Tech firms fight anti-encryption demands after Paris murders Anti-encryption sentiment among politicians is rising following the Paris terror attacks, but Silicon Valley firms are so far resisting attempts to weaken crypto systems to allow easier access to private communications for law enforcement and intel agencies. WhatsApp on Android and Apple's iMessage (as well as other …
"American senator Dianne Feinstein, who chairs the US Senate Intelligence Committee, told MSNBC: "If you create a product that allows evil monsters to communicate in this way, to behead children, to strike innocents – whether it's at a game in a stadium, in a small restaurant in Paris, take down an airline – that is a big problem.”"
How did they get to those places - by road. What did the Romans ever do for us?
Yeah Diane tell that to the NRA and the rest of your gun nuts.
I believe she has sent that message quite clearly, but the NRA et al. are not interested in what she has to say.
FWIW, Senator Feinstein has a 0% rating from the National Rifle Association.
There are plenty of other things that Feinstein is guilty of -- and I've been annoyed by her since I was living in exile in California in the late '80s -- but being a gun supporter is TOTALLY not one of them.
It doesn't matter how many videos you publish openly, those gun nuts are impervious. The same is true for any politician who cares to hide facts and tell lies.
I was reading a portion of the Holy Bible last night, a book designed for keeping open secrets. Consider Revelation chapter 13 for example.
Would these governments ban messages from god?
The fact is that if the governments pass laws that are unpopular all they will meet with is resistance not obedience. Isn't that what caused the Arab Spring and wasn't western interference and bungling exactly what the weapons makers wanted: For them to fail?
The gene is out of the bottle. End to end encryption with the user holding the keys is available open source.
Even if big tech did, or was forced, to capitulate and provide "access" to their products, there will always be alternatives they do not control.
And if we give up our freedoms to the government, or any other organisation, the terrorists have won.
1. Suspects (at least the key ones) were known to the police. Data was available, humint in both Belgium and France failed to draw the lines between the dots.
2. Technology has failed to spot fake passports issued to same individual. It is laughable that Greece which pretends to be in Shengen did not spot a duplicate passport and Serbians picked up the fake Ahmad Almohammad(s) without having access to the Shengen database.
So for starters - remove Greece from Shengen until it sorts out its human + technological side to Shengen requirements. In fact, I do not see how they were admitted in the first place without having an electronic birth certificate register till 2 years ago (something which the supposedly backwater Bulgaria and Romania has had since the early 1970-es). As a side effect this will force full reprocessing and readmittance of all refugees including checks of documents as they should be done to the Shengen standard.
1) my thoughts exactly. Quite a part of the last attacks were delivered by "S" rated people (the letter they put on the records to point them out as a potential threat). However, they have far too many French with the "S" remark in their database to really keep them all covered adequately.
…and yes, the science behind strong cryptography is available to world and dog, no way to withold that information. However I guess by making communicating with strong cryptography a crime they can catch a ton of criminals (who are actually only concerned about their online banking and stuff…)
>by making communicating with strong cryptography a crime they can catch a ton of criminals.
You can only police by the ton if you paint the criminals all the same colour.
But what is to stop you using book codes or pattern recognition software?
The secret of sending strongly protected secrets openly has been well known ever since there were secrets. The idea of searching people for them has only ever been used by bullies at airports and similar places. Just try and imagine the mentality of someone who imagines security is a good job for a human being. It's a job requiring a crotch sniffer with a personality one step above the mentality of a dog.
By Victorian times Englishmen had got into the habit of dealing with dogs by carrying a big stick. You just hook its collar and keep pedalling until the dog is retrained. It's amazing how soon they learn!
Italy embassy in Santo Domingo was shut down after it issued visas to people who had them refused by Spain previously (they were caught while attempting to enter Spain). Recently a prostitution network was shutdown, and was found women entered Europe using "fake" passports issued in Lagos (and with a visa). It was "lucky" it was just poor women, and not Boko Haram terrorists...
Passports and visas are today a great revenues source for gov/embassies/consulates employees ready to be bribed - but they are highly protected because, hey, they're in the diplomatic carreer, aren't they?
It looks there are far more basic security issues than strong encryption.
"1. Suspects (at least the key ones) were known to the police.
Totally agree; I believe that it's been identified that most of them had been flagged several times for surveillance.
I also understand that a mobile the original group used, was found on site; and that this was the key source of information that lead the police to the second group in St Denis. They had previously had access to that info, but it was only of value once they recovered the phone, due to the amount of data being held on / about the suspects.
