Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

The Fed’s Encryption Conniption
Townhall.com ^ | November 15, 2017 | Bob Barr

Posted on 11/15/2017 7:04:06 AM PST by Kaslin

As soon as the news broke last week that the FBI was unable to gain access to the phone belonging to the Sutherland Springs, Texas killer, you could hear the indignant feet-stomping of security hawks on Capitol Hill. It did not matter that the killer was not a member of ISIS, and acted alone. It did not matter that the motive was a domestic dispute, not the result of some broader terrorist plot. And, it did not matter that it was the government’s clerical error in the first place, which allowed for this tragedy to occur.

There was data to be had, nominal in value as it may be, and Apple’s industry-leading encryption was keeping the feds from it.

The FBI’s frustration with Apple, which to its credit quickly offered its assistance to the FBI upon learning the phone at the center of the investigation was an iPhone, echoes a similar sparring match last year following the San Bernardino, California terror attack. Then, in response to Apple’s principled stand against being compelled to defeat encryption techniques designed to protect its customers (private and public), California Sen. Dianne Feinstein co-sponsored a bill which would force tech companies to provide unencrypted data to the authorities upon request, thus defeating the very premise of encryption. “No entity or individual is above the law,” Feinstein chirped at the time, noting that such power was crucial for the government “to know when terrorists are plotting to kill Americans.”

Unsurprisingly, Feinstein now is renewing the call for her bill, because, for her and other bureaucrats like her, personal privacy is a privilege; not a right.

Even in the post-9/11 environment, where our terrorism paranoia has allowed for all manner of curbs to our civil liberties, this warped view of personal privacy is especially troubling. And, the flimsiness of Feinstein’s justification for the major step of defeating encryption protections yet again exposes just how twisted security hawks on the Hill view privacy rights of Americans. The 4th Amendment, like the rest of the Bill of Rights, quite clearly is written to preemptively stop government from taking action against individuals’ rights, as opposed to granting limited freedoms to citizens for personal privacy. That is why the first clause ends with, “shall not be violated,” instead of “at the discretion of law enforcement, or Congress.”

Our cell phones, which contain banking information, personal emails, photos, and other highly sensitive data, are like electronic vaults; meant to be as impenetrable as possible from intrusion of any kind, for the sake of protecting this data. Though Feinstein’s bill innocuously calls for compulsory assistance in cracking its encryption and avoids calling outright for a “backdoor,” that is precisely the outcome it intends in order for companies to meet the requirements of the proposed law. Inevitably (and routinely), the “cracking” techniques that use this backdoor would also be shared with state and local law enforcement as well, for use in investigations having nothing at all to do with stopping terrorists.

As cyber security experts have long warned, and numerous incidents of publicly leaking hacking techniques used by law enforcement have shown, the existence of exploitable backdoors essentially renders private encryption useless. Not only would anyone, from the FBI to the local sheriff, gain the ability to access your most personal data, so would Russia, China, North Korea, as well as the person who swipes a phone off a table at a restaurant.

And what are we putting our privacy at tremendous risk in order to gain? Merely an illusion of safety against the “terror monster” conjured by Feinstein to get her way. For years, government snoops and their supporters in Congress have argued for ever more advanced ways to spy on Americans in the name of “fighting terrorism,” while over this time, terrorists have opted for more low-tech ways to evade detection. Today, terror plots are rarely hatched through sophisticated, “Dark Web” networks of terrorists, but are more likely to be so-called “lone wolf” attackers with crude plans and methods for their attacks. Nor is it logical to expect terrorists to leave sensitive information available to police after the fact; for example, mass shooters routinely have destroyed their hard drives and cell phones before their rampages, including the terrorist in San Bernardino

And, the fact is, the government has many tools already in its arsenal to address such cyber problems without new, privacy-invasive powers.

