SEARCH

Enter your search query in the box above ^, or use the forum search tool.

You are not logged in.

#1 2015-07-09 18:09:27

schwim
#! Die Hard
From: Interweb's #1 Devotee
Registered: 2012-10-11
Posts: 1,031
Website

US Gov't wants to help you unencrypt your private data

Posting this here because we've had some good discussions in the tinfoil arena before.

Uncle Sam upset that it's not omniscient

891-1436453783-share.png

Offline

Be excellent to each other!

#2 2015-07-09 18:24:59

intoCB
Scatweasel
Registered: 2012-10-25
Posts: 2,412

Re: US Gov't wants to help you unencrypt your private data

To be fair, you can't legally keep the police from physically entering your property if they have a warrant, no matter how physically secure it is.

Offline

#3 2015-07-09 18:29:20

schwim
#! Die Hard
From: Interweb's #1 Devotee
Registered: 2012-10-11
Posts: 1,031
Website

Re: US Gov't wants to help you unencrypt your private data

intoCB wrote:

To be fair, you can't legally keep the police from physically entering your property if they have a warrant, no matter how physically secure it is.

I believe there might be a minor distinction between entering your premises with a warrant and having a master key for every house on the face of the earth to walk through when they please without the owner being aware that it's happening.

Either way, I welcome our old overlords.

Offline

#4 2015-07-09 18:34:09

intoCB
Scatweasel
Registered: 2012-10-25
Posts: 2,412

Re: US Gov't wants to help you unencrypt your private data

Exactly. I don't believe in a master key model but it would be reasonable for them to be able to compel you to decrypt under court order etc.

Offline

#5 2015-07-09 18:38:14

Head_on_a_Stick
CatMod
From: A world of pure imagination
Registered: 2014-01-21
Posts: 4,797

Re: US Gov't wants to help you unencrypt your private data

intoCB wrote:

it would be reasonable for them to be able to compel you to decrypt under court order etc.

That's what we have in the UK...

I don't encrypt my system 'cos if the Police asked for the password & I forgot it, I would go to jail sad

Offline

#6 2015-07-09 18:44:40

schwim
#! Die Hard
From: Interweb's #1 Devotee
Registered: 2012-10-11
Posts: 1,031
Website

Re: US Gov't wants to help you unencrypt your private data

I agree into, but it seems thatthe U.S. hasn't yet figured out how to make it happen.  I'm confident that it will change in due time.  Lack of laws like this are almost always due to them having to try, try again, hiding it in the passing of other laws to get it past the public and not an oversight or a decision against it.

Offline

#7 2015-07-09 21:43:52

MartinRF
#! Junkie
From: Stockholm, Sweden
Registered: 2009-01-23
Posts: 451
Website

Re: US Gov't wants to help you unencrypt your private data

Head_on_a_Stick wrote:
intoCB wrote:

it would be reasonable for them to be able to compel you to decrypt under court order etc.

That's what we have in the UK...

I don't encrypt my system 'cos if the Police asked for the password & I forgot it, I would go to jail sad

So if I sent you an encrypted file and threw away the key you might have to go to jail?
This is actually not my idea. I read somewhere that a computer scientist did exactly this to an MP promoting this type of law.

/Martin

Offline

#8 2015-07-09 21:48:04

Head_on_a_Stick
CatMod
From: A world of pure imagination
Registered: 2014-01-21
Posts: 4,797

Re: US Gov't wants to help you unencrypt your private data

MartinRF wrote:

So if I sent you an encrypted file and threw away the key you might have to go to jail?

In that case, the prosecution would have to prove that I knew the encryption key (thank $DEITY) but that does illustrate the absurdity of the situation quite well.

How does it work in Sweden?

I presume you have a more rational & civilised system...

Last edited by Head_on_a_Stick (2015-07-09 21:48:22)

Offline

#9 2015-07-09 22:31:40

Anaconda
crypto-anarchist
From: Vancouver Canada
Registered: 2008-12-04
Posts: 437

Re: US Gov't wants to help you unencrypt your private data

schwim wrote:

I believe there might be a minor distinction between entering your premises with a warrant and having a master key for every house on the face of the earth to walk through when they please without the owner being aware that it's happening.

You do have a way of summing things up nicely schwim. Personally I think that anyone in govt who thinks it's ok to impose this kind of crap should be dropped off in the middle of the ocean wearing lead boots.


