoopid.
What can be done has been going down since before 1984. There hasn't been anything earth shattering that I've gotten wind of ... and I have a LOT of friends still in the business ... and at the highest levels of the food chain even.
originally posted by: Snarl
originally posted by: CIAGypsy
but then powers get abused.
I hope you aren't going to tout that. There may be abuse, but that's such stretch. I'd have a hard time defining it and the extent of it. Let's just say it's the kids gettin' stoopid.
What can be done has been going down since before 1984. There hasn't been anything earth shattering that I've gotten wind of ... and I have a LOT of friends still in the business ... and at the highest levels of the food chain even.
I'm choosing my words very carefully because I work with these people and have business connections that I do not wish to disrupt...
But I think you can read between the lines.
originally posted by: Snarl
originally posted by: CIAGypsy
but then powers get abused.
I hope you aren't going to tout that. There may be abuse, but that's such stretch. I'd have a hard time defining it and the extent of it. Let's just say it's the kids gettin' stoopid.
What can be done has been going down since before 1984. There hasn't been anything earth shattering that I've gotten wind of ... and I have a LOT of friends still in the business ... and at the highest levels of the food chain even.
If you seriously haven't gotten wind of anything post 1984 that individuals can do. . . You are so far from reality it is sad.
Unless you are saying the book is the guideline to what you see today
originally posted by: CIAGypsy
Note to mods - I had no earthly idea where to place this thread. After a lot of waffling and contemplation, it landed here.... Please feel free to move it to the appropriate forum, as necessary.
Tomorrow evening I will be debating the topic of encryption and cyber security with a particular ABC agency. This is the first of many such debates, I'm sure... I've been included in the debate about this topic because one of my companies is in the thick of this business, but also happens to work with intel, government, and law enforcement. So I see both sides of the coin... It's tough to find a balance and I honestly believe that MOST agents just want to save lives and catch criminals... No nefarious snooping into your lives or using information against you. Unfortunately, the problems on both sides are not that simple.
In preparing for my debate tomorrow, I went online tonight to look up some legal information that I will likely need to reference. In the midst of my research, I ran into the following article which I felt was very informative and spot on from one side of the aisle.
The five big lies of the encryption debate
For those who don't follow articles, I'll summarize:
1. Terrorists are going dark. Apple/Google need to give us access so we can discover terrorist acts before they happen.
Contrary to popular belief, terrorist cells are not using US-based tech company software to discuss and plan out attacks. Paris and the San Bernadino attacks were planned out in person with little to no online footprint.
2. Tech companies aren't cooperating with government. This impression comes from highly publicized cases such as Microsoft fighting government access to data on servers in Ireland.
There is a process for government agencies to gain legal access to data and the majority of these are fulfilled without any problems. The impression they are leaving is that they'd rather have a real-time PRISM type of access.
3. What the FBI wants to implement is impossible. They want a backdoor with numerous padlocks on it.
Can't say it better than this -
But retaining all that data isn’t technically impossible; it just opens up a huge and unnecessary security hole. It means services can’t delete anything, and whatever database holds those records is going to become target number one for attackers. Whatever system you put in place to protect that database better be absolutely flawless because it will be the first system they try to break. Security is hard enough without painting a target on your back.
4. It's all about encryption. No it isn't...it's about access.
The FBI and other agencies don't mind encryption EXCEPT when it's used to keep their noses out of it.
5. Regulating tech companies will help us stop terrorist plots
Again...this says it best -
This is the most powerful lie, the one we heard after Paris and again after San Bernardino. If only we could have found out where the terrorists were talking and listened in, the whole tragedy could have been averted. What if digging up a few crucial iMessages could have saved dozens of lives?
The problem is, there’s no evidence that that’s true. Hindsight investigations have found lots of tragically dropped leads in the run-up to recent attacks, but they’ve mostly been either available information that was ignored or per-existing flags within the intelligence system.
I think one of their planned outcomes is to train the public to forget that every electronic communication into and out of and within the US, is stored in that facility in Dakota.
