
Obama administration quietly explored ways to bypass smartphone encryption - apawloski
https://www.washingtonpost.com/world/national-security/obama-administration-ponders-how-to-seek-access-to-encrypted-data/2015/09/23/107a811c-5b22-11e5-b38e-06883aacba64_story.html
======
whoopdedo
From another leaked memo (or maybe the same memo):

    
    
        Although “the legislative environment is very hostile today, it could turn in the
        event of a terrorist attack or criminal event where strong encryption can be shown
        to have hindered law enforcement.”
    
        There is value, he said, in “keeping our options open for such a situation.”
    

In other words, he was hoping for a terrorist attack that could be used as a
flag to push anti-encryption legislation.

[https://www.washingtonpost.com/world/national-
security/tech-...](https://www.washingtonpost.com/world/national-
security/tech-trade-agencies-push-to-disavow-law-requiring-decryption-of-
phones/2015/09/16/1fca5f72-5adf-11e5-b38e-06883aacba64_story.html?postshare=9031442410909976)

~~~
sehugg
I wouldn't go that far. This is ODNI's General Counsel saying that they would
prefer to defer public attacks -- er, debate -- on any specific plan until a
crisis occurs, at which point opposition will be muted. They can then take
advantage of the climate to go full court press with whatever strategy has
been preselected. Whether "preparing to leverage" is worse than "hoping" is up
for debate.

~~~
pdeuchler
That's a rather pedantic difference. What you're essentially saying is they
just used weasel words that gives them an out instead of just blatantly saying
what they mean.

------
alyandon
Cry me a river. The widespread adoption of encryption wouldn't have been such
a pressing issue if spy agencies like the NSA hadn't been abusing their powers
by conducting mass surveillance on law abiding citizens.

~~~
irishcoffee
You do realize that all government agencies, especially those under the DoD,
serve at the pleasure of the POTUS, right? Obama has had close to two full
terms to tell NSA what he wants done and how he wants it done. He could shut
the whole joint down tomorrow. He has not. He is very aware of exactly how NSA
operates, and he has not changed a damn thing.

Blame NSA, or whoever, all you want. They serve at the pleasure of their
customer.

~~~
feld
Why do you people keep repeating these blatant lies? The POTUS does not have
direct power to do these kinds of things. It's the whole lot of politicians
that are ignorant and corrupt.

~~~
fein
This has been an odd dynamic through my entire lifetime.

The president has never been the one pulling the strings, and I'm not sure why
everyone blindly blames the person in that position.

There are people whose names the general public has never seen that have a
great amount of influence in our legislative process.

~~~
1024core
When Bush was in charge, everyone was quick to blame him. But now that Obama
is in charge, suddenly it is "president has never been the one pulling strings
.. why is everyone blaming him?"

~~~
krapp
When Bush was in charge, Republicans apologized for him and Democrats blamed
him personally for destroying the country.

While Obama is in charge, Democrats apologize for him and Republicans blame
him personally for destroying the country.

The truth is, the president _is_ never the one pulling the strings (at least
not all of them), but both sides insist it's the case when it's to their
advantage to attack strawman positions of the incumbent party.

------
codyb
It is amazing what a corner encryption has pinned law enforcement into (after
the USG of course pinned everyone into a corner by spying on what amounts to
nearly the entire globes communications). There are _no workable solutions_
which allow the government to serve a warrant and receive information without
compromising the systems of millions of other subscribers to the same networks
in some fashion (or reducing faith and trust in those networks).

And the physical port, while an interesting concept, would essentially mean if
LEOs jumped the gun by a few days, there warrant would be a bust because
there'd be no information of use on the phone and the person obviously
wouldn't use that physical device again.

I've never had an issue with warranted communication retrieval. I certainly
have an issue with the bulk collection of data on hundreds of millions of
Americans at all times (as we all should, this is the sort of stuff you can
blackmail politicians with, and when you can blackmail politicians you can
control the future of the country, so it's something we need to prevent to
maintain the integrity of our democracy).

What tradeoffs should be made? Where should the lines in the sand be drawn?
And what solutions exist or can be imagined which allow LEOs acting on good
faith and reasonable suspicion to monitor the activities of those worthy of
monitoring without compromising the very nature of our nations foundation?