“The university is well structured, well tooled, to turn out people with all the sharp edges worn off...." Mario Savio
"Protections for anonymous speech are vital to democratic discourse". Help enforce our right to free and anonymous speech by taking the Tor challenge.

Offline

#10 2015-07-09 23:45:01

cpoakes
#! CrunchBanger
From: Tucson, Arizona
Registered: 2012-05-19
Posts: 202

Re: US Gov't wants to help you unencrypt your private data

Using standard debian packaged tools, one can create encrypted files indistinguishable from pseudo-random data and entirely free of any metadata indicating the file is encrypted. How can a state imprison someone for failing to decrypt a block of pseudo-random data that cannot be implied let alone demonstrated with certainty to contain encrypted data?

I regularly erase flash devices by filling them with random data; these are indistinguishable from encrypted data. Could this ensure me arrest and imprisonment in the UK because they might be encrypted but I cannot provide a password or key? Does (or will) the state prohibit owning files and devices containing random data? If not, they can never entirely regulate encryption or create effective laws to compel users to decrypt encrypted data.

Furthermore, the government can attempt to compel owners of encrypted filesystems and communications identified by their own metadata with fines and imprisonment. But the state must be willing to incarcerate and penalize a significant number of innocent people as there is no way to differentiate between owners who will not divulge (pretend to forget) and those who cannot divulge (legitimately forget) the key. Consider the number of people that might replace a laptop or hard drive and toss the old encrypted one in the cupboard, creating a liability waiting to happen as soon as the encryption key is forgotten.


programming and administering unix since 1976 (BSD, System III, Xenix, System V, Linux)

Offline

#11 2015-07-10 02:16:34

KrunchTime
#! Die Hard
From: not where I belong
Registered: 2012-03-02
Posts: 3,264

Re: US Gov't wants to help you unencrypt your private data

intoCB wrote:

Exactly. I don't believe in a master key model but it would be reasonable for them to be able to compel you to decrypt under court order etc.

You can't be compelled to do anything, unless you would rather not go to jail.


Linux User #586672
Come and Die -- Kyle Idleman

Offline

#12 2015-07-10 02:21:37

Anaconda
crypto-anarchist
From: Vancouver Canada
Registered: 2008-12-04
Posts: 437

Re: US Gov't wants to help you unencrypt your private data

And then, depending on the situation, there's this. https://xkcd.com/538/


“The university is well structured, well tooled, to turn out people with all the sharp edges worn off...." Mario Savio
"Protections for anonymous speech are vital to democratic discourse". Help enforce our right to free and anonymous speech by taking the Tor challenge.

Offline

#13 2015-07-10 06:34:19

MartinRF
#! Junkie
From: Stockholm, Sweden
Registered: 2009-01-23
Posts: 451
Website

Re: US Gov't wants to help you unencrypt your private data

Head_on_a_Stick wrote:
MartinRF wrote:

So if I sent you an encrypted file and threw away the key you might have to go to jail?

In that case, the prosecution would have to prove that I knew the encryption key (thank $DEITY) but that does illustrate the absurdity of the situation quite well.

How does it work in Sweden?

I presume you have a more rational & civilised system...

I *think* we don't have such a law in Sweden but I am not sure.

Don't count on Sweden being much better than the rest of the 'free world'. We have the same absurd copyright laws as everybody else who want to do business with the US for one.

/Martin

Offline

#14 2015-07-10 06:37:35

MartinRF
#! Junkie
From: Stockholm, Sweden
Registered: 2009-01-23
Posts: 451
Website

Re: US Gov't wants to help you unencrypt your private data

Anaconda wrote:

And then, depending on the situation, there's this. https://xkcd.com/538/

That doesn't help head-on-stick if I have sent him a an encrypted file he does not have the key to. And then you have the situation where you participate in some peer-cloud-based backup arrangement. In that case you have data on your HD that you should not be able to access.

/Martin

Offline

#15 2015-07-10 06:38:47

intoCB
Scatweasel
Registered: 2012-10-25
Posts: 2,412

Re: US Gov't wants to help you unencrypt your private data

^^LOL

^Yes, don't forget that Sweden is the enlightened country seeking the useful extradition of Julian Assange.

Real world analogies are well-meaning but fundamentally flawed. The trouble is we have people legislating on matters they barely comprehend.

Offline

#16 2015-07-10 09:24:50

KrunchTime
#! Die Hard
From: not where I belong
Registered: 2012-03-02
Posts: 3,264

Re: US Gov't wants to help you unencrypt your private data

intoCB wrote:

The trouble is we have people legislating on matters they barely comprehend.

