10 comments

[ 1.6 ms ] story [ 34.4 ms ] thread
"We know from experience that the largest companies have the resources to do what is necessary to promote cybersecurity while protecting public safety. A major hardware provider, for example, reportedly maintains private keys that it can use to sign software updates for each of its devices. That would present a huge potential security problem, if those keys were to leak. But they do not leak, because the company knows how to protect what is important." (Quote from Rod Rosenstein in the article).

This kind of says it all, doesn't it? It's not a matter of if the keys from these large companies are exposed, just a matter of when, similar to what happened to Piriform earlier this year. If all such companies are to keep master keys which can decrypt communication going through their software they are likely to be an even bigger target.

According to Amnesty 119 out of 160 governments had restrictions on freedom of expression in 2014. I can think of several that are likely to be interested in being able to read whatever messages are being sent in order to target dissidents. Journalists are in many cases depending on privacy and security to be able to do their job. At the moment the US is ranked at 43 out of 180 for freedom of the press by Reporters without Borders; if Rosenstein gets his wish, what is the likelyhood that journalists will be among the first to be targeted?

There can be no middle road or "responsible encryption" as they describe it. The data is either encrypted with the recipient being the only one with the means to decrypt it, or it's not encrypted at all.

What is the DOJ going to say when China, Russia, and every other country wants access to phones or is their position that its ok for the USA but not ok for everyone else?

Apple will have to agree or withdraw from those countries or break faith with users. What do Apple shareholders think about that?

> What is the DOJ going to say when China, Russia, and every other country wants access to phones

I suspect that the people that are in support of this are perfectly fine with every government being authoritarian and surveilling everything within its own borders. (Of course, they want their own covert operations to be immune to that, but they aren't concerned with following local law, anyway, so that's not an issue.)

>What is the DOJ going to say when China, Russia, and every other country wants access to phones

Trump's admin will give you and everyone you love up to keep the piss tapes or some other form of blackmail hidden away. Delightful times.

edit: Or cement a deal for another shitty hotel.

Their argument is that because tech companies are already listening to censorship requests from these sorts of countries, they should listen to technical requests from the US government. We've lost American exceptionalism in the worst possible way: "If you'll listen to all these other oppressive governments, you should listen to us too."

"Companies are willing to make accommodations when required by the government. Recent media reports suggest that a major American technology company developed a tool to suppress online posts in certain geographic areas in order to embrace a foreign government’s censorship policies. Another major American tech company recently acquiesced to a foreign partner’s request that local customers stop using software to circumvent a foreign government’s censorship restrictions. A third major American corporation recently stopped supporting virtual private network apps at the behest of a foreign government, to prevent internet users from overcoming censorship policies."

That's a nice move, copying a play from the infosec industry and calling this "responsible encryption", implying that any/the other way is anything but responsible (just like companies do with "responsible disclosure").

"If these tech companies were 'responsible', they would help us -- your friendly, caring government who knows better than anyone (including yourself) what's best for you -- spy on everyone and everything because otherwise, you know, terrorists will kill you and paedophiles will rape your children."

I'm pretty sure the responsible, patriotic thing to do now is encrypt the shit out of everything. Right? Do I have that right?
It sounds like what they want is the opposite of responsible.