~~~
pjc50
_" Amendment IV

The right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be violated,
and no warrants shall issue, but upon probable cause, supported by oath or
affirmation, and particularly describing the place to be searched, and the
persons or things to be seized."_

If we define a computer system and its contents as "papers", which seems
reasonable, then the extra port approach matches this very well. You give the
device a warrant signed by the public key of the judge, and it gives up its
secrets. And takes a copy of the warrant.

~~~
okasdkqwewqqwe
I mean that's all fine and dandy but there's a couple problems.

1\. The public key of the judge will be compromised. Not might, not won't. It
will. End of story. This opens my device to a bunch of non-authorized
individuals exfiltrating data without my knowledge. This is completely
unreasonable at every level. To draw a parallel, this would like all locks in
your house having a "police" keying.

2\. Computers are not papers. Papers is a well defined term.

3\. These ports would be taken advantage of by three-letter agencies without
your knowledge and without a warrant.

The only thing your approach allows is that the police officer won't snag your
laptop so the office gets a new one. But really, that won't stop them from
stealing your stuff so not even that works.

The police cant even be trusted to not shoot an innocent person. What makes
you think they can be trusted with a golden key? This approach completely
undermines the entire reason we have encryption and AIDS the police in
parallel construction. Not the other way around.

Read on skipjack and the clipper chip. This kind of tech has been discussed
and it DOES NOT work.

~~~
granos
For #1)

If a judge's private key were compromised there are solutions. Treat the judge
as an intermediary CA cert (I'm assuming there would be an actual root
somewhere) that issues individual certs per warrant. The software on the phone
(which holds the ability to decrypt the data) then verifies the entire chain
of trust. If the signature appears correct and everything validates, but the
certificate revocation list is too old/can't be updated, maybe it enters some
kind of lock mode that only the carrier/manufacturer can unlock. But it gives
the LEO nothing and prevents the user from deleting data.

All accesses must be logged. This way we can see what warrants have been
executed and can track to see if they match what the judge has issued. Any
discrepancy can lead to cert revocation.

~~~
belovedeagle
And the phone knows what time it is because...? All an attacker has to do is
put the phone in a Faraday cage and spoof the cell time while the cert is
stolen. trivial.

------
imgabe
They looked into whether it could be done and then decided that doing it was
not worth the controversy it would generate. This seems like a good thing, I'm
not sure why WaPo went with such a sinister sounding headline. More accurate
would be "Obama administration rejects several proposals to bypass smartphone
encryption".

~~~
tertius
After sending an RFP. I think that's the point.

~~~
imgabe
As I read it, it was to access encrypted information on a suspect after a
warrant or court order has been issued. If you have something in a locked room
and the police have a warrant to search it, they can cut the lock off and
search it, that's perfectly legal. The trick with encryption is to find a way
to do that without rendering every other lock in existence worthless, and I
think that's what they're looking for.

~~~
JoeAltmaier
Maybe some three-key encryption, with the third key escrowed for judicial
purposes.

~~~
JupiterMoon
A 3rd key would have to be kept secret forever but still available easily. How
long before this gets leaked? One thing everyone can learn from the Snowden
leaks is that governments are rubbish at keeping secrets for long periods of
time. Bear in mind that the 3rd key would have a serious financial value and
could be sold semi-anonymously.

~~~
jonlucc
I assumed it would be a unique 3rd key per user/transaction. It increases the
burden of the escrow-holder (by vastly increasing the number of keys to
manage), but has the benefit of allowing granular access to data, rather than
compromising all of one service if a warrant is served for a single user's
information.

~~~
JupiterMoon
So which governments get access to the 3rd keys?

------
jlgaddis
The sentence

> _“[T]hese challenges mean that inaccessible encryption will always be
> available to malicious actors "_

can be easily replaced with

> _“[T]hese challenges mean that inaccessible encryption will always be
> available to everyone”_

and still retain the same meaning.

~~~
Lawtonfogle
To a corrupt government, there is no significant difference between those two
anyways.

------
ixtli
As an American citizen I don't have an issue with gov't funded development of
attacks on encryption so long as they don't pass laws that give them an
advantage like, as an example, requiring companies to back door their own
software. Edit for clarity: I realize that they do this. I'm trying to say
that such abuses of power aside, I have a hard time finding it scary or
surprising that they, or anyone else want to break encryption.

------
venomsnake
> The first potential solution called for providers to add a physical,
> encrypted port to their devices. Companies would maintain a separate set of
> keys to unlock devices, using that port only if law enforcement had physical
> access to a device and obtained a court order to compel the company’s
> assistance.

Soldering gun and that port is a toast.

> The second approach would exploit companies’ automatic software updates.
> Under a court order, the company could insert spyware onto targeted
> customers’ phones or tablets — essentially hacking the device. However, the
> memo warned, this could “call into question the trustworthiness of
> established software update channels” and might lead some users to opt out
> of updates, which would eventually leave their devices less secure.

It could be done even today. And I would not be surprised if we haven't
already some FISA mandated app updates.

> A third idea described splitting up encryption keys, a possibility floated
> by National Security Agency director Michael S. Rogers earlier this year.
> That would require companies to create a way to unlock encrypted content,
> but divide the key into several pieces — to be combined only under court
> order. Exactly how this would work remains unclear, but the memo warned that
> such a system would be “complex to implement and maintain.”

