Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Google Communications Encryption Government Apple

Manhattan DA Pressures Google and Apple To Kill Zero Knowledge Encryption (thestack.com) 291

An anonymous reader writes: In a speech to the 6th Annual Financial Crimes and Cybersecurity Symposium, New York County District Attorney for Manhattan Cyrus Vance Jr. has appealed to the tech community — specifically citing Google and Apple — to "do the right thing" and end zero-knowledge encryption in mobile operating systems. Vance Jr. praised FBI director James Comey for his 'outspoken' and 'fearless' advocacy against zero knowledge encryption, and uses the recent attacks on Paris as further justification for returning encryption keys to the cloud, so that communications providers can once again comply with court orders.
This discussion has been archived. No new comments can be posted.

Manhattan DA Pressures Google and Apple To Kill Zero Knowledge Encryption

Comments Filter:
  • by Anonymous Coward on Thursday November 19, 2015 @09:57AM (#50961655)

    Event the Old York Times had to pull its crap article about encryption.

    • by rlp ( 11898 )

      Old York's newspaper is called "The Press".

    • by Richard_at_work ( 517087 ) <richardprice@noSPAm.gmail.com> on Thursday November 19, 2015 @10:14AM (#50961813)

      Yes they did - but the message the Paris investigators found which led them to perform the raid on Wednesday was recovered from an unencrypted phone and not from traffic capture.

      Don't get me wrong, I support zero knowledge encryption where possible, but having access to the phone contents reportedly did allow investigators to make headway in France.

      • by TWX ( 665546 )
        Then why the hell are governments pushing for data-retention laws?
      • Re: (Score:3, Interesting)

        by Anonymous Coward

        Yes they did - but the message the Paris investigators found which led them to perform the raid on Wednesday was recovered from an unencrypted phone and not from traffic capture.

        Don't get me wrong, I support zero knowledge encryption where possible, but having access to the phone contents reportedly did allow investigators to make headway in France.

        In other news law enforcement magically found multiple cells of terrorists in the aftermath of the Paris shootings. Yet they could not find these three suspects before they committed mayhem in the city? The government sat on intelligence hoping to be led to bigger fish instead of arresting the Paris shooters. I do not believe a damn thing the government says or the media reports. While Obama and Hollande twiddled their thumbs at least Putin struck back decisively against ISIS/ISIL in Syria.

        • by macs4all ( 973270 ) on Thursday November 19, 2015 @12:13PM (#50962753)

          In other news law enforcement magically found multiple cells of terrorists in the aftermath of the Paris shootings. Yet they could not find these three suspects before they committed mayhem in the city? The government sat on intelligence hoping to be led to bigger fish instead of arresting the Paris shooters. I do not believe a damn thing the government says or the media reports. While Obama and Hollande twiddled their thumbs at least Putin struck back decisively against ISIS/ISIL in Syria.

          This. This. A THOUSAND times This!

          Meanwhile, we get "treated" to more and more Security Theater.

          If the gummints would aggressively go after each and every of the credible leads they OBVIOUSLY have, the life of the Terrist on the ground would be seen as less and less "glamorous", and sooner, rather than later, the likes of ISIS/ISIL would start having "attrition" numbers, and lack of new recruits, that would start putting a severe damper on their plans for world domination.

          And no, I don't believe that the "Martyr Effect" would work in their favor.

        • Praise be to Putin (Score:2, Insightful)

          by mi ( 197448 )

          at least Putin struck back decisively against ISIS/ISIL in Syria.

          Putin's, peace be upon him, strikes against ISIS are, at best, half-hearted and at worst a sham. He is not fighting against ISIS, he is fighting for Assad [economist.com] — a decades-long client of the USSR/Russia. Because of Russia's strikes against anti-Assad fighters, ISIS was, actually, been able to gain ground in Syria on several occasions.

          Considering the post-tragedy rise of Le Pen and other European nationalists, who tend to be Putin's, peace be

          • by unixisc ( 2429386 ) on Thursday November 19, 2015 @01:31PM (#50963489)

            at least Putin struck back decisively against ISIS/ISIL in Syria.

            Putin's, peace be upon him, strikes against ISIS are, at best, half-hearted and at worst a sham. He is not fighting against ISIS, he is fighting for Assad [economist.com] — a decades-long client of the USSR/Russia. Because of Russia's strikes against anti-Assad fighters, ISIS was, actually, been able to gain ground in Syria on several occasions.