They can't comprehend something they don't read...

Shaking his head, the delegate gave me a piece of wisdom I’ve never forgotten: “That’s not how the system works,” he said. He went on to tell me that the system’s current design actually prohibits meaningful conversation. The often hectic pace and frenetic number of hearings require that politicians make up their minds in an instant. “This process doesn’t encourage thoughtful contemplation — that takes too much time. Usually, you have to figure out as quickly as possible which side you’re on so you can move on to the next bill,” he said.

http://www.motherearthnews.com/homestea … jzcom.aspx


Linux User #586672
Come and Die -- Kyle Idleman

Offline

#17 2015-07-10 12:32:46

userx-bw
#! Die Hard
From: stuck in an unknown reality
Registered: 2013-11-19
Posts: 735

Re: US Gov't wants to help you unencrypt your private data

intoCB wrote:

To be fair, you can't legally keep the police from physically entering your property if they have a warrant, no matter how physically secure it is.

in America. Now all they have to do is come up with something that sounds good enough for the courts if it gets that far then just violate you by what ever means they deem necessary of feel like that day. Probable cause is what it is called. no warrant is needed.


"How can you learn how to fix it, if you don't break it first? :8
"the only way to get away with murder is - by killing time" swp 1997  8o
"A computer is only as smart as the person using it"
"Just plug it in and see if it blows up, if not then take it apart and figure out how it works."

Offline

#18 2015-07-10 12:40:23

userx-bw
#! Die Hard
From: stuck in an unknown reality
Registered: 2013-11-19
Posts: 735

Re: US Gov't wants to help you unencrypt your private data

cpoakes wrote:

Using standard debian packaged tools, one can create encrypted files indistinguishable from pseudo-random data and entirely free of any metadata indicating the file is encrypted. How can a state imprison someone for failing to decrypt a block of pseudo-random data that cannot be implied let alone demonstrated with certainty to contain encrypted data?

I regularly erase flash devices by filling them with random data; these are indistinguishable from encrypted data. Could this ensure me arrest and imprisonment in the UK because they might be encrypted but I cannot provide a password or key? Does (or will) the state prohibit owning files and devices containing random data? If not, they can never entirely regulate encryption or create effective laws to compel users to decrypt encrypted data.

Furthermore, the government can attempt to compel owners of encrypted filesystems and communications identified by their own metadata with fines and imprisonment. But the state must be willing to incarcerate and penalize a significant number of innocent people as there is no way to differentiate between owners who will not divulge (pretend to forget) and those who cannot divulge (legitimately forget) the key. Consider the number of people that might replace a laptop or hard drive and toss the old encrypted one in the cupboard, creating a liability waiting to happen as soon as the encryption key is forgotten.

the hypocrisy  of this is what?

if you go to these same people that demand that you show them what you have and do the same to them they will tell you to take a walk and not show you theirs no matter what you tell them. they will keep secrets from you and demand you tell them all of yours.

they are just nosey little hypocrites with control issues living in a state of paranoia that what you know might hurt them.

can someone say personally disorders controlling how and what we do?


"How can you learn how to fix it, if you don't break it first? :8
"the only way to get away with murder is - by killing time" swp 1997  8o
"A computer is only as smart as the person using it"
"Just plug it in and see if it blows up, if not then take it apart and figure out how it works."

Offline

#19 2015-07-10 22:08:34

Anaconda
crypto-anarchist
From: Vancouver Canada
Registered: 2008-12-04
Posts: 437

Re: US Gov't wants to help you unencrypt your private data

MartinRF wrote:
Anaconda wrote:

And then, depending on the situation, there's this. https://xkcd.com/538/

That doesn't help head-on-stick if I have sent him a an encrypted file he does not have the key to..../Martin

"depending on the situation" But yes you are correct.

Plausible deniability is what people need in these situations. Truecrypt, sorry Veracypt, hidden containers are useful in that regard. Again, depending on the situation.


“The university is well structured, well tooled, to turn out people with all the sharp edges worn off...." Mario Savio
"Protections for anonymous speech are vital to democratic discourse". Help enforce our right to free and anonymous speech by taking the Tor challenge.

Offline

#20 2015-07-11 00:02:34

KrunchTime
#! Die Hard
From: not where I belong
Registered: 2012-03-02
Posts: 3,264

Re: US Gov't wants to help you unencrypt your private data

Anaconda wrote:

Truecrypt, sorry Veracypt,

Thank you for the link.  I hadn't heard about that spinoff of TrueCrypt.  I thought CipherShed was the one to watch.


