
Justice Dept. Revives Push to Mandate a Way to Unlock Phones - kylebarron
https://www.nytimes.com/2018/03/24/us/politics/unlock-phones-encryption.html
======
rgbrenner
_The debate receded when the Trump administration took office_

Comey was the key advocate in this during the Obama years. He spoke for years
advocating backdoors... even after Trump took office. Here's an article from
March 2017 when he advocated an international backdoor[0]. Here's one in May
2017 when he backed Feinsteins decrypt bill[1].

It receded because Comey was pushed out. And it took a while for Wray to come
in and make it an issue again.

It's worth remembering that this is not some faceless government action.
They're just people who are lobbying for the change. Remember to contact your
representatives regularly to advocate your position on these issues.

0\.
[https://www.techdirt.com/articles/20170327/10121437009/james...](https://www.techdirt.com/articles/20170327/10121437009/james-
comeys-new-idea-international-encryption-backdoor-partnership.shtml)

1\. [https://techcrunch.com/2017/05/03/fbi-director-comey-
backs-n...](https://techcrunch.com/2017/05/03/fbi-director-comey-backs-new-
feinstein-push-for-decrypt-bill/)

~~~
IBM
The reason this story even exists is because this issue of "lawful access" is
_not_ due to any individual personalities. It's clearly a priority at an
institutional level, including the White House:

>Against that backdrop, law enforcement officials have revived talks inside
the executive branch over whether to ask Congress to enact legislation
mandating the access mechanisms. The Trump White House circulated a memo last
month among security and economic agencies outlining ways to think about
solving the problem, officials said.

~~~
rgbrenner
Yes, I'm sure they have found allies and people that agree with them. That
doesn't mean the debate is over or lost. If everyone in government agreed on
this issue, they would have passed it years ago.

Obama's whitehouse was the reason the FBI never got very far on this issue.
Even up until he left, all he could agree to was that it was an issue and
solutions should be looked into. Obviously Trump is much more open to passing
something on this than Obama was. But note Congress never put a bill on
Obama's desk... even the floated Compliance with Court Orders Act of 2016 got
little congressional support, and ended up never being introduced.

~~~
GirlsCanCode
Obama's Whitehouse? You mean the one that had the NSA spy on all of us?

~~~
dr0verride
The NSA was spying on us before Obama took office.

~~~
tracker1
And Obama didn't end it, and by all accounts expanded on it. Almost every
anti-privacy action started by GWB was expanded under Obama. And Trump is why
it probably never should have been allowed. The abuse of the Patriot Act in
and of itself should be reason enough to fight anything similar, or expansive
in the erosion of personal liberty.

------
einarfd
I would really like to be a fly on the wall, when American diplomats are going
to try to explain to its allies that them having a backdoor to all cellphones
in the world is a good idea. Then capping it all of by coming up with a
strategy of how to sell this idea to their electorate, which some places, have
a very dim view of American privacy laws.

In addition if Google and Apple builds some backdoor into their products, any
regime of any country which Google and Apple operates in will demand to get
the same backdoor. How are they going to not give them that, they won't be
able to.

I'm sure the Justice Department, and the FBI does not care about foreign
implications of their wishes, but their are parts of the American government
that has to. It is deeply naive to believe that something like this will fly
on the international stage.

~~~
Gys
> any regime of any country which Google and Apple operates in will demand to
> get the same backdoor

Exactly. So we end up with 1000s of people (many services from many countries)
that have authorized access to your phone. This cannot be contained in any
way. Not something to look forward to....

~~~
wmf
Any backdoor would probably be per-country so you have to pay attention to
what country your phone is registered in.

~~~
confounded
Why do you think this? The manufacturer is obliged to maintain a backdoor, and
give access on demand.

The US is a big enough market that they could force this to be built. Other
countries will just write similar laws to get the same access to the same
backdoors.

------
rdl
Trump's election should really have been the last nail in the coffin on this
kind of stuff, at least in the US. Either you hate him (and thus don't want
him or anyone like him in the future to have this kind of access), or you love
him and don't want anyone who hates him to ever gain this kind of access. A
polarizing political figure should erode trust in unrestrained state power
unless you believe he's the last President ever.

~~~
jacquesm
> A polarizing political figure should erode trust in unrestrained state power
> unless you believe he's the last President ever.

How big a percentage of the electorate would back canceling the next election
cycle?