Instead of focusing on new, high tech ways to catch terrorists by imperiling the privacy rights of everyone who uses or manufactures a cell phone, government should focus instead on getting the basics right -- like reporting convicted domestic abusers and persons dishonorably discharged from the military to the FBI’s National Instant Criminal Background Check System. Perhaps then we would have one less tragedy on the books, instead of another ineffectual power grab.



TOPICS: Culture/Society; Editorial; Government
KEYWORDS: apple; encryption; iphone; righttoprivacy; sutherland; terrorism; txchurchshooting; waronterror
Navigation: use the links below to view more comments.
first 1-2021-23 next last

1 posted on 11/15/2017 7:04:06 AM PST by Kaslin
[ Post Reply | Private Reply | View Replies]

To: Kaslin

FBI can pinpoint Russia hacking (not really) but they can’t unlock a phone...


2 posted on 11/15/2017 7:16:18 AM PST by stylin19a (Best.Election.Ever.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Kaslin

The horse has already left the barn.

Right here on this computer, I have the source code for BlowFish, a powerful 256-bit encryption algorithm. I could compile it into a library, and use that library to write an application that has uncrackable encryption. Hundreds of thousands of other programmers around the world could do the same thing.

How does the FBI, or anyone else, propose to stop this?


3 posted on 11/15/2017 7:23:08 AM PST by proxy_user
[ Post Reply | Private Reply | To 1 | View Replies]

To: proxy_user

Yeah, but if you have the Blowfish source code - which had an integer signing bug in it for 10+ years that nobody had caught - it doesn’t mean that you KNOW if what you are sending is secure. All those libraries and encryption in general is “magic” to most people.


4 posted on 11/15/2017 7:33:13 AM PST by glorgau
[ Post Reply | Private Reply | To 3 | View Replies]

To: Kaslin

Moreso, Apple contacted the FBI immediately after the incident, offering services - and making it clear that they had 48 hours to do certain things before the device locked up tight.

Not like Apple hasn’t made it abundantly clear before to FBI that there’s a 48 hour window (including the “dead finger” trick, for those who understand the technical & medical details) for applying any conceivable ways to unlock it.

Almost like FBI is making a _point_ of delaying, leveraging the tragedy into an opportunity to compel the industry into providing back doors.


5 posted on 11/15/2017 7:33:35 AM PST by ctdonath2 (It's not "white privilege", it's "Puritan work ethic". Behavior begets consequences.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: stylin19a
Sen. Feinstein says.“No entity or individual is above the law,”

I say. "Feinstein and other corrupt politicians are not above our constitution."

6 posted on 11/15/2017 7:37:54 AM PST by Buffalo Head (Illegitimi non carborundum)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Kaslin

For stuff I want secure I use GPG encryption with a 2048 bit key.


7 posted on 11/15/2017 7:45:32 AM PST by from occupied ga (Your government is your most dangerous enemy)
[ Post Reply | Private Reply | To 1 | View Replies]

To: glorgau
Just for some fun reading, here is a description of the error that was in Blowfish (and which weakened it considerably)

Integer conversions in C

It's really subtle stuff.

8 posted on 11/15/2017 7:49:17 AM PST by glorgau
[ Post Reply | Private Reply | To 4 | View Replies]

To: glorgau; proxy_user

One isolated flaw aside, the point remains: serious encryption is available to users even if government forbids it. Yes, Blowfish had a bug - but there are numerous other well-regarded thoroughly-studied strong-encryption algorithms available ... and they’re so simple I have several on t-shirts.

Encryption will always have the risk of either bad implementation, or mathematical breakthroughs, compromising security. It’s generally accepted that implementations should be open-source (not necessarily _free_) for examination, so such flaws may be publicly discovered ASAP.

Yes, it’s magic to most users. That’s why we need a sense of trust - which we DON’T have when strangers with guns compel us to compromise our security for their benefit, especially when they’re making the demands after they failed to do a bunch of other things we’ve given them authority to do.


9 posted on 11/15/2017 7:49:58 AM PST by ctdonath2 (It's not "white privilege", it's "Puritan work ethic". Behavior begets consequences.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Kaslin

Government tyrants should not have backdoors to this technology.

