End-to-end encryption and public safety

Forums › ICT Policies and Regulation › End-to-end encryption and public safety

1 | 2 | 3 | 4

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41034

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2583188 12-Oct-2020 16:21

BlinkyBill:

It’s funny, not in the humorous way, that people who complain about legally secure access to back doors in encryption schemes ... use the Android operating system, google, cellphones, facebook, loyalty card systems, walk the streets where there is surveillance, etc etc.

We have protections against abuse of legal authority - why should encryption back doors be any less secure from Governmental abuse than anything else we put up with to live in a safe society?

Let's put in another way: everything Stalin did (including the NKVD, KGB and subsidiaries like Stasi) was legal - in their own framework.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

BlinkyBill

1443 posts

Uber Geek
+1 received by user: 1100
Inactive user

#2583190 12-Oct-2020 16:22

So - why should encryption back doors be any less secure from Governmental abuse than anything else we put up with to live in a safe society?

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41034

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2583191 12-Oct-2020 16:25

BlinkyBill:

So - why should encryption back doors be any less secure from Governmental abuse than anything else we put up with to live in a safe society?

If there's a backdoor, who holds the key? And if a key exists, you think it is not possible it could be leaked, extorted, negotiated?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

BlinkyBill

1443 posts

Uber Geek
+1 received by user: 1100
Inactive user

#2583208 12-Oct-2020 16:51

freitasm:

BlinkyBill:

So - why should encryption back doors be any less secure from Governmental abuse than anything else we put up with to live in a safe society?

If there's a backdoor, who holds the key? And if a key exists, you think it is not possible it could be leaked, extorted, negotiated?

The manufacturer. The Agency acquires a warrant from a judge to get the manufacturer to provide the data.

Current encryption technology requires a key, which can be leaked, extorted, negotiated.

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41034

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2583214 12-Oct-2020 17:05

BlinkyBill:

freitasm:

If there's a backdoor, who holds the key? And if a key exists, you think it is not possible it could be leaked, extorted, negotiated?

The manufacturer. The Agency acquires a warrant from a judge to get the manufacturer to provide the data.

Current encryption technology requires a key, which can be leaked, extorted, negotiated.

You don't seem to be aware of the current encryption technology field then. The "manufacturer" not always carry the key. It's possible the key is not known to anyone else but the user. A backdoor is not secure - even if for "lawful purposes only".

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

BlinkyBill

1443 posts

Uber Geek
+1 received by user: 1100
Inactive user

#2583222 12-Oct-2020 17:23

freitasm:

You don't seem to be aware of the current encryption technology field then. The "manufacturer" not always carry the key. It's possible the key is not known to anyone else but the user. A backdoor is not secure - even if for "lawful purposes only".

No, I’m not particularly expert. But I see no reason why a back door can’t be created by the encryption manufacturer, for which they hold the key and provide the data on a warrant from a judge. In this case the user is the manufacturer.

Just saying this approach is ‘not secure’ is not an argument.

Behodar

11095 posts

Uber Geek
+1 received by user: 6074

Trusted

Lifetime subscriber

#2583228 12-Oct-2020 17:39

BlinkyBill: No, I’m not particularly expert. But I see no reason why a back door can’t be created by the encryption manufacturer, for which they hold the key and provide the data on a warrant from a judge.

They can. The problem is when someone else uses that back door.

BlinkyBill

1443 posts

Uber Geek
+1 received by user: 1100
Inactive user

#2583229 12-Oct-2020 17:43

Behodar:

BlinkyBill: No, I’m not particularly expert. But I see no reason why a back door can’t be created by the encryption manufacturer, for which they hold the key and provide the data on a warrant from a judge.

They can. The problem is when someone else uses that back door.

How?

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41034

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2583230 12-Oct-2020 17:44

Already explained... Extracted, leaked, stolen, distributed by mistake.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

alavaliant

251 posts

Ultimate Geek
+1 received by user: 119

Subscriber

#2583234 12-Oct-2020 17:53

BlinkyBill:

No, I’m not particularly expert. But I see no reason why a back door can’t be created by the encryption manufacturer, for which they hold the key and provide the data on a warrant from a judge. In this case the user is the manufacturer.

Just saying this approach is ‘not secure’ is not an argument.