~~~
rdl
That to me seems like the biggest problem with parliamentary systems (which
have many other advantages, especially for new parties, local constituencies,
etc.). Unless there's a sovereign, or some other system, it's often left up to
the sitting government to decide when elections will be called.

~~~
IAmEveryone
That's not true for most parliamentary systems. In fact it's only customary in
the UK to arbitrarily call elections when poll numbers are up. But even in the
UK, there is obviously a maximum term between elections. And calling elections
without reason isn't actually possible anymore. Theresa May had to jump
through some hoops to almost lose her majority last summer.

In the US, a president who leaves office before the expiration of their term
is replaced by the Vice President (or the next in the line of succession if
there is no Vice President). In Germany, a chancellor can only recalled by
electing a replacement. If they resign or die, the President gets to make a
few decision, and they will usually task the leader of the largest party to
find themselves a majority. Only after two or three failures of that process
would a President turn to early elections.

------
bootlooped
If all the hacks, breaches and vulnerabilities from the past 5 years have
taught us anything, it should be that security is hard enough to do without
weaknesses intentionally baked in.

------
JudasGoat
I think that Apple's concessions to the Chinese government undermined the
"moral high ground" that Tim Cook once stood upon.

------
mtgx
I'm going to bet that this law will come with a provision that says
researchers that try to break or report bugs in whatever system they come up
with could get jail time.

------
ashildr
So the Justice department wants Huawei to give a key to their American
customer‘s phones to the Chinese government?

~~~
wmf
No? That doesn't follow.

~~~
confounded
It kind of does. I may have misinterpreted the article, but the proposal seems
to be forcing hardware and software vendors into key-escrow schemes.

So the decryption key on your phone (or perhaps a key to the key, same thing
AFAICT) would have to be stored by the manufacturer so that it could be
accessed by various US government agencies.

If it’s a Chinese company, that means the Chinese government would have
access, too.

And if such a law and precedent was set by the US, the likely reaction from
other countries would be to enact similar laws.

So, lots of people all over the world will be able decrypt your data, for lots
of reasons.

~~~
wmf
One would hope that for phones sold in the US the keys would be escrowed
somewhere that only the US could get to them. Likewise for other countries.

~~~
confounded
Ah, so no legal tests all. All keys straight to the government, for always-on,
total surveillance for the entire population?

I personally wouldn’t hope for that.

~~~
wmf
No, I didn't say that either.

------
tracker1
Just to be clear, these guys are in favor of China, Russia, Iran and ISIS
having back doors into devices used in the US for communication of potentially
very privileged information.

Once backdoors are introduced, that is the outcome that will come of this.

------
IAmEveryone
There's a lot of conspiracies and security absolutism in this thread. So while
I agree that this policy is misguided, I think it's important for the
community to address the actual issues raised, and not some strawmen about the
government preparing to enslave all citizen etc.

Imagine you're a high-minded, fair, and absolutely law-abiding FBI officer
charged with solving some white collar crime, like corruption or fraud.

You started some time in the 80s. The usual MO was to get a warrant and search
someone's house and office. You'd find 60 to 100 binders full of letters,
transaction records, and org charts for this criminal enterprise you're
investigation.

Today, you find an iPhone and a smug banker telling you take it. "The new
model is coming out anyway." Then, he orders a Vodka Soda from his butler and
you slink out, iPhone in hand.

Just to be clear (again): I absolutely do not think that this scenario is
reason enough to mandate backdoors. But I am similarly convinced that it
happens, probably quite often. And that it would be rather frustrating to deal
with.

It will be far easier to convince people if we start acknowledging what they
already think to be true, to avoid hyperbole, and not to obscure our real
motivation behind some rather ridiculous claims of technical impossibility[0[.

[0[: bitcoin already has 2-of-3 multisig, so 1-of-2 shouldn't really be
impossible if anybody, you know, _tried_

------
emh68
Why would the government push an backdoor that would expose their own citizens
to more hacking? Almost seems like they’re just trying to look tough on crime
but won’t actually do it.

------
braderhart
How do you have secure encryption with proprietary backdoors? Maybe this will
wake people up to only using open source operating systems.

~~~
ISL
Any encryption scheme with a backdoor is insecure, by definition.

~~~
gizmo686
Not if you change the security definition.

Which they will. All they are asking for is some form of key escrow; which can
(and has) been given a reasonable security definition.

The problem is that secure implementations of key escrow are much harder; and
(given the amount of use the escrowed key will get), certainly going to be
broken in practice.

------
wmf
What do people think about "crypto crumple zones" (basically crypto that costs
$1B to brute-force)?
[https://www.usenix.org/node/208172](https://www.usenix.org/node/208172)

~~~
quotemstr
Okay --- I'll iterate the algorithm a thousand times. Now I'm back to
respectable strength.

Besides, any selective "break glass" scheme is going to be vulnerable to
arguments about the need for urgent access to prevent terror or something.

Either the population has access to strong crypto or it doesn't --- and
technological prohibition never actually works. You may be able to make it
easy to crack phones used by the naive, but you can't stop determined people
writing and running software.

------
jliptzin
Why do we need this? If this has been such a huge problem for them over the
last decade shouldn’t we have seen a rise in crime rates because criminals are
having an easier time getting away? Seems like it’s been the opposite.

------
tracker1
The question I have for anyone pushing for this, is do you want a foreign
gov't to have the same access? Because as soon as you require this in the US,
that's exactly what will happen.

------
JoshMnem
I was hoping that it was going to be an article about how users should be able
to unlock their own phones and get root access without any risk of bricking
them.

------
pishpash
And here I thought it was to mandate unlocking the bootloader and radio bands,
alas, power only works one way: to take away rights.