Although they might solve a few crimes here and there, the main use of these backdoors would be to collate and archive information on millions of citizens, useful for blackmailing later. Or spying on girlfriends or boyfriends, etc.

No, let the corrupt governments investigate crimes in the old-fashioned way.

This issue is similar to gun control. The tyrants say, “Turn in your guns so that crime will decrease.” In fact, crime will increase and the tyrant’s control over your life just went up.


10 posted on 11/15/2017 7:55:48 AM PST by bkopto
[ Post Reply | Private Reply | To 1 | View Replies]

To: glorgau

If I were actually to do this, I’d probably download something more current. I just downloaded the Blowfish because I wanted to study the encryption techniques it uses.


11 posted on 11/15/2017 7:57:08 AM PST by proxy_user
[ Post Reply | Private Reply | To 4 | View Replies]

To: from occupied ga

For really good encryption us at least a 64 character password as well. Any favorite sentence or quotation will do.


12 posted on 11/15/2017 8:49:16 AM PST by Waverunner (I'd like to welcome our new overlords, say hello to my little friend)
[ Post Reply | Private Reply | To 7 | View Replies]

To: from occupied ga
For stuff I want secure I use GPG encryption with a 2048 bit key.

I updated mine to 4096 several years ago. I have different keys for different purposes though. If I could ever get freerepublic mail to work correctly, I'd have a zeugma@freerepublic.com key.

13 posted on 11/15/2017 9:45:11 AM PST by zeugma (I always wear my lucky red shirt on away missions!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: ctdonath2
and they’re so simple I have several on t-shirts.

RSA in 3 lines of perl? I always wanted one of those. "This t-shirt is a munition"

14 posted on 11/15/2017 9:46:16 AM PST by zeugma (I always wear my lucky red shirt on away missions!)
[ Post Reply | Private Reply | To 9 | View Replies]

To: zeugma

Yup, got that one. Had to send a notarized “I will not take this out of the country” letter to get it.


15 posted on 11/15/2017 11:01:41 AM PST by ctdonath2 (It's not "white privilege", it's "Puritan work ethic". Behavior begets consequences.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: glorgau

There is NO reason to encrypt anything; as long as others can’t get their paws on it.


16 posted on 11/15/2017 11:02:31 AM PST by Elsie (Heck is where people, who don't believe in Gosh, think they are not going...)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Kaslin

A FR wisely suggested you cut off the dead guys thumb and use it to unlock.


17 posted on 11/15/2017 12:23:00 PM PST by Zathras
[ Post Reply | Private Reply | To 1 | View Replies]

To: proxy_user

Blowfish has been broken by NSA a long time ago.
So has AES which is why the NSA allows it.


18 posted on 11/15/2017 12:33:24 PM PST by Zathras
[ Post Reply | Private Reply | To 3 | View Replies]

To: Zathras
Blowfish has been broken by NSA a long time ago. So has AES which is why the NSA allows it.

Rolls eyes. Have any proof of that?

Blowfish has been shown to be susceptible to reduced round attacks IIRC. I've not seen any indication a full implementation is similarly vulnerable. Most folks (including its designer Bruce Schneier) recommend Twofish be used instead of Blowfish in any case.

As to AES I believe I've read some concerns about some internal tables, but nothing that would indicate it is "broken".

Of course, this being a public forum, you're welcome to spread FUD all you'd like. Those of us who care about the issue will use that which we consider to be prudent.

19 posted on 11/15/2017 1:39:16 PM PST by zeugma (I always wear my lucky red shirt on away missions!)
[ Post Reply | Private Reply | To 18 | View Replies]

To: zeugma

It’s hard to break a one time code.


20 posted on 11/15/2017 6:55:52 PM PST by Elsie (Heck is where people, who don't believe in Gosh, think they are not going...)
[ Post Reply | Private Reply | To 19 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-23 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson