PDA

View Full Version : Rand Paul says he won’t ban encryption if president




RPfan1992
11-15-2015, 01:06 AM
The Obama administration may have punted for now on the topic of encryption, but Kentucky Sen. Rand Paul said he’ll ensure Americans can securely protect their digital data if he’s elected president.

Speaking in Des Moines, Iowa, on Thursday, Mr. Paul, a Republican, said he won’t ban encryption if he wins next November’s election, cementing his stance with respect to a hot-button issue that widened a rift between Silicon Valley and Washington this year before the White House ultimately decided last month not to push for a legislative solution.

“The head of the FBI came out with this recently. He says, ‘Oh, we’re going to ban encryption.’ And it’s like we want to build a backdoor into Facebook and a backdoor into Apple products,” the presidential hopeful said at the Yahoo Digital Democracy conference this week. “A backdoor means that the government can look at your stuff, look at your information, your conversations. … The problem is, is that the moment you build an opening — and I’m not an expert on coding or anything — but the moment you give a vulnerability to a code that someone can get into your source code, not only can the government, but so can your enemies, so can foreign governments.”

“What’s China going to say? ‘Apple, you want to do business with us, you’ll have to give us an opening so we can watch,’ ” Mr. Paul added. “I don’t think we want that.”

Citing the increasing availability of robust, easy-to-use encryption and its effect on criminal investigations and counterterrorism probes, the Justice Department this year urged companies like Apple and Google to rethink the capabilities of their products before deciding last month to put their efforts on hold.

“The United States government is actively engaged with private companies to ensure they understand the public safety and national security risks that result from malicious actors’ use of their encrypted products and services. However, the administration is not seeking legislation at this time,” James Comey, the director of the FBI, testified before the Senate in October, much to the delight of computer security experts and civil libertarians.

They said banning encryption or forcing companies to weaken their technology posed surefire risks with respect to digital privacy and the functionality of the Internet.

“I don’t think we want to … say we cannot have encryption or build openings,” Mr. Paul said at Thursday’s event. “I think we need to do the opposite. We need to let the marketplace develop where we try to keep the government out of our affairs.”

That opinion, however, is hardly shared among other candidates vying for the Republican Party’s nod. Mr. Paul squared off with New Jersey Gov. Chris Christie on the topic earlier this year. At Thursday’s event, Mr. Paul said that a “learning problem” was keeping Mr. Christie from understanding “that you can use the Fourth Amendment and still get terrorists.”

http://www.washingtontimes.com/news/2015/nov/13/rand-paul-says-he-wont-ban-encryption-if-president/

Matt Collins
11-15-2015, 02:52 AM
This needs to be spread far and wide among the tech crowd. I just tried to get it posted up on www.slashdot.org (http://www.slashdot.org)


If anyone else posts to other tech sites, please share it there too.

ChristianAnarchist
11-15-2015, 08:36 AM
#StandWithRand

01000110
11-15-2015, 10:04 AM
You can't just ban encryption. Anyone with a computer and a compiler and the algorithms can encrypt data. So, good luck with the banning, can't happen.

The NSA just wants Apple, Google and etc... to let them in via backdoors.

Apple appears to tell the NSA to go bug off anyhow:

http://www.techtimes.com/articles/97455/20151021/apple-and-nsa-talk-encryption-but-tim-cook-stands-firm-no-to-government-backdoors.htm


Apple CEO Tim Cook, meanwhile, stood firm on his stance against government backdoors that would breach its encryption. Cook argued that encryption is paramount to protecting people and should not be impenetrable just for some, while open for others."You can't have a backdoor that's only for the good guys," said Cook

Valli6
11-15-2015, 10:25 AM
Flipping through Sunday political shows, they are all pushing hard, that the Paris attacks were due to the encryption on digital devices and "we're going to have to" do something about that. They're asserting that they would've known about the terrorists' plans if not for that darned encryption!

This propaganda push explains Dana Perino's incoherent tweet after the Paris attacks, "F Edward Snowden". :rolleyes:

We can expect a deluge of anti-encryption propaganda. Rand has his work cut out for him.

brandon
11-15-2015, 11:06 AM
That's nice of him. I wonder what other things he won't ban? I really hope he doesn't ban ice cream. That would be great if I could still have ice cream.

Crashland
11-15-2015, 11:21 AM
Banning encryption is like banning envelopes or boxes in the mail.

Peace&Freedom
11-15-2015, 11:27 AM
Rand can easily counter the anti-encryption drumbeat by undercutting the argument that Paris couldn't know about the attacker's plans because of it. In fact, the French government DID know about the perps beforehand, but did not stop them:

http://landdestroyer.blogspot.com/2015/11/confirmed-french-government-knew.html

Brian4Liberty
11-15-2015, 11:45 AM
Flipping through Sunday political shows, they are all pushing hard, that the Paris attacks were due to the encryption on digital devices and "we're going to have to" do something about that. They're asserting that they would've known about the terrorists' plans if not for that darned encryption!

This propaganda push explains Dana Perino's incoherent tweet after the Paris attacks, "F Edward Snowden". :rolleyes:

We can expect a deluge of anti-encryption propaganda. Rand has his work cut out for him.

Yep, it was on all of the Sunday morning propaganda shows. The totalitarians want to ban encryption. As the Soup (Internet) Nazi would say: "No privacy for you!"

William Tell
11-15-2015, 12:32 PM
Flipping through Sunday political shows, they are all pushing hard, that the Paris attacks were due to the encryption on digital devices and "we're going to have to" do something about that. They're asserting that they would've known about the terrorists' plans if not for that darned encryption!

This propaganda push explains Dana Perino's incoherent tweet after the Paris attacks, "F Edward Snowden". :rolleyes:

We can expect a deluge of anti-encryption propaganda. Rand has his work cut out for him.

