NSA declares war on general purpose computers

NSA director Michael S Rogers says his agency wants "front doors" to all cryptography used in the USA, so that no one can have secrets it can't spy on -- but what he really means is that he wants to be in charge of which software can run on any general purpose computer.

Rogers's proposal is no less stupid than the proposal made by UK Prime Minister David Cameron, but it's even scarier in that Rogers runs a highly technical criminal organization with state backing and a history of attacking the security of American computing infrastructure by deliberately introducing vulnerabilities into computers used by American citizens, businesses, and government.

There's no way to stop Americans -- particularly those engaged in criminal activity and at risk from law enforcement -- from running crypto without locking all computers, Ipad-style, so that they only run software from a government-approved "app-store." The world teems with high quality, free, open crypto tools. Simply banning their integration into US products will do precisely nothing to stop criminals from getting their code from outside non-US vendors or projects. Only by attacking the fundamental nature of computing itself can the NSA hope to limit its adversaries' use of crypto.

I predicted this in 2012, and I'm sad to see it coming true. The risk of this happening is why I've gone back to EFF to kill DRM in all its forms.

The split-key approach is just one of the options being studied by the White House as senior policy officials weigh the needs of companies and consumers as well as law enforcement — and try to determine how imminent the latter’s problem is. With input from the FBI, intelligence community and the departments of Justice, State, Commerce and Homeland Security, they are assessing regulatory and legislative approaches, among others.

The White House is also considering options that avoid having the company or a third party hold a key. One possibility, for example, might have a judge direct a company to set up a mirror account so that law enforcement conducting a criminal investigation is able to read text messages shortly after they have been sent. For encrypted photos, the judge might order the company to back up the suspect’s data to a company server when the phone is on and the data is unencrypted. Technologists say there are still issues with these approaches, and companies probably would resist them.

White House aides aim to report to Obama this month, though the date could slip. “We want to give the president a sense of what the art of the possible is,” said a senior administration official who requested anonymity because he was not authorized to speak on the record. “We want to enable him to make some decisions and strategic choices about this very critical issue that has so many strategic implications, not just for our cybersecurity but for law enforcement and national security, economic competitiveness overseas, foreign relations, privacy and consumer security.”

As encryption spreads, U.S. grapples with clash between privacy, security [Ellen Nakashima and Barton Gellman/Washington Post]

(via Hacker News)

Notable Replies

  1. I think the appropriate answer to this would be 'no f-ing way'.

  2. Side channels and other implementation bugs. That's where the gold still lies.

    But good luck standing against the worldwide army of geeks, whose strength is not in secrecy but in open collaboration, who are so scattered over the jurisdictions to make any effective legislation attempt futile, and who by now are pissed.

    NSA seems to like being in a losing fight.

  3. Man, I never thought I'd miss the cold war. Remember the ridicule we heaped on the Soviet bloc, for registering all photocopy machines? Those were good times.

  4. I looked over the G-man who walked into my office. He looked like a lobster stuffed in a cheap suit. "So what's da scam?" I put my feet up, just to show him whose office he was in. "What do these boys got that the feds want so bad?"

    "A hundred-digit prime that's not on the approved list."

    I let out a low whistle. With loot like that, a guy could start his own country. "And you want me to get it because...." He raised his eyebrows, silently. Spooks all think alike. "I get it. Plausible deniability. It's gonna cost you.... Ten thousand up front, plus expenses."

    "Dollars or Bitcoin?"

    "Whadda I look like, a rube?"

  5. We have not been clear with our representatives and our government. We have given them conflicting objectives. They are using the conflict against us. We must be very clear in our mandate. The first, most important goal is: "Protect and defend the Constitution of the United States against all enemies, foreign and domestic." All other goals are secondary.

    Preventing a repeat of 911 is a worthy goal. But it is not more important than the Constitution. Fighting Terrorism, Drug addiction, and child abuse are all important. But, NONE OF THEM are more important than protecting the Constitution.

    The Constitution is the basis of US law. If any government entity says it's objectives are more important than protecting the Constitution, then, they are rejecting the rule of law. They are staging a revolution. When the DEA says it must violate the Constitution to catch drug criminals, it is really saying, it is a lawless entity that will not be subject to rightful authority. When the NSA says it must violate the Constitution to prevent Terrorism, it is saying it only recognizes the authority of fear and hate.

    We must oppose these well-meaning revolutions with all our power. If they are not brought to heel, we will have no law, no legal authority and no security. We will only have fear and the naked exercise of unlimited power that serves no goal other than it's own.

Continue the discussion bbs.boingboing.net

45 more replies