If the mass trawl of data that is being demanded had actually been available, it's quite probable that it was have been completely subsumed in a way that would have hindered the police, rather than helped them.
2. Technology has failed to spot fake passports issued to same individual.
I was talking to the immigration staff at one of the regional airports; they had become quite good at spotting fakes, but still believed that about 10% were getting through.
The technology has also failed to spot legitimate passports issued to the same person. (But I've also seen people pass through customs in some countries carrying a passport that was not theirs, and they received no more than a brief glance.)
FirstIy, have never heard about Shengen but I did try to get a copy of my birth certificate a couple of years ago. It took me a while to realise I was born in another county but that never stopped me eventually getting one by just changing one word in a public library's computer -in another country.
Well this is how you get them to shut up.
You basically say we'll do it if you accept financial and legal liability when HSBC are asset stripped by the Russia mob and they have not a penny to their name and it's all your fault.
Strong cypto is fundamental to the national security and economic well-being (yes I did in intentionally rip those words directly from the text of art 8 of the ECHR) of most of the states in the world and any attempts to weaken it hurt not terrorists or criminals but everybody else.
They all need to be told to sit back down, in no uncertain terms.
If "you" is the government, then it's ultimately "us/we"
Net result yes - though it'd be made plain this is the case and I can't see voters or taxpers liking this reality when they're told about it; and whoever is in government would know this.
Explanation: If you ask people if the government should be able to decrypt things the majority will probably lean right and say something something pedos and terrorists but if you inform them when it goes wrong it's coming out their wallets and/or insurance premium increases they'll probably accept the reality that neither governments or private businesses are capable of dealing with the security requirements of such a thing and they won't like it - which is why it would work.
Maybe because they shouldn't have been reading it without a warrant.
And those warrants are so hard to get, you need to convince a judge and everything...
The VCR legality case, where significant non infringing rights were established, seem s applicable here. There are significant non infringing uses for cryptographics. Therefore they should remain legal, despite the potential for 'missing' a terrorist you knew about anyway...
Telcos made far too easy, for pure business reasons - aka money - to get a new SIM without much trouble. And they are not so keen on blocking stolen SIM/phones for the same reaon.
It takes very little to use a phone never used before and thereby not under control. Also, using a code - just like Allies did to send message to French resistance - *any* message could trigger the worst.
Without any need of encryption.
It takes near zero effort to appropriate a phone's SMS system, just never receive them on the same phone, and only slightly more to set such channels, completely legally with bogus information. Two minutes tops.
Who needs encryption? THEY sure didn't and even used legit phones. Shit.
Encryption of messages is available so all the terrorists must be using it therefore we don't need to watch the unencrypted channels because no idiot would ever use an unencrypted channel for terrorist communications. <#SookLogic>
The spooks forgot that anyone who would kill themselves for a deity is basically an idiot.
Surely our feckless and ignorant but devious and amoral overlords can't really be *this* stupid. This is politics to garner attention and win votes, surely, whilst keeping us blind to their true plan.
What's the real agenda? Simple distraction from the foreign policy and military disasters in the Middle East that have created ISIS? An opportunity to bung some more cash into the security services? A desire to subdue the population at home? I think I can rule out oil for once, as it's just not worth that much anymore.
Surely our feckless and ignorant but devious and amoral overlords can't really be *this* stupid.
I don't think they are stupid at all. They are hoping that we are stupid, or at least stupid enough to roll over and allow wholesale removal of our basic human rights on the bogus pretext that it will help to keep us safe.
Trouble is, a quick trawl through Facebook and Twitter responses suggests that they may be right.
You're making out that this is a failed policy at every dimension. I do wonder if most/much of this is by intent. The overarching objective intent, upon a security (or intellectual property for that matter) event is to force monitoring of all communication channel with reduced/removable encryption. Despite all evidence that several of the attackers already known to security services and none of them used encryption. Still looking for the situation that gets this nail hammered in.
So during the attacks they would not need to use encryption since there is not enough time to use the intercepted messages to get ahead f them. During the social media phase they are not using encryption. During the planning is the only time encryption would be an advantage. If people want to communicate secretly then they can unless someone on the inside leaks the info.
The US Senate has an Intelligence Committee? Oxymoron surely?
Back on topic...
Keep encryption secure. That way the bad people will keep using it. How does that help the authorities? Simple, lulls them into a false sense of security and allows the intel agencies to install keyloggers, malware etc. on the devices. The intel agencies then get specific intel on only the bad guys and leaves the rest of the world alone.