            Considering the post-tragedy rise of Le Pen and other European nationalists, who tend to be Putin's, peace be upon him, clients themselves, one may argue, Putin had a hand in the Paris-attack himself. Whether that's true or not, the sentiment such as yours certainly illustrates, how he benefited from it.

            I have no love the Nobel Peace Prize winner we are saddled with — his foreign policy is as destructive as the internal ones — but praising Putin seems outright dumb. Obama will be gone in a year, Putin will remain a menacing danger for as long as he lives — and the asshole is fit, hale and healthy...

            This was true before that Russian airliner went down in the Sinai, and ISIS so helpfully claimed responsibility. Putin, as well as Beijing, back Assad b'cos that's their lone surviving customer for Soviet era weapons. Previously, Moscow had Saddam, Gadaffi and Assad all. First Saddam was toppled, then Gadaffi, and now both Russia and China risk losing their last customer of weaponry - Syria. Which is why they are fighting tooth and nail to save him.

            However, ISIS is no ally of Russia, and in fact, Russia has a dim view of Sunni Jihadis - like the Chechens, the Islamic movement of Turkestan and other Jihadi movements in Russia, like the Tatars. So Russia is more than happy to take out ISIS. It's just that w/ al Nusra and the FSA being closer to Damascus than ISIS was, they were a higher priority for Putin, but now, w/ this Russian plane going down, ISIS kicked themselves up in the scheduler list.

            • by mi ( 197448 ) <slashdot-2016q1@virtual-estates.net> on Thursday November 19, 2015 @01:50PM (#50963671) Homepage Journal

              This was true before that Russian airliner went down in the Sinai, and ISIS so helpfully claimed responsibility.

              Putin has [nybooks.com] staged [theguardian.com] terrorist acts [historycommons.org] against his own citizens before. I would not put too much credence into that airliner's disaster...

              but now, w/ this Russian plane going down, ISIS kicked themselves up in the scheduler list.

              Yes, and suddenly Putin no longer seems like such a bad guy, does he? I mean, invasion of a peaceful neighbor is soooo last year, we need to cooperate with Russia now, do we not?

              230 Russian lives are a small price to pay for such a turn in the world's public opinion. Glory be to Mother Russia...

              • Except ISIS made a credible claim to be responsible for the downed airliner, including both photos of the device, and details of how they smuggled it onto the plane. If your version of events were true, they would probably dispute those claims, or have no evidence.

                I'm not saying that Putin is a "good guy," but he's not an idiot, and ISIS is run by, really, just idiots. You have to be truly stupid to believe that unilateral violence against any and all countries in the world, including your own, could poss

        • by amicusNYCL ( 1538833 ) on Thursday November 19, 2015 @03:12PM (#50964463)

          From the New York Times [nytimes.com]:

          French intelligence officials have concluded that Mr. Abaaoud was involved in at least four of six terrorist plots in France that have been foiled since the spring, Interior Minister Bernard Cazeneuve announced at a news conference.

          Mr. Abaaoud, a Belgian citizen who was 27 or 28, went to Syria last year to fight with the Islamic State, but it was not until Monday that French authorities learned - through a foreign intelligence service - that he had returned to Europe, via Greece, Mr. Cazeneuve said.

          They had been tracking him, at least enough to break up several other things he was planning. But the problem with this situation, like we all know, is that the terrorists only have to succeed once, while law enforcement has to succeed every time. They didn't even realize he was back inside the country until 4 days before the attack, and that's not a lot of time to find someone who probably didn't want to be found.

        • by nospam007 ( 722110 ) * on Thursday November 19, 2015 @04:01PM (#50964945)

          "In other news law enforcement magically found multiple cells of terrorists in the aftermath of the Paris shootings. Yet they could not find these three suspects before they committed mayhem in the city?"

          Exactly! Now they have emergency law active, which allows them to search houses without any warrant or cause.

          When you are allowed to dry the whole pond, any idiot can catch some fish.

      • by nine-times ( 778537 ) <nine.times@gmail.com> on Thursday November 19, 2015 @11:39AM (#50962491) Homepage

        Still, the governments of the world have been asking us to give up on having any level of privacy so that they can "catch terrorists". I think they need to demonstrate some things before I can even think about accepting that idea.

