[TriLUG] Semi OT: Lawmakers demanding encryption bankdoors
John Vaughters via TriLUG
trilug at trilug.org
Sun Jan 17 12:04:26 EST 2016
Completely agree, it is pure ignorance to think that encryption is not possible without software provided by vendors. It would not take much knowledge to use existing open source encryption and clean it of any back doors as well as change it to a custom solution. But no one ever accused politicians of being knowledgeable of real world issues.
On Friday, January 15, 2016 12:13 PM, Matt Flyer via TriLUG <trilug at trilug.org> wrote:
Link:
http://arstechnica.com/tech-policy/2016/01/bill-aims-to-thwart-strong-crypto-demands-smartphone-makers-be-able-to-decrypt/
Snippets from the article:
"A New York assemblyman has reintroduced a new bill that aims to
essentially disable strong encryption on all smartphones sold in the
Empire State."
Cue the Picard Face Palm....
...
"Many local and federal law enforcement authorities have been pushing back
against the widespread adoption of easy-to-use strong encryption by
default. In July 2015, New York County District Attorney Cyrus Vance Jr.
said "the safety of all American communities is imperiled by" iOS 8. In
September 2014, Apple took a stronger pro-encryption stance, saying that
under iOS 8 (and later) devices it was unable to access customer data.
Currently, Apple is also fighting a federal government demand to help
unlock a criminal suspects iPhone in federal court in New York."
...
"Recent technological advances have the potential to greatly embolden
online criminals, providing new methods for abusers to avoid detection.
The United States Attorney General, the director of the Federal Bureau of
Investigation, and others have severely criticized the efforts of
smartphone manufacturers to keep evidence immune from lawful process.
Criticism, however, is not enough."
Make that a double face palm.
In many ways this issue reminds me of the SOPA fiasco and like SOPA, it is
based upon technological ignorance and IT WILL NOT WORK. Worse, if an
attempt is made to implement it, it will only make the problem(s) of
dealing with would be internet criminals worse.
As a supporter and user of open source software, such as Linux, and having
been around for the previous crypto-wars of strong encryption on the
browser and the creation of GPG/PGP, it is enough to make we want to reach
out, grab these idiots, and scream in their face about how this is stupid.
Simply put, users will encrypt their data in a means that is not
controlled by some corporation. What's more is that putting such measures
in will only further degrade the trust people have in said products and
what little trust there is will be obliterated the moment there is a high
visibility compromise.
Of course, this follows on the heals of the recent revelation that
Fortigate also had hard coded backdoor SSH access built into their
hardware:
http://arstechnica.com/security/2016/01/et-tu-fortinet-hard-coded-password-raises-new-backdoor-eavesdropping-fears/
--
This message was sent to: John Vaughters <jvaughters04 at yahoo.com>
To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
Unsubscribe or edit options on the web : http://www.trilug.org/mailman/options/trilug/jvaughters04%40yahoo.com
Welcome to TriLUG: http://trilug.org/welcome
More information about the TriLUG
mailing list