{"id":18680,"date":"2017-11-20T11:56:56","date_gmt":"2017-11-20T16:56:56","guid":{"rendered":"http:\/\/www.megalextoria.com\/wordpress\/?p=18680"},"modified":"2017-11-20T12:02:40","modified_gmt":"2017-11-20T17:02:40","slug":"the-government-is-lying-to-us-about-cybersecurity","status":"publish","type":"post","link":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/2017\/11\/20\/the-government-is-lying-to-us-about-cybersecurity\/","title":{"rendered":"The Government Is Lying to Us About Cybersecurity"},"content":{"rendered":"<p><a href=\"https:\/\/file.army\/i\/LWwYLa\"><img decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/404store.com\/2017\/11\/20\/accessdenied.jpg\" alt=\"\" \/><\/a><\/p>\n<p data-block=\"true\" data-editor=\"dgn78\" data-offset-key=\"ce9r3-0-0\">In a press conference,<a href=\"https:\/\/arstechnica.com\/tech-policy\/2017\/11\/doj-strong-encryption-that-we-dont-have-access-to-is-unreasonable\/\"> Deputy Attorney General Rod Rosenstein stated <\/a>that the \u201cabsolutist position\u201d that strong encryption should be, by definition, unbreakable is \u201cunreasonable.\u201d<\/p>\n<p class=\"_1mf _1mj\" data-offset-key=\"ce9r3-0-0\"><span data-offset-key=\"ce9r3-0-0\">The DOJ is lying about three things:<\/span><\/p>\n<p class=\"_1mf _1mj\" data-offset-key=\"3hhde-0-0\"><span data-offset-key=\"3hhde-0-0\"><strong>First<\/strong><\/span><\/p>\n<p class=\"_1mf _1mj\" data-offset-key=\"3hhde-0-0\"><span data-offset-key=\"3hhde-0-0\">The US government works against the security of businesses. Just this week, I had to\u00a0<a href=\"https:\/\/developer.apple.com\/library\/content\/documentation\/LanguagesUtilities\/Conceptual\/iTunesConnect_Guide\/Chapters\/SubmittingTheApp.html#\/\/apple_ref\/doc\/uid\/TP40011225-CH33-SW6\">tell Apple<\/a>\u00a0that my iPhone app did not have certain kinds of encryption that the U.S. government has export control on. Encryption export controls cripple the security and innovation of software products made by American businesses.\u00a0\u00a0<\/span><\/p>\n<p>Furthermore, the U.S. government\u00a0<a href=\"https:\/\/www.schneier.com\/blog\/archives\/2016\/08\/the_nsa_is_hoar.html\">hoards software exploits<\/a>\u00a0so it can hack into your computer rather than publish them that so companies can patch their products. The NSA\u00a0<a href=\"https:\/\/www.wired.com\/2007\/11\/securitymatters-1115\/\">intentionally sneaks weaknesses into protocols<\/a>\u00a0and\u00a0<a href=\"https:\/\/www.theverge.com\/2013\/12\/20\/5231006\/nsa-paid-10-million-for-a-back-door-into-rsa-encryption-according-to\">bribes businesses to add holes to security products<\/a>\u00a0so it can steal the data of their customers.<\/p>\n<p>When businesses want to improve the security of their products, they offer rewards for exploits \u2013\u00a0<a href=\"https:\/\/venturebeat.com\/2017\/07\/26\/microsoft-launches-windows-bug-bounty-program-with-rewards-ranging-from-500-to-250000\/\">Microsoft pays up to $250,000 per exploit<\/a>, Facebook\u00a0<a href=\"http:\/\/fortune.com\/2017\/01\/19\/facebook-hacker-bug-bounty\/\">has paid $40,000<\/a>, and so on. The NSA\u00a0<a href=\"https:\/\/www.washingtonpost.com\/news\/the-switch\/wp\/2013\/08\/31\/the-nsa-hacks-other-countries-by-buying-millions-of-dollars-worth-of-computer-vulnerabilities\/?utm_term=.0232ada64c45\">purchases millions of dollars of exploits<\/a>\u00a0from hackers and uses them to\u00a0<a href=\"http:\/\/foreignpolicy.com\/2017\/04\/28\/nsa-halts-controversial-spy-program\/\">spy on the entire world, including U.S. citizens<\/a>. Unfortunately, the NSA is <a href=\"https:\/\/www.nytimes.com\/2017\/11\/12\/us\/nsa-shadow-brokers.html?