New US Bill would require makers of encrypted devices to leave a backdoor

[hugeblack]

In brief

 - The bill requires manufacturers to leave a backdoor for governments to access encrypted data.
 - There’s plenty of opposition to the bill.
 - If passed, the bill would represent a crushing blow to privacy in the United States.

US Senators introduced a new anti-encryption bill called the "Legal Access to Encrypted Data" law, which would allow the US government to access encrypted data after it forced manufacturers of encrypted devices and operating systems to leave a back door, thereby defeating the entire encryption idea.

Lindsey Graham, chairman of the Senate Judicial Committee, said:

“Terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities.”
Graham went on: “This bill will ensure law enforcement can access encrypted material with a warrant based on probable cause and help put an end to the Wild West of crime on the internet.”

Read more and source ---> https://www.androidauthority.com/lawful-access-to-encrypted-data-1132922/

[1715233511]

1715233511

[1715233511]

1715233511

[1715233511]

1715233511

[1715233511]

1715233511

[jackg]

Are a lot of terrorist organisations not advanced enough to know what's best to use for security... Also if this goes through I doubt companies are going to make separate versions without back doors... (perhaps this could incentivise Asia to produce different devices or Europe/australasia to start producing better secure devices that don't have random holes for the US government).

[NotATether]

“Terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities.”

Where "technology" is actually Telegram and Tor and maybe WhatsApp, it turns out that criminals don't use as much security as you see in movies. Even if all hardware makers were forced to make hardware backdoors, they still must spend the time penetrating into these networks and protocols that they use. In Tor's case they're never going to be able to backdoor an old device made before this requirement, and as for the other protocols then they will have to do a massively inconvenient bit inspection from the hardware level, guessing what kind of program is using the encryption hardware right now!

So not only is he addressing the problem in a completely absurd way, he's also doing it in a futile way. Three letter agencies are fabled to have the most powerful computers and smartest mathematicians at their disposal but analyzing some encrypted third party app's source code for the exact algorithms to replace can't be automated by these things/people and is probably beyond their capacity, which means they have to rely on mediocre and average software devs to figure out what it's doing, often with NO assistance from the app vendor in question as oftentimes the code is obtained by turning it into them, not by bidding and taking them as clients. So all this time these vendors are under no obligation to provide technical support to the feds for their code, and without that support, they need to bring in other developers who have no clue or inside knowledge how the app works and are just as likely to introduce incorrect algorithmic interpretations into the backdoor as any other software developer who makes bugs and security vulnerabilities.

In fine: hardware backdoors are a massive waste of time and a PITA to implement, and that's if they are ever implemented at all because budget cuts happen often, so more often than not the hardware backdoors are used by nobody other than... the criminals themselves (cf. WannaCry).

[Lorence.xD]

Are a lot of terrorist organisations not advanced enough to know what's best to use for security... Also if this goes through I doubt companies are going to make separate versions without back doors... (perhaps this could incentivise Asia to produce different devices or Europe/australasia to start producing better secure devices that don't have random holes for the US government).

Just because they are not advanced enough does not mean that there will be people who will be exploiting this backdoor, remember that there are people that will get curious and once they discover this backdoor meant either they tell it to someone and the word of mouth goes on or they post it in the Internet either through written post or video, either way it will reach the malicious intent people. True privacy is what we should be aiming for and not those compromised one.

[hugeblack]

-cut-

Google and Apple underline the largest market for smartphones and computers, they can cooperate secretly to leave hidden doors that enable governments to access data.
This may not be announced publicly but it is the easiest way.
I think the Chinese government is doing this and some governments might do that if things get out of control.

Where "technology" is actually Telegram and Tor and maybe WhatsApp, it turns out that criminals don't use as much security as you see in movies. Even if all hardware makers were forced to make hardware backdoors,

Many *older* hardware devices have a lot of back doors when they are physically accessed. So if they can physically access these devices, decoding will be easier for them.
As for forcing back doors, this will facilitate the task, imagine instead of decrypting a private key, install malicious programs in the device and it will reach the currencies easily.

True privacy is what we should be aiming for and not those compromised one.

When crises happen, I think many governments will start defining a word of privacy.

[jackg]

-cut-

Google and Apple underline the largest market for smartphones and computers, they can cooperate secretly to leave hidden doors that enable governments to access data.
This may not be announced publicly but it is the easiest way.
I think the Chinese government is doing this and some governments might do that if things get out of control.

Afaik Google have to reveal their source code to other companies, would Samsung not try to remove something like this? They're the main innovation hub for Google and have a larger market in Europe (probably more than they can get from the US)...

Are a lot of terrorist organisations not advanced enough to know what's best to use for security... Also if this goes through I doubt companies are going to make separate versions without back doors... (perhaps this could incentivise Asia to produce different devices or Europe/australasia to start producing better secure devices that don't have random holes for the US government).

Just because they are not advanced enough does not mean that there will be people who will be exploiting this backdoor, remember that there are people that will get curious and once they discover this backdoor meant either they tell it to someone and the word of mouth goes on or they post it in the Internet either through written post or video, either way it will reach the malicious intent people. True privacy is what we should be aiming for and not those compromised one.

Any cypher punk trying to prove a point would just dump the keys on the net and wait for everyone to start using them to access others' data... It'd prove a point again the government, this could also be done by operatives in ex security services who can sell their skills as PIs in phone hacking. It'd be something journalism will be back to buying up!