
Close the N.S.A.’s Back Doors - j_baker
http://www.nytimes.com/2013/09/22/opinion/sunday/close-the-nsas-back-doors.html?_r=0
======
Vivtek
_Representative Rush Holt, Democrat of New Jersey, has introduced a bill that
would, among other provisions, bar the government from requiring software
makers to insert built-in ways to bypass encryption._

What a useless bill. The government doesn't officially _require_ it now - it's
just that they'll extrajudicially extort your cooperation if you don't give it
freely of your own free will. Ask Joseph Naccio, former CEO of the former
Qwest - Qwest refused to allow telecommunications surveillance on the
wholescale level permitted by AT&T and Verizon, so the government convicted
him on charges of insider trading because he'd traded his own shares with
knowledge of the secret contracts they themselves had granted him. (And took
away as soon as he took a principled stand against overreach, too.) They
didn't officially require cooperation then - but they made damn sure they got
it.

~~~
devx
It's not a useless bill at all. I don't know about that specific provision,
but this is actually the _most aggressive_ anti-NSA bill yet. Its main purpose
is actually to repeal both the Patriot Act and the FISA Amendments Act in
full, and it would also require _standard_ warrants for any surveillance
request. But it also includes other provisions about backdoors and whatnot.
You can read it here:

[http://holt.house.gov/index.php?option=com_content&task=view...](http://holt.house.gov/index.php?option=com_content&task=view&id=1200&Itemid=18)

~~~
Vivtek
Oh! I hereby stand corrected. I should have said (and checked) that the
provision _as described_ is useless. I know there's reason for cynicism when
it comes to Congress, but maybe I'm overdoing it. Thanks for the link!

------
frank_boyd
> In the meantime, several Internet companies, including Google and Facebook,
> are building encryption systems that will be much more difficult for the
> N.S.A. to penetrate, forced to assure their customers that they are not a
> secret partner with the dark side of their own government.

Except, after all we've learned, nobody in their right mind will be able to
trust those companies again.

~~~
cromwellian
Except, we never learned that they added backdoors, sidedoors, or firehose
access for the NSA. The most probable and likely thing that happened is that
the NSA simply tapped their inter-datacenter fiber just like the NSA tapped
Soviet undersea fiber, and that the NSA scooped up any non-encrypted SMTP
traffic. The NSA may even be able to tap internal networks without entering
the building through TEMPEST like techniques.

There has never once been presented a single shred of evidence that they
knowingly cooperated with the NSA in any manner other than the normal court
approved processes via warrant or NSL that they've already alluded to and are
petitioning the government to give more transparent details of.

On top of that, Google has been adding security for years on the front end
that the NSA won't like, for example, using SSL for everything, doing SSL on
mail traffic whenever possible, using forward-secrecy with Chrome, adding
Channel-ID support to Chrome. All indications are that they are trying their
best to secure things as much as possible, but with a state actor with
virtually limitless resources and a half century of experience of penetrating
tough adversaries, it's not enough.

Rather than breaking out the pitchforks for these companies, people should be
breaking out the pitchforks for the NSA. Technical solutions are not going to
solve the problem when the government is against you.

~~~
nitrogen
_There has never once been presented a single shred of evidence that they
knowingly cooperated with the NSA in any manner other than the normal court
approved processes via warrant or NSL that they 've already alluded to and are
petitioning the government to give more transparent details of._

As we saw with the first Snowden leak, the Verizon Business court order, those
"warrant[s] or NSL[s]" can be incredibly far reaching.

------
stephengillie
Knowing that backdoors exist to these products, are Chinese, Russian, and
other Western intelligence organizations trying to brute-force calculate the
location of these known backdoors?

~~~
ttctciyf
If NSA opsec was such that an outlier like Snowden, ideologically motivated
and willing to up sticks and lose a career and a nice untroubled life, could
access and deliver detailed information on backdoors (we haven't seen any
specifics, but indications seem to be that they are likely in the docs Snowden
lifted) and cover his tracks, then it seems at least worth considering that
"normal" spies, where the motivation is money, sometimes blackmail, who will
stay in place or exit gracefully, have already delivered similar information
to parties with the means to procure such, including the ones you list; so
they might not need to brute-force anything.

------
codex
Since humans banded together to form governments thousands of years ago, every
government in existence has been able to investigate effectively on behalf of
its citizens, mainly for crime prevention and national security. Unbreakable
encryption changes all of that. In that respect, this bill could be considered
a dangerous experiment. Not only are no prospective trials planned, but no
thought _at all_ has been given to the unknown risks involved in changing the
ancient tools of government so radically.