        1) There's oversight over the collection and storage of the data that guarantees that it's being used for that purpose. There's no possibility that it can be used for other law enforcement operations, for blackmail, or for looking at dick pics (thank you, John Oliver).
        2) The program is effective. If you're collecting my SMS messages so that you can stop terrorist attacks, show me that you're catching terrorists that way. Don't collect SMS messages preemptively and then go, "Well after the fact, we found that the terrorists used SMS and we just didn't catch it. But after we caught people who were involved and found their cell phones, we thought it was kind of helpful to see those SMS messages."
        3) Explain why the terrorists won't just change their methods. People say things like, "When guns are illegal, only criminals will have guns," and then the same people say, "We need to make it illegal to send encrypted messages that we can't break." It doesn't make sense.

        That's just to start. I'll think about more questions when those can be answered.

        • by AmiMoJo ( 196126 )

          4) Explain how they will prevent other governments using the same methods to steal our secrets and private information.
          5) Explain how they will prevent future governments from abusing the infrastructure they put in place to facilitate bulk data collection.

      • by cfalcon ( 779563 ) on Thursday November 19, 2015 @01:44PM (#50963611)

        > but having access to the phone contents reportedly did allow investigators to make headway in France

        So, we have access to encryption (aka real encryption, aka zero knowledge encryption), and the terrorists were not using it. This then becomes an argument against real encryption. Of course, if the terrorists WERE using it, it would ALSO be a an argument against real encryption.

        The story so far: Terrorists communicate without using Bibles, or encryption. Terrorists kill a bunch of people without using Bibles, or encryption. Later investigators find phones without Bibles, or encryption.

        Nothing in this story involves Bibles, or encryption- if either one is inserted, it's because someone wants to take your Bible. Or more likely, your encryption.

        • If they were using the new iPhone with its encryption, there wouldn't have even been the SMS lead, because Apple is taking away law enforcement's ability to read the contents of a phone even with a warrant and when no one would argue it isn't reasonable.

    • by unixisc ( 2429386 ) on Thursday November 19, 2015 @10:27AM (#50961907)

      While I'm ambivalent about Zero Knowledge Encryption, the above factoid - they used SMS - is tangential to the point in question. Yeah, the French Jihadis used SMS, but Jihadis everywhere else have been using whatever's out there - not just SMS.

      I do oppose any attempts to ban this, since there is nothing stopping Jihadis from developing their own encryption codes and going totally dark on the authorities everywhere.

      • by NotInHere ( 3654617 ) on Thursday November 19, 2015 @10:43AM (#50962013)

        since there is nothing stopping Jihadis from developing their own encryption codes and going totally dark on the authorities everywhere.

        This is what they want to achieve, as when encryption is backdoored anywhere, its much easier to argue that everybody who uses non-backdoored encryption is a has something to hide and is a criminal suspect.

        • by l3v1 ( 787564 )
          "This is what they want to achieve, as when encryption is backdoored anywhere, its much easier to argue that everybody who uses non-backdoored encryption is a has something to hide and is a criminal suspect."

          That's why strongly encrypted e-mail communication was doomed from the start - nobody wants to be treated a criminal or terrorist just because they are tech-savvy and or trying to protect actual - e.g., industrial - secrets from everyone, including prying government eyes.
        • by mark-t ( 151149 ) <markt.nerdflat@com> on Thursday November 19, 2015 @11:58AM (#50962647) Journal

          They appear to be under the impression that the only reason one would have something to hide is because one has done something wrong.

          Of course, nearly everyone has something to hide... and it is not because there is anything necessarily wrong. Does one wear clothes in public for example? Is there something wrong with their bodies that they feel they must do this, or do they do so simply because their bodies are private? Having something that you may feel is private or even something that you might feel somewhat embarrassed by if it were to be public does not mean that anything is amiss... it means you are human.

      • by silas_moeckel ( 234313 ) <silas@NosPAM.dsminc-corp.com> on Thursday November 19, 2015 @10:45AM (#50962031) Homepage

        Considering that unbreakable encryption that can be done by hand and used over any medium has been around forever. It's cumbersome to well.

        Denying the public effective encryption does nothing to stop a terrorists from communicating it just lets the government pry into average citizens lives.

        • by bradrum ( 1639141 ) on Thursday November 19, 2015 @11:27AM (#50962385)

          This is about investigator laziness, disregard for law abiding citizens privacy, and expanding power bases for the police, FBI, etc.... What you won't hear until well after the authorities make a power grab are the mistakes of the investigators to use the existing powers they have to foil or stop the plot.

