Users want their secrets to be secret.
Apple wants its users' secrets to be secret.
The UK wants the fact it wants Apple to reveal anyone's secrets to be secret.
replies(1):
Apple wants its users' secrets to be secret.
The UK wants the fact it wants Apple to reveal anyone's secrets to be secret.
Yes I hate that they do that without prompting, but in theory that solution offers that balance that OP talks about - if there are no backdoors in Bitlocker(let's assume that there aren't), then your encrypted data is perfectly secure. But if a judge issues a warrant for your data, then Microsoft can provide them with a key to unlock your device.
To me, that's an acceptable compromise - it means that someone stealing my laptop won't get my data, but if a warrant is produced then bitlocker drives can be unlocked for a criminal investigation.
Couldn't Apple create a solution where all your communication is end to end encrypted with a key that they just have a copy of? No backdoors necessary.
But that is a backdoor!
Especially, it's a backdoor that's inside a foreign country and subject to their intelligence services! It might be valid for a hypothetical autochthonous UKphone, but having a system where the US can secretly crack all UK comms is .. not ideal.
Given the tendency of UK ministers to use Whatsapp for private government communications, should we allow the US to have a backdoor into all of that via Meta? (in practice, they tend to leak to newspapers themselves, but it's the principle)
> then Microsoft can provide them with a key to unlock your device.
This is a quote from parent. That renders the key and encryption itself pretty useless if it has been given to someone other than you.
...is it? That's a weird definition if I've ever heard one - backdoor to me is a normally hidden functionality that can be triggered if you know the secret, so for example adding a secret universal key that unlocks every drive - that would be a backdoor. And that's a dangerous one, because if it leaks out then all criminals of the world can now decrypt your drives.
With the way MS does it, Bitlocker could be the most secure encryption on the planet, unbreakable by any quantum computer, and yet if they have a copy of the key then the law enforcement can obtain it if needed - that's not a backdoor, not any more than giving your parents copy of your house key is an exploit on your home security.
>>but having a system where the US can secretly crack all UK comms is .. not ideal.
No, of course not, I agree with you there.
>>Given the tendency of UK ministers to use Whatsapp for private government communications, should we allow the US to have a backdoor into all of that via Meta?
Well, they shouldn't be using WhatsApp in the first place, given that they don't control the underlying technology. A backdoor might already exist and they wouldn't even know about it.
I want my devices to be secure from thieves who might steal them, and I want my communications to be secure from someone intercepting internet traffic at various locations I might visit - that is still achieved in that scenario, even if MS/Apple hold the copy of the key. That doesn't make the encryption useless - just ineffective if your attack vector is defending yourself against state-level actors.
Once your key is in the hand of a third party, you lost control of that data, and you have to trust them that they will not give it out to someone else (they will), and you have to trust them to keep it safe, and you have to trust them to [...].
My private key is mine, and mine only, or supposed to be.
We can see in the USA how quickly things can change. Laws must account for a possible Reform government, for example.
Well, maybe a better example then - I have a secure storage deposit with a bank. I'm 100% sure it's secure from opportunistic criminals and no one, including the government, knows what's inside it, however, the bank still holds a master key for that deposit box in case it's compelled to open it for law enforcement.
>>My private key is mine, and mine only, or supposed to be.
Again, OP was talking about balance - how do we make sure that people's private communications are safe from criminals, but at the same time allow law enforcement to look at them if needed. To which my answer is - that's how. That's doesn't make encryption "useless", it's just that this model doesn't fit your specific usecase.
.. so they can steal it.
https://www.forbes.com/sites/instituteforjustice/2023/12/11/...
It’s like high schools that mandate use of a particular model of lock for students’ lockers because there’s a master key staff can use to open lockers. Do you know how many students have copies of that master key? Essentially anyone who wants one.
The myth here is that a magic key that invalidates encryption can ever be controlled. It cannot.
Someone has to physically come to your house to access your front door. Computers and other computer equipment is accessible by anyone anywhere. A Russian hacker outfit can attempt to access your phone from Vladivostok in a way they can't with your front door.
Sticking with front door analogy, what if there were a master key that could open up all door locks that the police held. What if that key was leaked and now you knew that multiple gangs and criminals had the key and were breaking into houses. Would you feel secure with your front door then? Data breaches happen and a company with the keys to everyone's computer front door is a huge target. I don't trust my bitlocker key to Microsoft. There is no such thing as a magical backdoor that only good guys can use but is secure against everyone else. A backdoor is a vulnerability that puts everyone using it at risk.
It is more like the local lock company keeps the name, address, and the key bittings for every home in town. What happens when they are robbed and now your address and how to make a key for your lock are in the hands of some criminals in your area?
That's exactly what I said I don't want Apple/Google/MS to have - a master key that opens all locks is unacceptable imho.
>> What if that key was leaked and now you knew that multiple gangs and criminals had the key and were breaking into houses.
I'm sure I used this exact analogy in another comment, that's why no one should have a master key.
>>I don't trust my bitlocker key to Microsoft.
And neither do I - but overall on balance I think this is a good thing. I do like that my mum's laptop is automatically encrypted, if it gets stolen her data is safe, and if she forgets her password there is some pathway to recovering it. I like that. It's nice convenience for "regular" people. I don't do it myself because I have an alternative backup of my encryption keys. And yes, I do like that if someone is under criminal investigation that the key can be obtained from MS when a valid warrant is produced. I see that as a good thing personally.
>> There is no such thing as a magical backdoor that only good guys can use but is secure against everyone else.
Well, good thing it's not a backdoor then.
>>A backdoor is a vulnerability that puts everyone using it at risk.
Again, MS having a copy of your bitlocker key is not a backdoor.
>> Because whatever technical method the government has to break encryption will leak.
The government cannot break encryption(at least I hope they can't!)
>>The myth here is that a magic key that invalidates encryption can ever be controlled.
It's the same key you have.
I'd hope that Microsoft's key storage is harder to break into than a random local lock company. And there is no need for theoreticals - all my locks are key coded and the manufacturer can make more keys for them if I ask them. They also have my address since they know where they shipped the locks. And yet, I'm not worried about this - I suspect a wannabe robber will just break my windows with a brick not infiltrate the manufacturer's production facility to make a clone of my key.