"Dianne Feinstein, who chairs the US Senate Intelligence Committee, told MSNBC: "If you create a product that allows evil monsters to communicate... that is a big problem.”
Numpty. Numpty.
First of all, there are other ways of communicating than via the Internet, and encrypted comms can still be used for traffic analysis, as any fule kno. If you're using the Internet, then unless you can guarantee to be sending directly peer-to-peer, without routing packets through ANY third-party box, someone can snoop on your traffic. And you cannot guarantee a peer-to-peer connection unless the boxes are physically plugged into each other. I don't think Ethernet cables can be thousands of miles long, so as soon as you ban encryption, you drive the real threat underground. Granted, a ban might catch some low-grade idiots, but you don't need the Internet for electronic comms. Someone explain FTNs, dial-up SLIP and UUCP to her, please. I'm suffering from idiocy overload.
Because the real threat comes from the ideologies of IS and the like, coupled with a failure by the West to understand that their world view differs so radically from ours. Western military tactics are based on the assumption that one's opponent ultimately wants to survive, and once a sufficiently hard beating has been administered, peace negotiations get under way. That's largely why the Mutual Assured Destruction détente worked during the Cold War - had either Russia or America thought that martyrdom was some sort of norm, our planet would now be a radioactive cinder.
From a long trawl through various media analyses and nutters' webshites, it seems to me that IS are either poor tacticians who don't understand the West's capabilities, or they genuinely do want all-out war, and don't care if they lose it. There could well be both camps present within the organisation. It's difficult to be sure either way; take the downing of the Russian airliner over Sinai, for example. Leaving the possibility of a false flag attack aside for a moment, good tacticians would have left the plane severely alone, as it posed no military threat, and they knew that provoking Russia would be a monumentally stupid thing to do. Poor tacticians might think that waving a Kalashnikov at a video camera is all the defence they need against an angry Kremlin. And the warmongering nutter, of course, won't care either way.
No, Dianne, pontificating about encryption won't make a blind bit of difference; in fact if you do ban it, you'll make the security services; jobs more difficult. You - in fact the whole West - need to concentrate on undermining and discrediting the jihadist ideology. And more importantly, you need to do that in terms that Islamic and Middle Eastern cultures can relate to - because trying to solve the problem by enforcing Western values on the Middle East amounts to nothing more than throwing petrol on a forest fire.
Laura, I suspect that ISIS' strategy in provoking the West may be to demonstrate the kind of destructive ability that will attract recruits most prone to crazed radicalism.
They may also have a clearer view of history than most Western strategists: namely, that Russia failed to defeat insurgents in Afghanistan; the US failed against guerrilla forces in Vietnam and failed to destroy either the Taliban or Al Qaeda in Afghanistan; that the US failed to quell insurgency before leaving Iraq. That, in fact, in the post WWII world it has become virtually impossible for a great power to destroy an established and determined insurgent force.
(This is absolutely tragic, because it implies that the greatest military forces in the world cannot be used to solve the problem of brutal terrorist cults like ISIS and Boko Haram. Another way must be found.)
So anyways, ISIS probably believes it cannot be stopped on the ground... not as long as it keeps recruits and money coming in, and keeps the fever of radicalized religion burning hot. That is the point of the attacks: keep the fever hot. "See how we strike at the vipers of the West? See how they persecute and hate Muslims now?"
But whatever. Back on-topic: yep, attacking encryption is nonsensical. We desperately need tacticians and strategists who can think clearly, and clearly we don't have them.
Corrected my spelling :-)
You're absolutely spot-on. The whole Western military strategy since WW2 was geared up to confronting the Soviet Union. I think it's difficult in particular for the US to change tack, due to the sheer size of its military; the old analogy of steering a supertanker comes to mind.
Having said that, it's forty years since the US were kicked out of Vietnam, so there has been plenty of opportunity to take the lessons on board. Sadly, all that seems to have come out of that is a self-imposed mandate that 'we're better than you are', with a implementation consisting of trying to enforce democracy at gunpoint, as happened in Afghanistan and Irag.
I think the West, particularly the US, has to hoist in that a one-size-fits-all approach just doesn't work, and that we don't have the right to impose our will across the planet just because we've got lots of weapons. There has to be a recognition that contrasting cultures can co-exist and respect one another. We lambast places like Saudi Arabia and Iran over their human rights records, but if we recognised that it's not the West's job to try forcing our values on theirs, and changed our approach accordingly, we might see some real progress.
