NSA: 'Backdoors are a Bad Idea - Give us a Front Door Key'

Uploaded on 2015-07-07 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

height.630.no_border.width.1200.jpg

The NSA's latest thought bubble, floated in front of noted cryptography journal The Washington Post, is that a “master key” for all products running encryption should be created, split up, and distributed among several agencies.

The idea was raised in a speech by Michael Rogers, boss of the NSA, in a speech at Princeton University.
“I don’t want a back door,” Rogers reportedly said, “I want a front door. And I want the front door to have multiple locks. Big locks.” The idea seems to be that only when all the agencies holding portions of a key decide to use it together will decryption become possible.

Whether Rogers also considered the conditions under which the keys should be brought together to unlock a phone, is not reported.

Also not mentioned is what would happen if someone reverse-engineered a key that would be (apparently) hard-coded into the firmware, probably because such things never happen. Nor do the deepest secrets of national security agencies ever eventually leak, it seems, and other countries would have no problem with a master key held (presumably) by US agencies.
Apparently, that's not the only idea the White House has in mind. The WashPo report also states that the administration is looking at simple mirroring of messages, under judicial oversight.

A judge might “direct a company to set up a mirror account so that law enforcement conducting a criminal investigation is able to read text messages shortly after they have been sent”, and insist that the mirror backs up stuff like photos residing on the telephone, before it's encrypted for communication. 
The Register:  http://bit.ly/1PCeuQy

 

« ‘Great Cannon’ China’s Weapon Shoots Down Internet Sites
Offensive Cyber Security Changes the Industry »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ITpreneurs

ITpreneurs

ITpreneurs provides IT training content, Instructors, Learning Infrastructure and services to IT Training providers.

Cross Identity

Cross Identity

Cross Identity (formerly Ilantus Technologies) is a complete IAM solution that is deep, comprehensive, and can be implemented even by non-IT persons.

Crypta Labs

Crypta Labs

Crypta Labs is an Award Winning IOT Security startup that is developing a quantum-based encryption chip to secure the Internet of Things.

Cyber 2.0

Cyber 2.0

Cyber 2.0 is the only system in the world that blocks all forms of cyber attack within the organization, including new and unfamiliar attack methods.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

WWPass

WWPass

WWPass is a global cybersecurity company that provides password-less authentication and client-side encryption technology.

Heidrick & Struggles International

Heidrick & Struggles International

Heidrick & Struggles is a premier provider of leadership consulting and senior-level executive search services for roles including Information & Technology Officers and Cybersecurity.

Clario Tech

Clario Tech

Clario is a simple, comprehensive, personalized protection app. It comes with a full suite of intelligent security software and intelligent people to help you live a better, safer digital life.

Node4

Node4

Node4 provide advanced, cloud-led digital transformation solutions, delivered with technical expertise, innovation and exceptional service to drive your business forwards.

Resolvo Systems

Resolvo Systems

Resolvo is provides comprehensive security assessment and testing services in Asia.

Quarkslab

Quarkslab

Quarkslab is a dedicated team of cyber-security engineers and developers. We aim at forcing the attackers, not the defender, to adapt constantly.

Attestiv

Attestiv

Attestiv puts authenticity into photos, videos and documents by utilizing advanced technologies in AI and tamper-proofing.

Rapifuzz

Rapifuzz

At Rapifuzz, our goal is to help organizations test and secure their APIs enabling trust, innovation and Seamless Secured Digital Experiences.

Index Engines

Index Engines

Index Engines is the world’s leading AI-powered analytics engine to detect data corruption due to ransomware.

CyTwist

CyTwist

CyTwist is an early warning attack detection platform that complement your existing security suite and provides your security teams with unique detection capabilities of stealth targeted attacks.

Clumio

Clumio

Clumio provides autonomous backup and recovery for critical cloud data.