Feds seek new ways to bypass encryption

Feds seek new ways to bypass encryption

Summary: law enforcement agents are encountering well-designed encryption products more and more frequently, forcing them to invent better ways to bypass or circumvent the technology.

SHARE:

-When agents at the Drug Enforcement Administration learned a suspect was using PGP to encrypt documents, they persuaded a judge to let them sneak into an office complex and install a keystroke logger that recorded the passphrase as it was typed in.

A decade ago, when the search warrant was granted, that kind of black bag job was a rarity. Today, however, law enforcement agents are encountering well-designed encryption products more and more frequently, forcing them to invent better ways to bypass or circumvent the technology.

One way to circumvent encryption: Use court orders to force Web-based providers to cough up passwords the suspect uses and see if they match. "Sometimes if we can go in and find one of those passwords, or two or three, I can start to figure out that in every password, you use the No. 3," Van Buren said. "There are a lot of things we can find."

For more on this story, read Feds seek new ways to bypass encryption on CNET News.

Topics: Enterprise Software, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Good reason to use different passwords

    I use the same methodology for my passwords. Get a book, page, x-numbered word with more than 8 characters on the page, flip several letters to numbers, add a couple of non-alpha-numerics, and then use for 90 days before changing. As long as they don't know which book, what page I'm on, and which word I started with, they're pretty much stuck doing a brute force hack.

    Of course I'm not into kiddie porn or drugs or committing acts of terror, so they shouldn't have any reason to be spying on/investigating me; unless it's now against the law to support and defend the Constitution..... Okay, maybe they ARE spying on me then.
    Dr_Zinj
  • RE: Feds seek new ways to bypass encryption

    I use encryption not because I have something to hide, it's just I like my privacy and want to keep "The Chinese" "Russians" and Americans out of my business. If you need to know something, ask. I may answer, but probably not.
    trust2112@...
  • Gurl'yy arire frr guvf vs lbh'er pnershy

    V hfr rapelcgvba orpnhfr gurl'er fcgvat ba zr - nyjnlf ybbxvat naq crrxvat vagb zl ohfvarff. Lbh xabj gurl'er gelvat gb gnxr bire? Gurl ner. Gurl'er rireljurer. Cebgrpg lbhefrys abj orsber vg'f gbb yngr.

    Xrrc guvf pbzzhapngvba frperg - qba'g yrg gurz xabj lbh'ir ernq vg be gung V'ir fcbxra gb lbh be gurl jvyy pbzr sbe lbh. Nyjnlf xrrc lbhe pbzzhavpngvbaf frperg be lbh ner qbbzrq, yvxr gubfr bgure barf.
    frperg_zna
  • Wait Just a Minute

    So some website might get a court order out-of-the-blue to turn over a user's password, due to a crime the user committed that is completely unrelated to the website?

    And who are these websites that store passwords using reversible encryption?
    technojoe
  • yeah, but...

    I understand the law enforcment issues but it's not much of an encryption system if there's a back door now is it? I can't imagine real criminals using some public domain encryption when they can hire a math major to design them one.
    wizardjr
  • RE: Feds seek new ways to bypass encryption

    Louis D Brandeis : ?Our government is the potent, the omnipresent teacher. For good or ill, it teaches the whole people by its example.?

    If law makers treat the Constitution as irrelevant, they teach the people government is corrupt and law should be held in contempt.

    If the majority of the American people believe the Bill of Rights should be amended there is a lawful process that permits participation by the States and We the People.

    http://biggovernment.com/tmcclintock/2011/02/16/the-patriot-act-is-a-threat-to-our-liberty/ :
    ?The Fourth Amendment arises from abuses of the British Crown that allowed roving searches by revenue agents under the guise of what were called ?writs of assistance? or ?general warrants.? Instead of following specific allegations against specific individuals, the Crown?s revenue agents were given free rein to search indiscriminately.

    In 1761, the famous colonial leader, James Otis, challenged these writs, arguing that ?A man?s house is his castle; and whilst he is quiet, he is as well guarded as a prince in his castle. This writ, if it should be declared legal, would totally annihilate this privilege.? Two hundred and fifty years later, the PATRIOT Act restores these roving searches.

    In the audience that day in 1761 was a 25-year-old lawyer named John Adams. He would later recall, ?Every man of an immense crowded audience appeared to me to go away as I did, ready to take arms against writs of assistance. Then and there was the first scene of the first act of opposition to the arbitrary claims of Great Britain. Then and there, the child, ?Independence? was born.?

    The American Founders responded with the Fourth Amendment. It provides that before the government can invade a person?s privacy, the executive branch must present sworn testimony to an independent judiciary that a crime has occurred, that there is reason to believe that an individual should be searched for evidence of the crime and specify the place to be searched and the things to be seized. The John Doe roving wiretaps provided under the bill are a clear breach of this crystal clear provision.

    The entire point of having an open and independent judiciary is so that abuses of power can be quickly identified by the public and corrected. The very structure of this law prevents that from occurring?

    I encourage citizens to join Downsize DC ?I am not afraid? campaign: http://www.downsizedc.org/etp/campaigns/77

    ?Courage is grace under pressure.? ? Ernest Hemingway

    Terrorists aim to cause fear, and by feeling fear we've given them what they want.
    We believe it's possible to win the war on terror instantly. All we have to do is stop being afraid, and stop acting out of fear.