I'd suggest reading https://www.infoworld.com/article/3106079/secure-boot-proves-insecurity-of-backdoors.html

there are real world examples out there of back doors being leaked and compromising systems.

BlinkyBill

1443 posts

Uber Geek
+1 received by user: 1100
Inactive user

#2583235 12-Oct-2020 17:55

This is a bit frustrating. Respondents are making extremely high-level ‘few-word’ responses that a properly-designed encryption system with back-door, properly secured with appropriate protections, is inherently unsafe and shouldn’t be pursued in the interests of public safety.

The reality is that most people already rely on privacy-busting encryption schemes and technology and blithely use these technologies every day - because of convenience.

Unless someone can educate me, I’m going to support the objectives outlined in the press release. Making simplistic assertions is no different to saying 5G gives you COVID, and the New World Order is oppressing workers.

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41034

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2583279 12-Oct-2020 18:04

@BlinkyBill would you be happy for the local police station to have a copy of your house keys?

It's a simple yes or no question.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

SaltyNZ

8862 posts

Uber Geek
+1 received by user: 9539

Trusted

2degrees

Lifetime subscriber

#2583281 12-Oct-2020 18:23

BlinkyBill:

We have protections against abuse of legal authority - why should encryption back doors be any less secure from Governmental abuse than anything else we put up with to live in a safe society?

And how well do those work? We only found out about the 80-something times the GCSB had spied unlawfully (that we know about) because someone with much better lawyers than you or I got arrested in the most egregiously over the top operation to stop his service from making it slightly easier for other people to break copyright laws. The ensuing round of legislative changes gave the final authority on what is allowed and what isn’t to the same people with political motives to use them, and no requirement for them to ever be declassified, not in a year, not in 10 years, not ever.

Maybe you trust Jacinda Arden with that power, but do you trust Judith Collins? Or vice versa, whichever way your arrow points? What reason could there be to NOT give warrant approval to an (apolitical) judge? Surely there must be at least one out there that could get security clearance.

To make matters worse, you cannot trust the GCSB. Firstly, they won’t tell you anything. They won’t tell you what they really want, or what they really want to avoid, and they won’t tell you why. They will make demands, but they won’t justify them, because National Security. If any other person acted that way the alarm bells would be going off so loudly you’d have to run just to get away from the noise. And if you have concerns, you’re SOL because voicing them to anyone would get you prosecuted.

On top of that, the GCSB’s mission is not to defend. It is to defend AND ATTACK. And since they won’t tell you why they want a thing to be a certain way, how can you ever be sure that their motive is to help you defend rather than to make it easier for them to attack?

If the government really wants people to cooperate because they WANT TO rather than simply because they’ll go to jail if they don’t, then they need to do two things. First, break the GCSB into two agencies, one for defence and one for attack. And second, they need to trust the people who they demand obedience from. That will mean more people will need clearance, but surely willing cooperation will bring better results for the country in the long run.

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

SaltyNZ

8862 posts

Uber Geek
+1 received by user: 9539

Trusted

2degrees

Lifetime subscriber

#2583288 12-Oct-2020 18:32

BlinkyBill:

No, I’m not particularly expert. But I see no reason why a back door can’t be created by the encryption manufacturer, for which they hold the key and provide the data on a warrant from a judge. In this case the user is the manufacturer.

Just saying this approach is ‘not secure’ is not an argument.

It doesn’t matter who holds the key. Even the supposed security experts can’t keep their keys to themselves.

Or look at it slightly differently. Apple, Microsoft, Nintendo, Sony — all of these companies have more money and experts than god, and spend it trying to make perfectly unbreakable schemes so that they can lock you into using the hardware you bought only in the way that makes them the most money.

They all failed. All of them have been broken, fixed, and broken again. Over and over and over.

How can you possibly think that a system with a deliberate weakness in it could somehow be completely secure when the ones that are designed to harder than diamond, right down to the hardware, are not?

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

BlinkyBill

1443 posts

Uber Geek
+1 received by user: 1100
Inactive user

#2583289 12-Oct-2020 18:34

freitasm:

@BlinkyBill would you be happy for the local police station to have a copy of your house keys?

It's a simple yes or no question.

No, BUT, if the lock manufacturer had a master key, and the Police could access this master key on a warrant issued by a judge then I am OK with that.

The Police can sledge-hammer open a door on a warrant, if necessary. They can force entry.

1 | 2 | 3 | 4