          Warrants and limitations on investigative powers are paramount to keeping the rule of law in place. While I can understand streamlining existing warrant procedures to make them more responsive. Such as changing wire taps to follow a person instead of be limited to a selected phone. The powers that be pushed for MUCH more than that. And congress encouraged this behavior in a number of ways, they wrote a blank check after 9/11 for the NSA, FBI, homeland sec for any thing they wanted to "prevent the next 9/11". So in a time of great austerity for many social programs, space, sciences, many agencies and 3rd parties were flush with money to pursue anything they fucking wanted.

          • The core issue with a wiretap following an individual is how do you know. They seem to want the tap everything and we will figure it out approach.

        • Radio talk show covered this today. One guest kept claiming that you couldn't trust the encryption experts because they had a financial motivation from Silicon Valley companies. He kept hammering this point over and over despite how ridiculous it was. Encryption is being added by companies because the customers have demanded it.

          On the other hand, he never pointed out that law enforcement have their on innate biases towards fewer freedoms. Law enforcement has a long history of pushing hard against privac

      • by swillden ( 191260 ) <shawn-ds@willden.org> on Thursday November 19, 2015 @10:49AM (#50962059) Homepage Journal

        While I'm ambivalent about Zero Knowledge Encryption

        Personally, I'd really like to have an opinion on "zero knowledge encryption", but I can't figure out what the hell it is. From context I infer that he's using the term to describe device encryption, as done on Android and iOS. I know what that is, and wholeheartedly support it.

        But I have no idea where this "zero knowledge encryption" label came from or what it's intended to actually mean. I know what zero-knowledge proofs are, and they're really cool, but they have nothing to do with device encryption.

        I've got it! He's using the phrase "zero knowledge" to describe his understanding of encryption.

        • Does it mean encryption that can't be decrypted?
          • Does it mean encryption that can't be decrypted?

            That would certainly be secure.

            • I have a business plan. Develop encryption routines made up of many:one functions, so that they can't be decrypted. And then sell them to ISIS and other Jihadis worldwide for a hefty fee. The plans they send each other won't be accessible by their recipient, which would certainly slow down their planning.

              Oh, and their only way of contacting me would be to use the same encryption, and so I'd have no way of viewing their death threats when it works as intended }:-)

        • by MirthScout ( 247854 ) on Thursday November 19, 2015 @11:01AM (#50962143)

          My read on it is they mean the vendor has zero knowledge of how to break the encryption to gain access to a user's data.

          • I read it as the user requires zero knowledge about encryption to use it, as in it's freely available and default and requires no user intervention to use it. This would block almost all snooping and is what Apple and Google have been talking about since the NSA revelations.

          • by necro81 ( 917438 )

            My read on it is they mean the vendor has zero knowledge of how to break the encryption to gain access to a user's data

            Oh, the vendor has plenty of knowledge on how to break the encryption - they developed it, after all - it's just that the knowledge of how the encryption works doesn't lead to any feasible way to break it in any reasonable timeframe. The knowledge the vendor has about breaking the encryption is "brute force is your only recourse, and we hope you can wait a loooong time."

        • by Jeremi ( 14640 )

          But I have no idea where this "zero knowledge encryption" label came from or what it's intended to actually mean.

          Without going to extreme measures like actually reading the article, I'm going to guess that they mean encryption mechanisms where the service provider (read: Apple or Google) has no way to unilaterally decrypt the user's data, because the only place the decryption passwords/keys are ever stored is on the user's device.

          • But I have no idea where this "zero knowledge encryption" label came from or what it's intended to actually mean.

            Without going to extreme measures like actually reading the article, I'm going to guess that they mean encryption mechanisms where the service provider (read: Apple or Google) has no way to unilaterally decrypt the user's data, because the only place the decryption passwords/keys are ever stored is on the user's device.

            Having read the article, I believe you are correct.

          • But I have no idea where this "zero knowledge encryption" label came from or what it's intended to actually mean.

            Without going to extreme measures like actually reading the article, I'm going to guess that they mean encryption mechanisms where the service provider (read: Apple or Google) has no way to unilaterally decrypt the user's data, because the only place the decryption passwords/keys are ever stored is on the user's device.

            This may be. But Zero Knowledge Proof [wikipedia.org] means something very specific and that isn't it.

