Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:One phone to rule them all (Score 1) 546

I don't understand your response. Why is the balance of risk from government vs risk from bad actors changed by whether I know about encryption?

Firstly, widely available, unbreakable encryption is a new thing (especially when you consider ciphers considered strong even 5 years ago are now breakable).
Any new thing has the power to disrupt the status quo (resulting in possible net gains or losses for all of us).
Like every other major disruption in history, it has to be controlled to ensure the good outweighs the bad (eg cars, planes, computers, medicine, guns, whatever... all have some level of control to ensure they provide a net benefit to society)
So with this new thing you have to ask, do I prefer the option of uncontrolled technology and the possible risks, or do I prefer some level of control to try and ensure a net gain for me, my family, and maybe society too?
And ultimately you have to trust someone. And I trust the criminal gangs slightly less than the democratically elected government variety.

The implication is simply that encryption ought to be ubiquitous and easy to use if it is to be effective. That's kind of where the tech industry has been pushing.

. Yes and the tech industry, just like any other (auto, tobacco, food, drug etc) don't always have your best interests at heart, as proven by history.

Who exactly is it that you think is more at risk from a terrorist than someone stealing their data? A grandma?! Surely you yourself don't actually believe that.

Encryption won't save granny from data thieves, we know this because the bad guys simply ring up and pretend to be Bill Gates and she hands over the keys.
But we also know that wide-spread uncrackable encryption will lead to less convictions as savvy crims learn how to hide their tracks better. Less convictions mean more crims on the streets, and more crime. This is not an acceptable outcome either.

That will require either holding that code permanently (a major security risk) or re-making it continuously (a huge waste of time and effort for some of the company's most critical engineers, and still no real mitigation of the security risk, as those engineers will over time inevitably learn the methods required to develop the software from all the repetition and thus be susceptible to compromise by bad actors).

They aren't the only options, and I'm surprised that this being a tech forum it's the only ones we keep getting hammered with.

Anyway, enough of this. Why don't you explain what you're proposing? Is it:

I'm not offering solutions, I'm asking for them. We are techies, first we must accept that uncontrolled cryptography presents a real risk to our rule of law (ie convictions mostly hinge on information gathering, cryptography has the potential to disrupt this massively), then we try and come up with solutions. I think this is all our politicians are trying to say.
However since you asked I will offer some ideas (I'm no expert so feel free to offer constructive criticism).

One option I see is restricting types of encryption allowed to be used. An independent technology forum could establish what is considered 'adequate' levels of public cryptography. The public are free to use this, and it is strong enough to protect against casual attack, but still able to be brute forced by Govt level processing power. Sure the real bad guys still exist, but most laws aren't designed to get everyone. Stopping the casual threats is a large part of most law enforcement strategy.
Another possibility is an independent key store accessible only by the courts. Using HSM type technology you can lock down private keys to only be accessible by certain parties with certain approval. A bit like how nuke keys are handled. With enough procedure this could be secured as much as anyone could expect.
Another option is some sort of rolling key that expires, ie a key that lasts say 3 years, and if you don't renew it, the key becomes public or something. So any casual data can be protected, and if not under investigation kept secure, while crucial evidence can be exposed after key expiry.

I'm sure there are holes in these, but as I said I'm no expert. But I'm sure there are people out there who are who can think of a system more useful than just 'backdoor' or 'no encryption'. The point I'm making (and I think our administrators are asking for) is that we should at least try and come up with a some sort of viable solution to deal with the very real risk that is widely available unbreakable encryption.

Comment Re:Screw control, monitoring more interesting... (Score 1) 111

I don't know whey you are stealing clothes when you could have laptops, iPads and jewelry.

Have you ever stayed in a hotel? Most people will have their valuables on them, or if left in the room kept in a safe. I hardly think that renting a hotel room, which you have to present ID and credit card (sure you could fake that but...) only so you can hack the electrical control bus to try and work out when another guest is not in (maybe), so you can somehow break down their door, and pray they have something valuable lying around you can steal (that doesn't have GPS and tracking), and hope there's no cameras or security (which there usually is), is the best idea I've heard of.
If you want to steal stuff, learn how to climb or abseil and come in through the window. It's a whole lot simpler.