This is twilight zone. Banning encryption, seriously?

01000110
11-15-2015, 12:36 PM
Banning encryption and getting backdoors enabled will only help the government spy on the average citizen who doesn't know any better.

The people who really want their data encrypted realize this and will be able to counter it and the government really can't do much about it.

So there you go, take away our freedoms under the guise of protecting you.

timosman
11-15-2015, 12:38 PM
This is twilight zone. Banning encryption, seriously?

You still might be able to use it, but then it can be used to imprison you.

Predicted in 1997 in The Right to Read - http://www.gnu.org/philosophy/right-to-read.en.html


There were ways, of course, to get around the SPA and Central Licensing. They were themselves illegal. Dan had had a classmate in software, Frank Martucci, who had obtained an illicit debugging tool, and used it to skip over the copyright monitor code when reading books. But he had told too many friends about it, and one of them turned him in to the SPA for a reward (students deep in debt were easily tempted into betrayal [:D]). In 2047, Frank was in prison, not for pirate reading, but for possessing a debugger.

robert68
11-15-2015, 01:08 PM
Mighty courageous of him. :rolleyes:

Aquinas
11-15-2015, 02:50 PM
I hope Paul keeps hammering anyone foolish enough to suggest doing this.

Just last March, we had to patch our servers against the FREAK attack. This was a vulnerability where malicious actors could downgrade a user's connection to the weaker "export-grade" RSA encryption, which was forced on the industry in the 1990s so the government could have access to foreign communications. Of course, here in 2015 it just placed everyone at risk:


...there’s a third aspect of SSL/TLS that doesn't get nearly as much attention. That is: the SSL protocol itself was deliberately designed to be broken.

Let me explain what I mean by that.

Back in the early 1990s when SSL was first invented at Netscape Corporation, the United States maintained a rigorous regime of export controls for encryption systems. In order to distribute crypto outside of the U.S., companies were required to deliberately 'weaken' the strength of encryption keys. For RSA encryption, this implied a maximum allowed key length of 512 bits.*

The 512-bit export grade encryption was a compromise between dumb and dumber. In theory it was designed to ensure that the NSA would have the ability to 'access' communications, while allegedly providing crypto that was still 'good enough' for commercial use. Or if you prefer modern terms, think of it as the original "golden master key".

The need to support export-grade ciphers led to some technical challenges. Since U.S. servers needed to support both strong and weak crypto, the SSL designers used a 'cipher suite' negotiation mechanism to identify the best cipher both parties could support. In theory this would allow 'strong' clients to negotiate 'strong' ciphersuites with servers that supported them, while still providing compatibility to the broken foreign clients.

This story has a happy ending, after a fashion. The U.S eventually lifted the most onerous of its export policies. Unfortunately, the EXPORT ciphersuites didn't go away. Today they live on like zombies -- just waiting to eat our flesh.

http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html

presence
11-15-2015, 03:09 PM
Banning encryption is like banning envelopes

exactly

wizardwatson
11-15-2015, 03:36 PM
If he really means it, he'll send us this promise encrypted. Otherwise I can't be sure it's even him.

timosman
11-15-2015, 04:25 PM
If he really means it, he'll send us this promise encrypted. Otherwise I can't be sure it's even him.

What is he going to encrypt the message with? Did you meet him in person to exchange private keys?:rolleyes:

wizardwatson
11-15-2015, 04:28 PM
What is he going to encrypt the message with? Did you meet him in person to exchange private keys?:rolleyes:

You didn't? I knew there was something off about you.

adam220891
11-15-2015, 06:00 PM
What is he going to encrypt the message with? Did you meet him in person to exchange private keys?:rolleyes:

Fellow IT guy?

timosman
11-15-2015, 06:55 PM
Fellow IT guy?

A dude named Ben:


https://www.youtube.com/watch?v=hJH50Ila3n4

danda
11-15-2015, 06:57 PM
ftfy,


What is he going to encrypt the message with? Did you meet him in person to exchange public keys?:rolleyes:

adam220891
11-15-2015, 09:57 PM
ftfy,

Technically this guy is right. Public/private keys implies asymmetric encryption, where the private key must be kept safe. You could, however, meetup to establish a shared secret. DH makes physically meeting up or communicating out of band not necessary.

Anyway, isn't limiting encryption something communist and totalitarian nations do? Even if not banned, they might restrict you to DES or other weak algorithms which are easily crackable, so there's hardly a point.

We:
A) Have many federal compliance forcing the use of strong encryption (HIPAA for example) so it would be a legal mess to sort through that stuff
B) Don't want to be associated with the oppressive nations engaging in similar technical restrictions

This feels like an unneeded comment by Rand but if there's politicians out there actually advocating for this stuff then I guess someone has to speak up.

CPUd
11-16-2015, 04:00 PM
I've seen variations of this article from different outlets over the weekend:
http://money.cnn.com/2015/11/16/technology/terrorists-go-dark/index.html

Someone is trying to redefine "going dark" to mean encrypted communications.

Dr.3D
11-16-2015, 04:09 PM
I can imagine a huge increase of pictures being sent over the internet.

CPUd
11-16-2015, 04:13 PM
http://i.imgur.com/FV7FSK2.png

http://i.imgur.com/hUPjVpx.png

brandon
11-16-2015, 05:06 PM
What is he going to encrypt the message with? Did you meet him in person to exchange private keys?:rolleyes:

No you never exchange private keys, he would sign it with his secret private key and we verify using the public key pair.

timosman
11-16-2015, 06:30 PM
No you never exchange private keys, he would sign it with his secret private key and we verify using the public key pair.

If you see nothing wrong with this statement you might be an IT person. ;-)