Might the reason for this is be that their research have shown that that type of surveillance be something of a red line for the masses so they want them to forget about. Might it be that their research shows that burgling a phone for data is more socially acceptable to the masses and does not raise their fear level. Might this itself be driven by the view that for so long as its only someone else and not me getting their phone burgled that's OK?
It's all moot. Apple has already unlocked phones for investigators before, and is only refusing to do so now because this particular phone comes from
a high profile terror attack, and not some local low press crime.
It's all just smoke and mirrors for the sake of Apple's image.
It's all just smoke and mirrors for the sake of Apple's image.
originally posted by: Wardaddy454
It's all moot. Apple has already unlocked phones for investigators before, and is only refusing to do so now because this particular phone comes from a high profile terror attack, and not some local low press crime.
It's all just smoke and mirrors for the sake of Apple's image.
I don't believe this has happened through the means of Apple giving the FBI a tool to undermine the encryption. There are some schools of thought who claim NSA has already determined how to hack the SE, but that capability isn't something that they can use openly in court to make evidence admissible. There lies the rub.... If they can force it through the court or get Apple to play willingly in this particular manner, then they no longer have to tell Apple what they are doing but still have full access around security and can still be admissible.
a reply to: Wardaddy454
Huge difference between unlocking a phone and decrypting the data stored on it. The data is stored using AES with a 256 bit key, probably salted too. What the FBI are demanding is not access to the phone, but for Apple to give them a suite of tools so they can blow a signed and modified version of iOS onto the phone, that will allow them unlimited password guesses at decrypting the data.
Apple is refusing, because said software suite could then, and probably would then, be used against every iPhone they came across, without first getting a court order.
Huge difference between unlocking a phone and decrypting the data stored on it. The data is stored using AES with a 256 bit key, probably salted too. What the FBI are demanding is not access to the phone, but for Apple to give them a suite of tools so they can blow a signed and modified version of iOS onto the phone, that will allow them unlimited password guesses at decrypting the data.
Apple is refusing, because said software suite could then, and probably would then, be used against every iPhone they came across, without first getting a court order.
a reply to: BMorris
Exactly - or damn close.
Why Apple is resisting is because once *any* person or agency has access to those tools they can use it on any device that is running that iOS. In other words, they will not put their customers at risk.
I applaud them for that.
And I work with encryption and classified info for a living. Many of my colleagues and associates feel the same way. We either believe in our constitution or we don't. Period.
What the FBI are demanding is not access to the phone, but for Apple to give them a suite of tools so they can blow a signed and modified version of iOS onto the phone, that will allow them unlimited password guesses at decrypting the data.
Exactly - or damn close.
Why Apple is resisting is because once *any* person or agency has access to those tools they can use it on any device that is running that iOS. In other words, they will not put their customers at risk.
I applaud them for that.
And I work with encryption and classified info for a living. Many of my colleagues and associates feel the same way. We either believe in our constitution or we don't. Period.
a reply to: CIAGypsy
To me it's common sense, espionage happens. If we place government back doors into our technology, then eventually either through spying on us and discovering it, or just looking for it hard enough other governments will find that back door and a way to use it.
There are numerous benefits to encryption which I'll avoid rehashing here since I'm sure you're aware of them, but none of those benefits are real unless that data is secure. Adding insecurity to our systems is a poor idea, sure it means we lose out on the occasional bit of intelligence but the cost of insecure systems to our businesses and individuals is far greater.
A modern day society cannot function without absolute (or as near as possible) information security.
Lets go backwards in technology a bit and use the Cold War. To date the only perfectly secure form of encryption is a properly used Vernam Cipher, both the US and the Soviets used these in the Cold War because neither side had any room for error in having information leak to the enemy. A large part of the reason we are still here to discuss this is because of the strength of encryption used that obfuscated data and kept either side from making a move against the other. Can you imagine if we were using a cryptographic system back then that had a back door in it? ALL focus would have been put on discovering that back door and using it, the inevitable result would have been disaster. We can see this in WW2 where the Germans had an excellent form of encryption with Enigma. Yet they took massive losses because we were able to crack it and reverse engineer the machines (the closest analogy to using a back door I could think of), and look what happened to the Germans as a result.