That would have to go hand-in-hand with military containment, though, at least until the IS nutters were as widely condemned in the Islamic world as they are in the West. We can hope...
For a short while we had the US Army's Light Infantry Divisions, exactly the right force when working with special forces and particularly relevant in the age of the drone. They were phased out before they became relevant. This only addresses a part of the problem. The US forces have always tried to structure themselves as a force of liberation. Once the required ass-kicking was over and done, our civil-affairs people were in there to stand up something resembling a republic/democracy, police, and just right-sized military. Having to deal with countries, if you can consider a collection of tribes a country, with no tradition of any of those items is more than a bit frustrating, especially those of us (me, my relatives, and in-laws) at the sharp end of our Big Stick. Having political masters that promise a quick end to "the occupation" is just as frustrating. Germany, NATO, Japan, South Korea, the list is rather long on occupation, even when it's just helping a friend or reassuring the surrounding area about that country.
Liberation not Occupation. Cohesive not Mish-Mash countries. Heavy-Hand to light-touch over extended Decadal time frame, ... all things which do not describe any modern engagements. My Mom has a doctorate in anthropology and while a bit tough to nail down to any sub-discipline (we heart social sciences) wrote it on religion. She's scored 100% for how every military and political-economy engagement has played out. The scary part was her prescient description of Blackhawk Down before we sent troops into Somalia. Now true, being ex-career US Navy (before I showed up unexpectedly to a mutually infertile couple while thirty-one) surely helps to keep that lens firmly in place, it's not like any of this is rocket science or engineering of any kind. (She can do that too. Spent many a CON night hanging with E.E."Doc" Smith, Fletcher Pratt, ...). We have Staff and War colleges for this. Surely we have cultural anthropologist types in military intelligence. Or do we?
/s/frustrated ET1
"Having to deal with countries, if you can consider a collection of tribes a country, with no tradition of any of those items is more than a bit frustrating, especially those of us (me, my relatives, and in-laws) at the sharp end of our Big Stick."
And that is the crux of the problem. Many Middle Eastern societies are tribal in nature and loyalty to the tribe over-rules any adherence to the nation state. Not only that, but they tend to be patriarchal in nature, and defer to the wisdom of the tribal and family elders. You could argue that's not necessarily a bad thing; it allows for things to be guided by experience rather than the vagaries of hot-headed youth, but OTOH, it leads to ingrained conservatism, which is why attempts to impose the Western model of a nation state just don't work.
Patriarchy takes precedence in democratic societies, too. If a tribal or family elder instructs people to vote for a certain candidate, that is exactly what they will do. We even see that here in the UK among Asian communities. Whenever it's uncovered, a lot of noise is made about vote-rigging, but unless people are prepared to stand up to their own families, there's nothing the authorities can do. Often, too, there's no coercion involved - the people vote in accordance with their elders' wishes because that's the done thing.
That state of affairs is the complete opposite of the Western model, and when attempts are made to impose that model following a sustained onslaught of high explosives, it's perfectly understandable that Middle Eastern people just aren't up for it. Without widespread support, it becomes child's play to undermine the fledgling democracy by using its own mechanisms against it. Look at how Hitler gained and consolidated his power. Same with Mugabe.
The bottom line is that unless it's possible to instil a deep-rooted belief in democracy right across the board, and ensure that it stays there throughout several generations, it's bound to fail when confronted with stronger social mores. The only way Middle Eastern countries have been held together since the fall of the Ottoman Empire was via military occupation by France and Britain and then via brutal oppression - Saudi Arabia, the Shah's Iran, Saddam Hussein's Iraq, Bashar al-Assad's Syria and so on.
I admit I don't have all the answers, but it seems to me that some sort of federal alliance based on tribal or religious allegiances might be a solution, with enforced democracy taken out of the equation entirely. They'll have to embrace democracy in their own time, or it'll be doomed to failure.
I'd think some sort of a Board of Governors, sized by population, might work. You could scale with population growth but that might be problematic. Have a large enough size so that it doesn't turf out any tribal group. Then forming consensus is a high priority. Fer instanz, distribution of Iraqi oil revenues would require a consensus between at least two of the groups and, in case you weren't paying attention, the Kurds actually wanted some of the revenues to go to the Sunnis. Which happens to be one of the triggers over their (Sunnis) support for ISIS/ISIL/Da'esh.
Ask around with sociologists and/or anthropologists whether a super Tribal council would be workable. Other, better, ideas might shake loose. BTW, this wouldn't work in Somalia, ever.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