        • It means encryption where the vendor of the encryption software has zero knowledge of the key.

          • by cfalcon ( 779563 )

            So, it means encryption.

            If you put a modifier in front, it usually acts to modify. In this case, it is providing no modification. The opposite "key escrow", is a system where someone has a master key that can unlock anything locked by all the slave keys (that's what you get, citizen!).

        • "...solution for cloud storage data security. All of your data is encrypted, and the cloud storage provider doesn’t have the key, only you, the user does. In other words, the provider has “zero knowledge” of the encryption key."
          http://www.idganswers.com/ques... [idganswers.com]

        • What it means is that Apple and Google are facilitating the encryption while retaining zero knowledge of the keys. Therefore, neither company is able to decrypt the user's data on behalf of law enforcement. They are doing this because, if they didn't, somebody else would offer apps to do it and then take over part of their ecosystem.
          • They are doing this because, if they didn't, somebody else would offer apps to do it and then take over part of their ecosystem.

            Heh. As one of the engineers at Google who builds Android device encryption, I'd say that we do it because that's how it should be. But it should surprise no one that engineers who gravitate to positions like mine are people think everything should be encrypted and that only the person who owns the data should have the keys.

        • Personally, I'd really like to have an opinion on "zero knowledge encryption", but I can't figure out what the hell it is. From context I infer that he's using the term to describe device encryption, as done on Android and iOS. I know what that is, and wholeheartedly support it.

          But I have no idea where this "zero knowledge encryption" label came from or what it's intended to actually mean. I know what zero-knowledge proofs are, and they're really cool, but they have nothing to do with device encryption.

          I've got it! He's using the phrase "zero knowledge" to describe his understanding of encryption.

          This.
          Zero knowledge protocols and proofs have plenty to do with cryptographic security, most commonly in authentication protocols, but have nothing to do with encryption.

  • by Dunbal ( 464142 ) * on Thursday November 19, 2015 @09:59AM (#50961667)
    A Manhattan DA is going after a California based company that has its manufacturing in China and most of its assets in Ireland. Yeah. Good luck with that.
    • He watched a few episodes of "Law and Order" and since McCoy once managed some form of spiritual victory, so he thinks he can pull it off.

    • by richieb ( 3277 )
      I thought the used ROT-26 cypher.
  • by Henriok ( 6762 ) on Thursday November 19, 2015 @10:00AM (#50961677)
    but the terrorists in Paris seems to have used plain old unencrypted SMS, in French no less. http://arstechnica.com/tech-po... [arstechnica.com]
    • That detail is not good enough to keep authoritarians from mouthing off.

    • by Anonymous Coward on Thursday November 19, 2015 @10:07AM (#50961749)

      but the terrorists in Paris seems to have used plain old unencrypted SMS, in French no less.
      http://arstechnica.com/tech-po... [arstechnica.com]

      Irrelevent. Terrorism is the boogyman the government has forever linked to their justification for unlimited access to our private communications. It doesn't matter whether they use it or not, the government wants everyone to be scared into giving up more of their freedoms. Facts just get in the way of that.

    • From that very article:

      French police found an unencrypted, unlocked phone in a trash bin outside the Bataclan concert hall in Paris that contained a text sent in the clear: “On est parti on commence.” (“Let’s go, we’re starting”).

    • Re: (Score:3, Funny)

      by Anonymous Coward

      Clearly French needs to be banned. Maybe ban SMSs too.

    • Its the NY DA and the FBI! These idiots think emojis are encryption
    • Re: (Score:3, Insightful)

      by Zorpheus ( 857617 )
      Only in the final phase when it did not matter anymore. Before they used encrypted communication over the playstation network
    • but the terrorists in Paris seems to have used plain old unencrypted SMS, in French no less.
      http://arstechnica.com/tech-po... [arstechnica.com]

      Which is a mistake the probably won't make twice.

  • scary (Score:5, Insightful)

    by MickyTheIdiot ( 1032226 ) on Thursday November 19, 2015 @10:03AM (#50961695) Homepage Journal

    In a time when leaders are getting more stupid the issues are getting super complex. And that scares the shit out of me.

    This particular anti-encryption movement isn't putting a gun to our economy's foot, it's putting a gun to our economy's head.

    • Re:scary (Score:5, Insightful)

      by gstoddart ( 321705 ) on Thursday November 19, 2015 @10:43AM (#50962025) Homepage

      Not just the economy ... your privacy, your personal digital security, your freedom of association.