We cannot be secure as a nation unless our data is beyond the reach of being decrypted and back doors to systems don't help with that.
To me it's common sense, espionage happens. If we place government back doors into our technology, then eventually either through spying on us and discovering it, or just looking for it hard enough other governments will find that back door and a way to use it.
There are numerous benefits to encryption which I'll avoid rehashing here since I'm sure you're aware of them, but none of those benefits are real unless that data is secure. Adding insecurity to our systems is a poor idea, sure it means we lose out on the occasional bit of intelligence but the cost of insecure systems to our businesses and individuals is far greater.
A modern day society cannot function without absolute (or as near as possible) information security.
Lets go backwards in technology a bit and use the Cold War. To date the only perfectly secure form of encryption is a properly used Vernam Cipher, both the US and the Soviets used these in the Cold War because neither side had any room for error in having information leak to the enemy. A large part of the reason we are still here to discuss this is because of the strength of encryption used that obfuscated data and kept either side from making a move against the other. Can you imagine if we were using a cryptographic system back then that had a back door in it? ALL focus would have been put on discovering that back door and using it, the inevitable result would have been disaster. We can see this in WW2 where the Germans had an excellent form of encryption with Enigma. Yet they took massive losses because we were able to crack it and reverse engineer the machines (the closest analogy to using a back door I could think of), and look what happened to the Germans as a result.
We cannot be secure as a nation unless our data is beyond the reach of being decrypted and back doors to systems don't help with that.
edit on
10-3-2016 by Aazadan because: (no reason given)
a reply to: Aazadan
True. But the one-time pad ciphers are not practical in today's world for any kind of large scale use.
With that said, it is still used in some circumstances - very effectively.
But that is not what this is about as the masses wouldn't know a one-time pad if it bit them in the ass. Including the "terrorists" whose phone they say they want access to.
What the FBI is essentially asking for is a way to effectively monitor the masses who have encryption not because they want it, but because it is built into their device - whether they know it or not.
Not being able to effectively monitor the population scares the bejesus out of them.
BTW - it's not just Apple anymore. Full encryption is now the default for all current Android devices running the latest version - Marshmallow or 6.1. It's currently in use by less than 2% of Android devices but the roll-out is starting in earnest.
I just got mine on my Droid Turbo 2 (Verizon) yesterday.
The fear mongering by the ABC's is just beginning. You'll see...
To date the only perfectly secure form of encryption is a properly used Vernam Cipher
True. But the one-time pad ciphers are not practical in today's world for any kind of large scale use.
With that said, it is still used in some circumstances - very effectively.
But that is not what this is about as the masses wouldn't know a one-time pad if it bit them in the ass. Including the "terrorists" whose phone they say they want access to.
What the FBI is essentially asking for is a way to effectively monitor the masses who have encryption not because they want it, but because it is built into their device - whether they know it or not.
Not being able to effectively monitor the population scares the bejesus out of them.
BTW - it's not just Apple anymore. Full encryption is now the default for all current Android devices running the latest version - Marshmallow or 6.1. It's currently in use by less than 2% of Android devices but the roll-out is starting in earnest.
I just got mine on my Droid Turbo 2 (Verizon) yesterday.
The fear mongering by the ABC's is just beginning. You'll see...
originally posted by: Riffrafter
True. But the one-time pad ciphers are not practical in today's world for any kind of large scale use.
I realize they're not practical for many purposes, rather I was using them as an example to make my point, secure communications saved the world. It ended WW1 earlier and it in large part kept the Cold War from going hot.
It is very short sighted to put security holes into our encryption technology. It might appease the FBI's or NSA's ego and put a few more people in jail, but it will cause us a lot of economic damage and potentially even be it's own massive hole in our national security.
This isn't even getting into the constitutional issues.
a reply to: Aazadan
Amen!
I couldn't have said it better myself.
Too bad many people are too short-sighted to see the larger picture. It makes me sad/worried for my children's future.
It is very short sighted to put security holes into our encryption technology. It might appease the FBI's or NSA's ego and put a few more people in jail, but it will cause us a lot of economic damage and potentially even be it's own massive hole in our national security.