~~~
mindslight
Haha, I was right there with you. Ah, those fleeting moments of naive
optimism.

~~~
18pfsmt
Well, various people want the government to do something to the "other," and
these people just disagree about what they want the government to force people
or groups of people (i.e. corporations) to do. Others just think we should
stop letting the government force anything without substantial data that
indicates an actual probable reduction of some negative behavior.

I think Apple has the will to fight this and I think a strong 4th amendment
case can be made. Freedom of the people must be protected.

------
JumpCrisscross
Apple, Amazon, Netflix and Google will need to work hard to distance
themselves from Facebook in the public imagination. They’re presently all “big
tech” FAANGs. Until that happens, Silicon Valley’s political priorities will
suffer in D.C.

~~~
apotheothesomai
While the political priorities of telecoms, oil companies, the pharmaceutical
cartel, and banking continue to set the political agenda. Sure, that makes
sense. Let's ignore one of the larger sections of our economy and opt to
punish the bad actors at the expense of the whole industry in this one sector
alone.

~~~
JumpCrisscross
Tech countered many political interests. With tech weakened, the interests
they were defending have no defences.

We must reform money’s role in our democracy, but basic political balances are
intrinsic to the game. In retrospect, privacy advocates may have relied too
heavily on the support of a single segment.

------
nkkollaw
This is somewhat unrelated, but I really think 4-5 years terms for government
anywhere in the world is way too long. You elect them, they break promises and
pass all kinds of crazy laws, and still get to stay and keep doing damage for
5 years, after which they might even get elected again because most people
won't remember what happened 5 years back.

It might not be feasible, but a way for citizens to send everyone home easily
every 1-2 years if they screw up would be beneficial.

~~~
iamamrit
Short election term will lead to prevention of passing of ground-breaking laws
that goes against majority demographic

~~~
nkkollaw
Yes, exactly. If the majority doesn't agree with it, it shouldn't pass.

------
zrb05293
Wow. One of the people working on this is a former security guy at Intel.
Makes me wonder if meltdown and specter were engineered into chips on purpose.

~~~
DerekL
Meltdown and Spectre aren't backdoors or simple mistakes. They are the
unforeseen consequences of speculative execution. Also, other companies'
processors are affected too.

------
IBM
I think some type of "lawful access" was inevitable. Law enforcement all over
the world weren't going to just let the status quo fly.

If it's going to happen hopefully Apple can do some jujutsu and get GDPR in
the US out of it as part of an omnibus bill [1].

[1] [https://www.bloomberg.com/news/articles/2018-03-24/apple-
s-t...](https://www.bloomberg.com/news/articles/2018-03-24/apple-s-tim-cook-
calls-for-more-regulations-on-data-privacy)

~~~
mtgx
Nothing is "inevitable". Laws are constructs of society, ultimately. Cutting
hands for stealing, death penalty for smoking marijuana, forcing people to not
use end-to-end encryption - it can all be undone by a vigilant and activist
society.

If everyone has a self-defeatist "inevitable" attitude on the other hand...

~~~
IBM
Don't get me wrong, I hope Apple (and the rest of the tech industry) try to
kill the baby in the crib. But it'd be sticking your head in the sand and
intellectually dishonest to say that law enforcement doesn't have a legitimate
interest in pursuing this and are just going to give up because some tech
people say it shouldn't happen.

At least this way something of value is gained.

~~~
kabdib
Law enforcement also has a legitimate interest in being able to walk into my
house, examine and copy my stuff, and make sure I'm not doing anything against
the law. They also have a legitimate interest in stopping me on the street at
random and demanding my identity, proof of citizenship, a blood sample (to
make sure I'm not doing any drugs that are against the law), and a list of the
people that I've talked to today, and about what subjects.

Oh, that's not "legitimate"? I've seen serious proposals for those in the past
few years, and not a few actual instances. All invoking the L-word.

What do people mean by "legitimate" then? Mostly, I see it as begging the
question, an attempt to redefine and color the argument. Of _course_ their
interests are "legitimate" \-- whose are not? Does passing a law make
something legitimate? What about an unconstitutional law?

History has proven that capabilities like the ones proposed are always abused
by power, and that compromised security systems grow more compromised over
time.

My head is not in the sand.

------
stevemk14ebr
I like the idea of focusing on the device problem rather than the transport
problem.

I'm personally completely ok with the special devices specific unlock code
suggested. It's not universal, and requires the government to go through the
company first who at some level at least have a stake in me believing my
device is secure.

The insentives seem to work and I still have reasonable security.

~~~
jacquesm
Security is pretty binary in this sense. It is either secure or it isn´t.

