End-to-end encryption and public safety

Forums › ICT Policies and Regulation › End-to-end encryption and public safety

1 | 2 | 3 | 4

ObidiahSlope

260 posts

Ultimate Geek

#2583513 13-Oct-2020 11:13

From Radio NZ;

"New Zealand and its Five Eyes security partners have made another plea for social media companies like Facebook to allow governments to access their encrypted data."

I thought torture was CIA Director Bloody Gina's favorite method of extracting information.

Obsequious hypocrite

nztim

3812 posts

Uber Geek

ID Verified

Trusted

TEAMnetwork

Subscriber

#2583515 13-Oct-2020 11:15

This reminds me when the US Government tried to force apple to weaken its encryption to allow them to have a back door into the iPhone

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

BlinkyBill

1443 posts

Uber Geek
Inactive user

#2583521 13-Oct-2020 11:31

OK I’ve changed my mind on this, thanks to Salty’s links which helped me skill up. Thanks Salty.

SaltyNZ

8218 posts

Uber Geek

Trusted

2degrees

Lifetime subscriber

#2583522 13-Oct-2020 11:33

BlinkyBill:

antonknee:

Now imagine that master key gets lost by the lock manufacturer. Imagine Bob the Burglar steals this master key. Imagine a couple of copies of the key are made (by the manufacturer just in case they need a spare, or a disgruntled employee who wants to damage their employer). Imagine the manufacturer decides to "check the master key works". Imagine an employee of the manufacturer is curious about your home and its contents.

Are you still comfortable that this access to your home exists?

Imagine that the manufacturer is required to have appropriate controls in place to prevent inappropriate risks.

Huawei claims to have appropriate controls in place to prevent inappropriate risks. I think they're being unfairly dumped on personally.

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

SaltyNZ

8218 posts

Uber Geek

Trusted

2degrees

Lifetime subscriber

#2583523 13-Oct-2020 11:35

BlinkyBill:

OK I’ve changed my mind on this, thanks to Salty’s links which helped me skill up. Thanks Salty.

I think that's first time I've ever convinced someone ... Nice!

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

antonknee

1133 posts

Uber Geek

#2583639 13-Oct-2020 12:57

I think it's naive to think that appropriate controls would be a) sought, b) actually implemented, and c) reliable/bulletproof.

For the record I also think Huawei are also being dumped on unfairly, but again I'm reluctant to take any company at their word they should be trusted. Including Apple, as much as I think they may be the best of a bad bunch.

rb99

3422 posts

Uber Geek

Lifetime subscriber

#2583642 13-Oct-2020 13:00

https://arstechnica.com/information-technology/2020/10/a-watch-designed-exclusively-for-kids-has-an-undocumented-spying-backdoor/

“The modern conservative is engaged in one of man's oldest exercises in moral philosophy; that is, the search for a superior moral justification for selfishness.” -John Kenneth Galbraith

rb99

3422 posts

Uber Geek

Lifetime subscriber

#2583643 13-Oct-2020 13:04

Who said they trust Apple more -

https://arstechnica.com/information-technology/2020/10/apples-t2-security-chip-has-an-unfixable-flaw/

“The modern conservative is engaged in one of man's oldest exercises in moral philosophy; that is, the search for a superior moral justification for selfishness.” -John Kenneth Galbraith

rb99

SaltyNZ

8218 posts

Uber Geek

Trusted

2degrees

Lifetime subscriber

#2583647 13-Oct-2020 13:10

antonknee:

For the record I also think Huawei are also being dumped on unfairly, but again I'm reluctant to take any company at their word they should be trusted.

Oh yes, I'm not saying Huawei are perfect by any means. But we work with them here all the time and I've never seen anything to suggest they are any more or less professional than any other vendor, that's all.

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

Lias

5589 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2585618 14-Oct-2020 22:22

SaltyNZ:

Oh yes, I'm not saying Huawei are perfect by any means. But we work with them here all the time and I've never seen anything to suggest they are any more or less professional than any other vendor, that's all.