This isn't even getting into the constitutional issues.
Amen!
I couldn't have said it better myself.
Too bad many people are too short-sighted to see the larger picture. It makes me sad/worried for my children's future.
If you think of your computer system as being like an office block, then all the communications like wi-fi, bluetooth, 3G/4G internet go in through
the sub-basement levels. Device drivers and firmware are like the basement levels maintained by the utilities. Network ports are like the docking bays
used by container trucks.
Your user with applications and data files is like regular office space with filing cabinets.
The things that the FBI wants ... being able to view the screen of a PC remotely. Being able to activate the camera and microphone remotely. Being able to access files remotely. Being able to retrieve files that have been deleted.
That's like having the service access keys to every level and room.
But as soon as that is known to be possible, everyone is going to try and get through the doors.
Your user with applications and data files is like regular office space with filing cabinets.
The things that the FBI wants ... being able to view the screen of a PC remotely. Being able to activate the camera and microphone remotely. Being able to access files remotely. Being able to retrieve files that have been deleted.
That's like having the service access keys to every level and room.
But as soon as that is known to be possible, everyone is going to try and get through the doors.
a reply to: CIAGypsy
Very succinctly put. One issue that never seems to come up, however, is the different rules that apply to intelligence agencies (CIA, NSA, DIA, etc.), the Justice Department (FBI), and local law enforcement. The FBI and police must have a warrant in hand before collecting the data if it is to be used in court; the intelligence agencies have certain rules, but since they do not need to present evidence in court, there is no way of testing whether they always follow those rules. My hunch is that the FBI would like to be able to cast a wide net discreetly, then file for a FISA or RICO once they know for sure where to look.
Very succinctly put. One issue that never seems to come up, however, is the different rules that apply to intelligence agencies (CIA, NSA, DIA, etc.), the Justice Department (FBI), and local law enforcement. The FBI and police must have a warrant in hand before collecting the data if it is to be used in court; the intelligence agencies have certain rules, but since they do not need to present evidence in court, there is no way of testing whether they always follow those rules. My hunch is that the FBI would like to be able to cast a wide net discreetly, then file for a FISA or RICO once they know for sure where to look.
originally posted by: Riffrafter
Not being able to effectively monitor the population in real time scares the bejesus out of them.
Added key words to your statement....
As was mentioned in the original article, what is ultimately at the heart of the debate is access not encryption.
Otherwise I agree with just about everything else you said....
new topics
-
Those Drones over NJ and elsewhere
Aliens and UFOs: 1 hours ago -
South Korean coup was an attempt to start WW3
World War Three: 1 hours ago -
Archer aviation and the NJ drones
Aircraft Projects: 2 hours ago
top topics
-
Only two Navy destroyers currently operational as fleet size hits record low
Military Projects: 12 hours ago, 11 flags -
Those Drones over NJ and elsewhere
Aliens and UFOs: 1 hours ago, 4 flags -
Archer aviation and the NJ drones
Aircraft Projects: 2 hours ago, 3 flags -
South Korean coup was an attempt to start WW3
World War Three: 1 hours ago, 3 flags
active topics
-
Only two Navy destroyers currently operational as fleet size hits record low
Military Projects • 14 • : berbofthegreen -
Those Drones over NJ and elsewhere
Aliens and UFOs • 5 • : theatreboy -
Drones everywhere in New Jersey
Aliens and UFOs • 166 • : Zaphod58 -
The Mystery Drones and Government Lies
Political Conspiracies • 78 • : Zaphod58 -
Archer aviation and the NJ drones
Aircraft Projects • 3 • : berbofthegreen -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 3699 • : MetalThunder -
Pelosi injured in Luxembourg
Other Current Events • 43 • : xuenchen -
South Korean coup was an attempt to start WW3
World War Three • 4 • : xuenchen -
George Stephanopoulos and ABC agree to pay $15 million to settle Trump defamation suit
Mainstream News • 13 • : xuenchen -
More Bad News for Labour and Rachel Reeves Stole Christmas from Working Families
Regional Politics • 5 • : Cvastar