      When these clowns say this kind of stuff, what they're really saying is "we need to be able to spy on everybody to make sure we can find the bad guys, if you're not a bad guy you'll be fine".

      This is basically saying "if you have nothing to hide you have nothing to fear", and pretty much only fascists and tyrants say shit like this.

      Western democracies, and the people who claim to be protecting us, are devolving into entities who claim they need to undermine our freedoms in order to protect them. They act like the old state police of the communist countries we spent 50 years in a cold war with.

      They get these sweeping powers which are incompatible with our rights, claim they'll only use them for terrorists, and then come up with shit like "parallel construction" to commit perjury and lie about how they got it so they can make more mundane criminal charges stick. And, make no mistake, it's perjury -- it's a deliberate attempt to take evidence which would be inadmissible in court and obfuscate where it came from, including that it was technically illegally obtained.

      So now they want to outlaw all forms of encryption they can't break so they can monitor everything. And then they'll inevitably take that information, pass it on to law enforcement.

      There simply is no good outcome for citizens when government insist we not be able to have privacy from them, and then they can take everything we ever do and then retroactively decide we've broken a law.

      This is about FAR more than your economy. This is attacking the very underlying premises of our societies.

      When a fucking DA says shit like this, it says "we no longer give a damn about the law and your rights, it's far more convenient if we can just spy on everything everybody does and then decide who we need to round up".

      And if he's stupid enough to not understand that if they can break it, the other bad guys can as well, then he's too fucking stupid to continue to hold his job.

      • Imagine if the DA went around saying, "we need to have a key to your bathroom door."
        With a bathroom door it sounds hilarious, but that's basically what he's saying.
        • So we really shouldn't have any limits on government intrusion. If the government wants it, they should just have it. So next the government wants the 2nd amendment. Next, ...?
        • Imagine if the DA went around saying, "we need to have a key to your bathroom door." With a bathroom door it sounds hilarious, but that's basically what he's saying.

          I believe you're looking for Section 1008.1.9.5.1 of the International Building Code:

          Closet and bathroom doors in Group R-4 occupancies.
          In Group R-4 occupancies, closet doors that latch in the closed position shall be openable from inside the closet, and bathroom doors that latch in the closed position shall be capable of being unlocked from the ingress side.

    • Encryption isn't a major economic factor in this context.
  • so it must be good (Score:5, Insightful)

    by Anonymous Coward on Thursday November 19, 2015 @10:10AM (#50961761)

    If governments urge you not use a specific type of encryption, then you know you are using it right.

  • by rmdingler ( 1955220 ) on Thursday November 19, 2015 @10:10AM (#50961767) Journal
    Governors use a high profile, tragic terrorist attack to implement some freedom-strangling legislation.

    Freedom for safety... what could go wrong?

    • The fact here though is that this douche nozzle is just a DA. According to the website: manhattanDA.org the responsibility of the Manhattan DA is:

      The District Attorney's Office represents the People of the State of New York in bringing charges against a suspect in a court of law. The New York County District Attorney's Office has the responsibility and authority to investigate and prosecute crimes in the borough of Manhattan.

      His role is to represent the people. In this instance he is not representing the p

  • by PvtVoid ( 1252388 ) on Thursday November 19, 2015 @10:12AM (#50961793)

    "Manhattan DA Pushes for Zero Knowledge Policy"

    You're welcome.

  • Please provide verifiable numbers to support your position.
    • Ya see if we could just dragnet more communications I'm sure he could get more pedo's and wannabe terrorists (like that teenager the FBI entrapped). Mr DA wants some easy stats for his election PR.

  • by Dereck1701 ( 1922824 ) on Thursday November 19, 2015 @10:21AM (#50961881)

    Zero-knowledge encryption? Sounds like they're trying to invent some new buzzword to try to make something almost no one could argue against, secured communications and records for banking, conversations & confidential information (medical records, personal matters, etc). It should also be noted that there is a really good reason for this move to decentralized encryption, the feds simply couldn't keep their hands out of the cookie jar. That and there are no indications that allowing the government full access to communications has any effect on terrorist activity, its pretty obvious that they were hoovering information before 9/11 and it didn't stop that, they've created massive data centers and tied in with ISPs throughout the globe and they didn't stop Paris, Metrojet Flight 9268, Boston or any of the other major attacks. I find it disturbing they can argue for ever increasing levels of surveillance when the massive levels they are already spending tens of billions of dollars and not stopping a few nuts chatting over text messages.