So straight backdoor. While workable for apple, not really suitable for
android. And we have the golden key as the mother lode of all cyber criminal
activity in the world.

> Under the final approach, which officials called a “forced backup,”
> companies under court order would be required to upload data stored on an
> encrypted device to an unencrypted location.

Adava Decrypta or any other magical spell?

If companies hold any way to decrypt the content, then it is not encrypted. if
they don't, what is expected from them is magic.

~~~
calgoo
"Soldering gun and that port is a toast." Even better, make it so that if that
port is used, it fries the internal memory :)

------
uniformlyrandom
> ... splitting up encryption keys, a possibility floated by National Security
> Agency director Michael S. Rogers earlier this year. That would require
> companies to create a way to unlock encrypted content, but divide the key
> into several pieces — to be combined only under court order. Exactly how
> this would work remains unclear, but the memo warned that such a system
> would be “complex to implement and maintain.”

Actually, this is called a 'lawful escrow', and it is implemented in many
enterprise PKI systems specifically to comply with court orders.

So I guess they decided to throw in one sane option, to offset three other
fairly insane ones.

------
mtgx
"Guys, relax - we _don 't want_ golden keys!

We only want _malicious software updates, physical backdoors, forced backups_
and...umm _split-golden keys_."

------
phkahler
I've said this before. They can already get a warrant and visit a suspect.
Make them unlock their phone or go to jail for obstruction or some such (legal
question, how compulsory can this get?). The problem is that they want to
snoop in secrecy without tipping off a suspect. It's undesirable when going
after networks of people, but going in the front door seems completely
feasible today.

~~~
JupiterMoon
Failure to provide decryption keys is I think not currently covered by the 5th
in USA.

In the UK the punishment for failure to decrypt a device when the police ask
is pretty much the punishment for whatever they accuse one of having on the
device...

~~~
aianus
> failure to decrypt a device

What if you don't have the key? Do they need to prove that you're able and
refusing to decrypt the device or are you presumed guilty until you prove you
can't?

What about one-time pads where you could make up whatever key you wanted and
it would be valid?

~~~
yarrel
I believe people were emailing encrypted messages to the minister who proposed
this and destroying the keys to demonstrate the problem with this.

However on the whole it is the same as being asked to open a safe. If you
don't remember the combination...

------
pnut
Well duh, surveillance is core to US National Security. Obviously it comes
with some thorny opportunities for abuse, but in the scope of national
defense, it would be malpractice not to develop every capability possible.

Your enemies won't hold back, and let's remember that we are more or less
already in an asymmetrical information war with both state and non-state
actors inside US borders.

------
TJPe
The POTUS is not the only responsible party, but is definitely among the
supports for wide spread mass surveillance. A person could argue that he is
not responsible if the government operated in the nature it's suppose to under
the constitution, but with executive orders (among other things) that is not
the case.

------
izzydata
They say they don't want to sound like they are asking for a backdoor, but
they are basically asking for a backdoor. Then they mention that if they start
adding spyware to peoples phones through service providers software update
channels that people will not find them trustworthy. Well, no shit.

------
sehugg
_“Rather than sparking more discussion, government-proposed technical
approaches would almost certainly be perceived as proposals to introduce
‘backdoors’ or vulnerabilities in technology products and services and
increase tensions rather [than] build cooperation,”_

... but we welcome a robust debate!

------
manishsharan
You can blame this administration or the other one for pervasive snooping. The
sad truth is that we are prisoners of our fear. Remember when Obama tried to
shutdown Gitmo ?

------
snarfy
I'm still waiting for XKeyScore to be generally accessible by any script
kiddie. When it is they'll realize how utterly stupid it is for such a system
to exist.

------
sukaka
I see what Obama's saying. In my experience, research on bypass methods may
become the source of a new terrorist attack. Then a terrorist attack would be
our making.

------
devit
Why do they need that?

All they need is for a policeman to physically seize a device while it is
unlocked.

Or even while it is locked with encryption keys stored in memory, and some
custom tech to read the RAM from a running device.

I'd wager that people with sufficient physical security to prevent this are
very rare, and it works against any sort of device that doesn't have a dead
man's switch.

~~~
da_chicken
> Or even while it is locked with encryption keys stored in memory, and some
> custom tech to read the RAM from a running device.

Isn't that exactly what "exploring ways to bypass smartphone encryption"
means?

------
LinuxBender
I do not see value in this discussion. Once your smart phone is powered on, it
is not encrypted. All files can be pulled or pushed over the air by the
carrier. Not all carriers will ask for a warrant. Click down if you want, but
I was told to not ask for a warrant.

------
tempodox
Nixon was a babe in the woods compared to Obama.

~~~
tsotha
Yes and no. Nixon did a lot of things Obama wouldn't get away with. But the
technology for the sort of dragnet snooping government agencies can do today
wasn't available.