    This makes sense not only in terms of defeating the terrorists' intentions, but also in terms of managing the terrorist threat.
    To us, America's fear of terrorism is like a cat being afraid of a mouse. Actually, it's worse than that, because all the terrorists in all the world amount to no more than an anemic mosquito on the snout of a whale. The fact is . . .
    We're in far more danger from our own cars than we are from terrorism.

    Nearly 800,000 people have died in car accidents in the last twenty years. During that time there have been exactly two Islamic terrorist attacks on U.S. soil, with less than 3,000 total fatalities. That's more than 200 TIMES as many Americans dying in their cars as at the hands of Islamic terrorism. And yet . . .

    We've turned the whole world upside down in response to the two terrorist attacks. We've launched invasions, created vast new bureaucracies, shredded the Bill of Rights, compounded regulations, spent hundreds of billions of dollars, and disrupted travel and commerce. But no one is suggesting that we do 200 times as much to address the driving risk, which is 200 times greater.
    Can we conclude from this that Americans are brave when it comes to their cars, but cowardly when it comes to Islamic terrorism?

    We think the proper conclusion is that Americans have VASTLY OVERREACTED to the threat of Islamic terrorism, and that the politicians have encouraged and exploited this overreaction to expand the power of government.

    If Ernest Hemingway had the right definition of courage ? ?grace under pressure? ? then our country has shown little grace in the face of not much pressure. To us, the official government ?War on Terror? amounts to one giant national cringe.
    We can do better, with less effort and more grace.
    There is really only one way to win a war on terrorism. Stop being afraid!

    Join the Downsize DC ?Repeal the Patriot Act? campaign:

    "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." ? Fourth Amendment to the Constitution
    Forty-five days after 9/11, Congress passed the USA PATRIOT Act without reading it. This new law was supposed to protect you from terrorism, but it has really left you unprotected against lawless federal agents. The Patriot Act contains numerous violations of the Fourth Amendment. It gives federal agents vast new powers that have been abused to investigate innocent Americans.
    In 2001 and 2006 concerned members of Congress urged expiration dates on some of the Patriot Act's most controversial powers. Regrettably, Congress has constantly renewed these powers, despite a multitude of FBI abuses. Last year, it was done with a voice vote!
    The vast powers provided in this bill are explained in detail on this campaign's Background page. They include . . .
    ? Roving wiretaps, where you can be caught in a phone sweep, without specific warrant
    ? The infamous "library provision," where The State can monitor your reading habits, even if you have no connection to terrorism
    ? National Security Letters, a tool used instead of warrants, whereby the FBI can spy on you, and the service providers who share your private info can't tell you about it
    ? Provisions that require banks to report your financial activities to federal agents
    This is only a partial list of the many ways the so-called Patriot Act violates your Constitutional rights.
    Everyone agrees that terrorists should be caught and stopped. But before 9/11, the federal government already had powerful tools of intelligence-gathering and investigation to prevent terrorism.
    ? The failures of intelligence before 9/11 were NOT addressed by the Patriot Act. Moreover,
    ? Before 9/11 there were also constitutional checks and balances to protect your liberty and privacy. Under the Patriot Act, those checks and balances are gone.
    ? In fact, the Justice Department's Inspector General has reported that between 2003 and 2006, the FBI issued nearly 200,000 NSLs. The Inspector General has also found serious FBI abuses of the NSL power.
    In conclusion . . .
    ? The Patriot Act should not have been passed because it violates the Constitution.
    ? The Patriot Act would not have prevented 9-11, and it is NOT needed to combat future terrorist acts.
    ? The Patriot Act has been constantly abused, in spite of the usual worthless political promises that it would not be.
    The Patriot Act should be repealed

    http://www.downsizedc.org/blog/how-the-patriot-act-led-to-40000-fbi-crimes

    How the Patriot Act Led to 40,000 FBI Crimes
    You may borrow from or copy this letter, or write one of your own . . .
    The "Patriot" Act represents a dark moment of fear-imposed unfaithfulness to the Bill of Rights -- a retreat from what we know, in our hearts, is proper and just.
    That which is un-Constitutional cannot be "fixed" or "reformed." It must be repealed by morally courageous congresspersons. I'm hoping that's you.
    But the Patriot Act cannot be "fixed" or "reformed" for another reason. It is pernicious. It has created ample opportunities for the FBI to abuse its powers.
    As the EFF (Electronic Frontier Foundation) has uncovered, the FBI has been intoxicated with lawlessness as a result of this terrible law. The FBI's crimes include . . .
    * submitting false or inaccurate declarations to courts
    * using improper evidence to obtain federal grand jury subpoenas
    * accessing password protected documents without a warrant
    * and much more: https://www.eff.org/pages/patterns-misconduct-fbi-intelligence-violations
    The EFF reports that "in an audit of only 10% of national security investigations . . . the FBI may have committed as many as 3,000 NSL (national security letter) violations and had failed to report many of those violations to the IOB (Intelligence Oversight Board)."
    The EFF estimates that the FBI has broken the law 40,000 times since 2001.
    40,000 times! Do incentives matter? This law seems to be an inducement to illegal behavior, doesn't it? But it gets worse, because . . .
    I, and my fellow Americans have nowhere to turn to protect ourselves.
    * President Obama hasn't instituted meaningful reforms, and
    * YOU, Congress, hasn't held the rogue FBI accountable.
    Lawlessness in the federal government is by far a bigger threat to America -- to Americans -- than terrorism is. REPEAL THE PATRIOT ACT! Don't renew it.
    Repeal