    • It is worse than that. "Zero-knowledge proofs" is a specific term of art in the encryption field that has a specific meaning. It doesn't have anything to do with encrypting Android or IOS phones, as far as I know.

      https://en.wikipedia.org/wiki/... [wikipedia.org]

      Someone had too many buzzwords with their coffee, I think.

    • by gstoddart ( 321705 ) on Thursday November 19, 2015 @11:22AM (#50962335) Homepage

      Zero-knowledge encryption? Sounds like they're trying to invent some new buzzword

      In this case, it's being used by Apple and Google (and likely others) to say "we have zero knowledge of how to decrypt this because we haven't given it to ourselves".

      This is them trying to wash their hands of it and say "we can't help you, you need to get subpoenas and contact the user", but leave us out of this.

      to try to make something almost no one could argue against, secured communications and records for banking, conversations & confidential information (medical records, personal matters, etc)

      And why do you say that like it's a bad thing? They're explicitly saying "since we have zero knowledge of how to decrypt it, it is safe for those things".

      Isn't this what we want?

      The DA wants "zero-knowledge" encryption to go away. Apple et al are saying "we don't want to do that". Are you arguing that Apple and Google are wrong here?

      • by Wycliffe ( 116160 ) on Thursday November 19, 2015 @12:25PM (#50962833) Homepage

        The DA wants "zero-knowledge" encryption to go away. Apple et al are saying "we don't want to do that". Are you arguing that Apple and Google are wrong here?

        They can want it to go away all they want but zero knowledge encryption is exactly what would happen if apple/google stopped providing encryption. If I encrypt it using a one time hash before I send the message, upload it to dropbox, etc... then of course they have zero knowledge of the key. Honestly, if I was a terrorist, this is exactly how I would do it. I would encrypt the message and then embed it in a Steganograph jpeg. It would be rather simple to write an iphone app that did exactly this and automated the whole process so that all it looked like was two users were sending pictures back and forth.

        • Well, you can be a terrorist however you choose, that's up to you.

          But since most ordinary people aren't going to jump through all of those hoops to have every day encryption, that would have the effect of taking encryption away from non-technical people.

          So, me, I'm in favor of Google and Apple putting encryption on and having no access to the key to decode it.

          Having Apple and Google stop providing encryption is exactly what the spies and fascists want. That way everyone is insecure, and the use of encrypti

  • by dingleberrie ( 545813 ) on Thursday November 19, 2015 @10:48AM (#50962053)

    The more power you accumulate in one place, the more that place will attract greedy psychopaths and power-mongers. Imbalance of information knowledge is power and the key to domination. Encryption while on the grid is one of the few ways we have to prevent an accumulation of power that can be abused by those attracted to it. It puts everyone closer to the same footing. Equality of power in each citizen is what made our country strong. If we want to save lives from devastation over the next couple of generations, maybe we should make encryption stronger and invalidate any secret courts and secret laws... because... you know... imbalance of information.

  • ... you were wondering what to do with those hundreds of billions of dollars of cash. Here's a good use for one of them.

    It used to be in NYC you could see buildings and buses plastered with the images of the misfits - the troublemakers; Apple roared into its current success on those precepts. Now it's time for a massive pro-privacy campaign on the same or larger scale.

    Fix this - it'll be a good investment for the shareholders.

  • Oh, and hand them to use on a silver plate.

    And pay us 7 digits a year.

    And we want a pony too!

    What? It makes our citizens LESS safe and more likely to get ripped off?
    FUCK THEM! As long as we're getting our sheckel, hookers, blow, and a big check for no actual work, we don't give a fuck!

  • Zero Knowledge DAs (Score:5, Insightful)

    by AnotherBlackHat ( 265897 ) on Thursday November 19, 2015 @11:47AM (#50962551) Homepage

    What we really need is fewer Zero Knowledge DAs.

    Pre-broken encryption is as bad as it sounds.

  • by JoeyRox ( 2711699 ) on Thursday November 19, 2015 @11:59AM (#50962665)
    The encryption is genie is already out of the bottle - there are already apps available to facilitate encrypted communications. The government seems to think that if they add encryption backdoors to newer apps/services that the terrorists will be dumb enough to use them instead of what's available now.
  • ... and yeah.. then nobody else would develop it. This method is so freaking effective.
  • Having zero knowledge about encryption's really not effective anyway. Advocating for there to be education about it is wonderful!
    [/sarcasm]
    I wish...