Linux User #586672
Come and Die -- Kyle Idleman

Offline

#21 2015-07-11 00:18:01

porkpiehat
#! Die Hard
Registered: 2012-10-02
Posts: 1,007

Re: US Gov't wants to help you unencrypt your private data

I use tcplay. It's free, open-source, works with existing truecrypt containers, and it's in the Debian repo.

https://packages.debian.org/jessie/tcplay

More information about how to use it:

https://wiki.archlinux.org/index.php/Tcplay
http://jasonwryan.com/blog/2013/01/10/truecrypt/

Last edited by porkpiehat (2015-07-11 00:21:48)

Offline

#22 2015-07-11 00:32:36

KrunchTime
#! Die Hard
From: not where I belong
Registered: 2012-03-02
Posts: 3,264

Re: US Gov't wants to help you unencrypt your private data

@porkpiehat:  tcplay is mainly Linux-only.  I prefer something more cross platform.


Linux User #586672
Come and Die -- Kyle Idleman

Offline

#23 2015-07-11 00:35:07

porkpiehat
#! Die Hard
Registered: 2012-10-02
Posts: 1,007

Re: US Gov't wants to help you unencrypt your private data

^ Good for you Krunchy. It's not all about you though -- I hope others benefit from the information, even if you prefer something else.

Last edited by porkpiehat (2015-07-11 00:41:22)

Offline

#24 2015-07-11 04:44:18

Anaconda
crypto-anarchist
From: Vancouver Canada
Registered: 2008-12-04
Posts: 437

Re: US Gov't wants to help you unencrypt your private data

@KrunchTime  I had been following the progress of both Veracrypt and Ciphershed for a while, and it seemed to me Veracrypt was making better progress. It also is going with stronger encryption standards.

I corresponded with the head dev regarding a bug report and he was very polite and grateful for the feedback, but more importantly he was responsive to the issue I was reporting. The guy seems to be doing a pretty good job imo.


“The university is well structured, well tooled, to turn out people with all the sharp edges worn off...." Mario Savio
"Protections for anonymous speech are vital to democratic discourse". Help enforce our right to free and anonymous speech by taking the Tor challenge.

Offline

Be excellent to each other!

#25 2015-07-11 12:08:53

Temetka
#! CrunchBanger
From: California
Registered: 2014-08-25
Posts: 179

Re: US Gov't wants to help you unencrypt your private data

As someone who lives in the States, and follows this type of thing very closely - it bothers me deeply that this world wide panopticon exists. Let alone that the various powers believe that there should be a backdoor or key escrow service in public encryption. Doing so, by it's nature would weaken such encryption.

My background is heavy in security. I am an IT admin and my degree is in information security. When I read articles about the FBI saying that LEO's need a legal master key or whatever form of access to encrypted data it hurts me on the inside. You can't fundamentally break how encryption works just so you can read everyone's secrets. The fact of the matter is 99% of the information out in the world is very mundane. But they are freaked out that people even have the option to encrypt their data with a level of security that they cannot break it. So they try things like the NSA did with RSA tokens. Shady.

I see only 2 possible outcomes.

1. They win and we have 2 forms of encryption. The first is what I will call "civilian grade" good enough for HTTPS and hiding porn from your spouse. Then we have "Government Encryption" which is nigh un-breakable. Of course the first form can be easily de-ciphered because they will have a master key similar to what was proposed with the Clipper Chip.

2. The tech sector wins. Which means that your regular citizen (of any country) has access to easily configurable and usable encryption which is not compromised and cannot be broken via conventional means and clusters of computers.

However I expect this all to change once Quantum Encryption and Computing takes off. Why try one password after another when you can simply try all possible permutations at once? It's going to completely change the game entirely. The question then remains "who controls the new controls?" which is similar to "who watches the watchers?"

Hell, the UK Government recently stated they want to make all encryption illegal. Why? What possible need do the goverments have for being able to view any form of data, anywhere, in real time in clear text? That means the only groups with any kind of security would be the GHCQ, NSA, et al. Anyone else - well your life is an open book and no, there is nothing you can do about it.

Offline

Board footer

Powered by FluxBB

Copyright © 2012 CrunchBang Linux.
Proudly powered by Debian. Hosted by Linode.
Debian is a registered trademark of Software in the Public Interest, Inc.
Server: acrobat

Debian Logo