Comment Re:One phone to rule them all (Score 1) 546

I may have a hard time convincing *you*, but that's not the same as having a hard time convincing anyone.

No, but the fact still remains, your average Donald/Hillary voter doesn't even know what encryption is, and even if they did, don't know how to use it correctly which mean it's not 'essential'.

I don't see the relevance of recency.

Well it wasn't essential at some point not long ago (ie about 20 years ago when no-one used encryption (outside of specialist circles), so what has changed that now changes that fact?

but you may not buy a phone that has encryption that secures such data from bad actors", then that is giving up an essential liberty.

More than likely I'm guessing, some new rules will create a restriction of technology. Just like how you can own an AR15, but not a ICBM. Or you can drive a Lamborghini on a public road but not an Indy car. Cryptography will be defined by some standards in which 'adequate' protection will be publicly available, and the high end will be restricted. It will become an offence to use higher end encryption without appropriate authority.
This concept is not new, and for something that has the potential impact on law enforcement as cryptography, it's hard to see how doing nothing is ever going to be an acceptable option.

Comment Re:Hotel Cheaped out. (Score 1) 111

No, they should win salesman of the year. The shaming should go to whoever at the hotel didn't do due diligence, and bought the system.

Same goes for whoever is approving those smart elevator controls, you know the ones where the lift has no buttons, you type in your floor on a panel in the lobby, then get assigned a lift number? They are becoming more and more common and I always have a worse experience with them than the old fashioned up and down buttons with floor buttons in each lift.

Comment Re:A solution in search of a problem.. (Score 1) 111

Also, most people don't just carry around random credit card-sized cards that they're willing to leave behind for a little added convenience.

Are you sure about that? Every wallet or purse I've ever peaked into is full of pointless shit, mostly credit card sized. And every holiday I've ever been on we've always had a spare card to jam in the socket.

Comment Re:Protestant work ethic (Score 1) 282

I think it's all down to the protestant work ethic that's been drilled into the minds of all westerners for generations. "Work hard in this life, and you shall receive your just rewards in the next life" and so on.

Dude, I think this way of thinking has been around a lot longer than 16th century...

Comment Re:Lying about him makes it worse - he really is b (Score 1) 741

My favourite trump moments: - Announcing that not only will he build a wall along the border, but he'll make Mexico pay for it.

This has been my single favourite moment so far. I'm still waiting to hear how this will address the planes, tunnels and submarines that currently also being used by smugglers?

Comment Re:they already have that... (Score 1) 546

any criminals that care about it at all, ALREADY HAVE completely secure data & communications.

No true Scotsman?

ever heard of PGP? full-disk encryption?

no, this is all about gaining access to the low hanging fruit. which in the vast majority of cases means joe taxpayer.

PGP and FDE were available in 9/11 but not common or easy enough for that level of criminal. Yet only 15 years later kids and grandmothers get FDE by default now.
It would be dishonest to imply that there isn't a trend there. And that trend will continue to have implications. I'd still like to hear what approaches anyone thinks can be done to address this new threat.

Comment Re:speaking of black boxes... (Score 1) 546

It is a black box, you and I cannot see into the deepest inner workings, and voting out those inner workings is nigh impossible.

Speak for yourself. I've done a number of projects for Govt Depts and local, state and federal level. Most of what I worked on I fully understood how it worked.

I don't like to sound defeatist, but our government is unchangeable in the short and medium term. I think effective change will take a century from now.

Only because you don't really understand how a government as large as the US works. It's specifically designed not to change quickly, quick changes introduce unacceptable risk to the nation as a whole, and the government is there to reduce risk on the people. Democracies are designed for stability over dynamics. If you want dynamic go see how that is working out in places like Afghanistan and Iraq.

Slashdot Top Deals

You cannot have a science without measurement. -- R. W. Hamming