  • If you want your freedom, tell your elected representatives to stop importing terrorists and the populations that they hide in.

    It seems to be that we can pick not more than two from the set (Security, Freedom, Multiculturalism).. Find me another culture, anywhere on the planet, that respects freedom the way we do, or at least once did, and I'll reconsider. Until then, I'm sticking with the evidence at hand.

    We have freedom, and we have multiculturalism, and people are realizing that we don't have security.

    • by Nemyst ( 1383049 ) on Thursday November 19, 2015 @01:14PM (#50963329) Homepage
      This post is a perfect example of why social conservatism is stupid.

      You want to oppose importing terrorists eh? How do you go about doing that, pray tell? First of all, just in case you weren't aware: all of the successful terrorist attacks that happened in France weren't caused by Syrian refugees. They were carried out by people who emigrated years prior, who'd been setup as sleeper cells until the time was right to strike. So what do you do to prevent them from entering the country? Prevent anyone who looks vaguely Arabic from entering? That's millions of people you're suddenly blocking there to prevent 0.01% of them (if that) from entering.

      But that's not all, is it? There are already millions of them on your soil. Do you kick them out too? People who might've been here for generations, who have families, friends, a job and are perfectly normal citizens? Because if you don't, that leaves hundreds of possible sleeper cells around.

      And then, that's not even solving the issue fully. There have been terrorist acts carried out by converted Westerners too. How do you go about preventing that? Ban Islam entirely? That's again millions of people, some of whom have been here for so many generations they're an integral part of your country's history. Plus, it won't really help, since those converted people know how to act "normally" since they've been raised that way and were only converted later on.

      But no matter, even if you fixed that miraculously, you'd still have school shootings and crazies like Anders Breivik who are literally indistinguishable from the rest of your population and who can carry out atrocities just as well as that horrible Muslim you're so scared of.

      Here's the funny thing too: regardless of where you stop in this dangerous trend, you've still created two classes of people: those who can live in your country and those who can't. You've removed their freedom to "protect" yours. You've failed to achieve what you set out to do, unless you are so egotistical to only care about yourself. And if you're American (which is a pretty good guess from the tone of your post and the website it was posted on), you've also gone against the one thing that made it into what it is: that everyone stands equal and everyone has a chance. Now you don't stand a chance if your skin is brown. Welcome to the Confederacy.

      TL;DR: Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
      • You're right and there's only one sure-fire solution. Kill Everyone. Without exception. Nuke the entire planet. Only after everyone is dead will we be safe.

  • When are all these idiots going to realize that if WE the people don't have strong encryption, then TERRORISTS and CRIMINALS will be able to get at OUR vital information to get US?

    Security vulnerabilities put the general population at FAR MORE risk of harm than it puts terrorists at risk of being captured!

    Even a "government only" back door is just one leak or discovery away from being everyone's security vulnerability.

    --PeterM

  • When guns (or encryption!) are outlawed, then only outlaws will have guns (or use encryption)!

    Why can't you understand that!? FIND ANOTHER WAY!

    • When quantum encryption is outlawed both outlaws and law abiding citizens will simultaneously both have and lack quantum encryption.

  • What is being danced around here is the fact that, messages that are encrypted are almost assuredly already given a higher "score" in the SIGINT world than non-encrypted messages.

    That is likely one of the reasons the Terrists in Paris used UNENCRYPTED SMS to communicate. So the "signal" gets lost in the "noise" of a gazillion other SMS messages-per-second, instead of creating a "Sore Thumb" by being "encrypted".

    And it is a foregone conclusion that another staple of SIGINT, the "connections" and frequenc
  • ... when everyone's name is 'Mohammad' and their pass phrases are all 'Jihad'.

  • Terroism (Score:5, Insightful)

    by Anne Thwacks ( 531696 ) on Thursday November 19, 2015 @01:08PM (#50963259)
    This guy IS a terrorist. He is attempting to deprive the ordinary citizen of privacy by inciting fear.

    That is terrorism by definition.

    Send him strait to Gitmo NOW!

  • Just the audacity of them makes me pissed off.

The reason why worry kills more people than work is that more people worry than work.

Working...