Some years ago in a bid to woo Her Majesty's Government, Huawei setup a joint cybersecurity venture with GCHQ, who spend a lot of time reviewing Huawei kit, firmware, source code, etc. They publish annual reports, the latest of which just came out.. It's slightly less critical than last years one, but still pretty savage. Basically says they haven't found any deliberate backdoors, but widespread poor dev practices & lack of basic security mean most of their products have more holes than your average swiss cheese.

https://www.theregister.com/2019/03/28/hcsec_huawei_oversight_board_savaging_annual_report/

https://www.theregister.com/2020/10/01/huawei_uk_security_code_review_panel/

https://www.gov.uk/government/publications/huawei-cyber-security-evaluation-centre-oversight-board-annual-report-2020

I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

SaltyNZ

8218 posts

Uber Geek

Trusted

2degrees

Lifetime subscriber

#2585707 15-Oct-2020 08:54

Lias:

Some years ago in a bid to woo Her Majesty's Government, Huawei setup a joint cybersecurity venture with GCHQ, who spend a lot of time reviewing Huawei kit, firmware, source code, etc. They publish annual reports, the latest of which just came out.. It's slightly less critical than last years one, but still pretty savage. Basically says they haven't found any deliberate backdoors, but widespread poor dev practices & lack of basic security mean most of their products have more holes than your average swiss cheese.

I'm 100% certain you'd find the same in other vendor's code too, if you put as much scrutiny on it as GCHQ have on Huawei's. I mean, go search for Cisco on the CVE list; they have far more entries than Huawei even if you ignore the fact that probably 80% of the Huawei ones are for smartphones.

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

antonknee

1133 posts

Uber Geek

#2585719 15-Oct-2020 09:29

All vendors will have flaws and vulnerabilities - pobody's nerfect. Software and hardware are developed by humans after all.

This is exactly the reason it's naive to take a company's word that they're bulletproof, and naive to assume a backdoor would be sufficiently secure and appropriately managed.

Earbanean

937 posts

Ultimate Geek

#2585844 15-Oct-2020 11:22

freitasm:

@BlinkyBill would you be happy for the local police station to have a copy of your house keys?

It's a simple yes or no question.

I think the better analogy is would you be happy for the police to be able to tap your phone? Well, they can do that and have been able to do so for ages, but that didn't turn us into East Germany. There are pretty strict processes involing court orders, search warrants etc in place.

Jacinda Adern or Judith Collins don't just get to listen to your calls whenever they want, as some people have implied would happen with the internet equivalent.

frankv

5680 posts

Uber Geek

Lifetime subscriber

#2585895 15-Oct-2020 12:57

Earbanean:

I think the better analogy is would you be happy for the police to be able to tap your phone? Well, they can do that and have been able to do so for ages, but that didn't turn us into East Germany. There are pretty strict processes involing court orders, search warrants etc in place.

Jacinda Adern or Judith Collins don't just get to listen to your calls whenever they want, as some people have implied would happen with the internet equivalent.

Whilst there are processes governing police access, we don't actually know who is listening in. One thing we do know is that sometimes the intelligence agencies act outside the law. We don't know whether the police do that too, but it is naive to assume they don't.

All the above applies to inside NZ, but your internet traffic will pass through many jurisdictions, some of which are effectively East Germany. And "East Germany" probably has the ability to harm you (illegally), even inside NZ.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2593830 30-Oct-2020 10:13

Just this week, the NSA is trying hard to not answer to Congressional oversight - going as far as saying they can't find documents - "Spy agency ducks questions about 'back doors' in tech products"

"n at least one instance, a foreign adversary was able to take advantage of a back door invented by U.S. intelligence, according to Juniper Networks Inc, which said in 2015 its equipment had been compromised. In a previously unreported statement to members of Congress in July seen by Reuters, Juniper said an unnamed national government had converted the mechanism first created by the NSA. The NSA told Wyden staffers in 2018 that there was a “lessons learned” report about the Juniper incident and others, according to Wyden spokesman Keith Chu."

This case happened in 2015. Here are some links to it:

"Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA"

"New Discovery Around Juniper Backdoor Raises More Questions About the Company"

Basically a backdoor created by a government agency with a private company was used by an enemy nation.

So much for the "security" and only some people have the keys.

1 | 2 | 3 | 4