~~~
cabalamat
Actually the truth is almost exactly the opposite.

Every government in history has not had the ability to monitor and record the
majority of conversations people have; the cost would have been too great. The
USA with the NSA is the first to approach that ability.

------
chris_wot
When has it ever been a legal requirement that backdoors be implemented in
cryptographic systems?

~~~
ketralnis
There are legal requirements that exist that are laws like "If you break into
a building, you go to jail". But there are also effective "legal requirements"
like "if you don't install this back door, we're going to find a reason to
make your life suck in every imaginable way". Or more subtly "we'll fail to
forgive this crime that we know about".

For instance: [http://www.theguardian.com/technology/2013/sep/11/yahoo-
ceo-...](http://www.theguardian.com/technology/2013/sep/11/yahoo-ceo-mayer-
jail-nsa-surveillance)

> Mayer said executives faced jail if they revealed government secrets [...]
> Mayer was asked why tech companies had not simply decided to tell the public
> more about what the US surveillance industry was up to. "Releasing
> classified information is treason and you are incarcerated," she said.

To quote that reddit thread about that article:

> She'd go to jail, but it wouldn't be for breaking the gag order. It'd be
> because she was suddenly prosecuted for one of the other 1,000 illegal
> things that any CEO does in a given quarter. Just ask the CEO of Qwest, who
> blabbed about the NSA surveilling his customers and then was thrown in
> prison on insider trading charges

So, what happened to the former CEO of Qwest:
[https://en.wikipedia.org/wiki/Qwest#Refusal_of_NSA_surveilla...](https://en.wikipedia.org/wiki/Qwest#Refusal_of_NSA_surveillance_requests)

> Qwest was allegedly the lone holdout, despite threats from the NSA that
> their refusal to cooperate may jeopardize future government contracts [...]
> Former Qwest CEO Joseph Nacchio, convicted of insider trading in April 2007,
> alleged in appeal documents that the NSA requested that Qwest participate in
> its wiretapping program more than six months before September 11, 2001.
> Nacchio recalls the meeting as occurring on February 27, 2001. Nacchio
> further claims that the NSA cancelled a lucrative contract with Qwest as a
> result of Qwest's refusal to participate in the wiretapping program. Nacchio
> surrendered April 14, 2009 to a federal prison camp in Schuylkill,
> Pennsylvania to begin serving a six-year sentence for the insider trading
> conviction. The United States Supreme Court denied bail pending appeal the
> same day

~~~
001sky
_She 'd go to jail, but it wouldn't be for breaking the gag order. It'd be
because she was suddenly prosecuted for one of the other 1,000 illegal things
that any CEO does in a given quarter. Just ask the CEO of Qwest_

Joe Nacchio was a simple crook. Full stop. Please stop with this meme. His
unethical and eventually illegal activity had a long track record. His entire
business career and the entire strategy of his Qwest acquisition was, in
hindlsight, a giant fraud waiting to happen.

It is shitty public policy to have laws that are designed to be (unavoidably)
broken. This puts everyone in the position of being a criminal, at the whim of
'selective enforcement'. This is a fair and valid point. The Qwest saga is a
completely gratuitious data-point, in this regards.

Nacchio was convicted of insider trading in the shares of his own company.
This means he witheld material information about the business from public SEC
filings. That information was the essentially flawed strategy he had been
pursuing was ultimately failing.

------
616c
Unfortunately, the Holt bill engages in, as others put it, a silly bit of
optimism.

I looked up to see what has happened thus far regarding Reagan's Executive
Order 12333 [0] where assassinations by anyone representing the USG is
completely forbidden from engaging in assassination attempts. Does anyone
honestly believe this prevents anything? I find it hard to believe it is
adhered to. Was it amended post-9/11? It is hard to tell, as the follow
executive orders on this topic never address assassination.

[0]
[http://en.wikipedia.org/wiki/Executive_Order_12333](http://en.wikipedia.org/wiki/Executive_Order_12333)

~~~
krapp
Of course the American government engages in covert assassinations. That we
tried to kill Castro several times, at least, is common knowledge. Every
modern government probably has an office they call on to get their "laundry"
cleaned, legally or no.

I don't think that has any relevance on whether or not this particular bill
will pass, though.

~~~
616c
Sigh. The point is legislating against covert acts is inherently ineffective.
This was long after Castro, and I am asking some 15+ years later if people
still even weigh this when considering things like UAV strikes. Technically,
assassinations are not legal for USG employees. It is very clear.