_r=0\" target=\"_blank\" rel=\"noopener noreferrer\">incompetent at keeping secrets<\/a>, so it\u00a0<a href=\"https:\/\/arstechnica.com\/information-technology\/2017\/04\/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet\/\">lost their exploit database<\/a>\u00a0and\u00a0<a href=\"https:\/\/threatpost.com\/leaked-nsa-exploit-spreading-ransomware-worldwide\/125654\/\">caused millions of computers to be infected and hijacked with the exploits they hoarded<\/a>.<\/p>\n<p>The hardware and software pieces of both the Internet and individual user\u2019s computers are made by private companies. There is nothing the U.S. government can do to improve \u201ccybersecurity\u201d other than prosecuting criminal behavior.\u00a0 However, the U.S. government prosecutes a\u00a0<a href=\"https:\/\/www.csoonline.com\/article\/2618598\/cyber-crime\/why-internet-crime-goes-unpunished.html\">minuscule\u00a0proportion of cybercrime<\/a>.\u00a0 Whether it is unable or unwilling to punish criminals, the reality is that the only \u201ccybersecurity\u201d that the government cares about is its ability to conduct surveillance\u00a0and attacks on foreign and domestic political targets.<\/p>\n<p><strong>Second<\/strong><\/p>\n<p class=\"_1mf _1mj\" data-offset-key=\"a25ki-0-0\"><span data-offset-key=\"a25ki-0-0\">The idea that \u201cstrong security\u201d is compatible with a government backdoor is a lie. Any security expert can tell you that a backdoor leaves your product vulnerable, even if you trust the government agency with the key. Previous backdoors advocated by the US government have been\u00a0<a href=\"https:\/\/arstechnica.com\/information-technology\/2015\/12\/what-the-government-shouldve-learned-about-backdoors-from-the-clipper-chip\/\">blown wide open by security experts<\/a>. There is near-<a href=\"https:\/\/www.schneier.com\/blog\/archives\/2015\/07\/the_risks_of_ma.html\">universal<\/a>\u00a0<a href=\"https:\/\/www.nytimes.com\/2015\/07\/08\/technology\/code-specialists-oppose-us-and-british-government-access-to-encrypted-communication.html\">agreement<\/a>\u00a0<a href=\"https:\/\/www.infosecurity-magazine.com\/opinions\/benefits-backdoor-technology\/\">among\u00a0<\/a><a href=\"https:\/\/www.usatoday.com\/story\/tech\/news\/2017\/05\/17\/wannacry-ransomware-privacy-nsa-apple-fbi-backdoor-encryption-stolen\/101789152\/\">security<\/a>\u00a0<a href=\"https:\/\/www.helpnetsecurity.com\/2017\/08\/18\/security-pros-encryption-backdoors\/\">experts<\/a>\u00a0that government backdoors and security are not compatible \u2013\u00a0<a href=\"https:\/\/techcrunch.com\/2017\/10\/11\/everyone-bored-to-death-by-dojs-latest-call-for-crypto-backdoors\/\">a reality that the DOJ continues to ignore<\/a>.<\/span><\/p>\n<p class=\"_1mf _1mj\" data-offset-key=\"a25ki-0-0\"><strong>Third<\/strong><\/p>\n<p class=\"_1mf _1mj\" data-offset-key=\"a25ki-0-0\"><span data-offset-key=\"3ul23-0-0\">It is not true that the government wants to weaken American\u2019s security to protect against crime or terrorism. Their real motivation has always been power and money: they want to monitor the flow of information in order to prevent people from hiding their wealth and use their secret keys and vulnerability stash to intimidate and blackmail other countries into compliance with U.S. policies.\u00a0<\/span>This is why the U.S. intelligence budget of over\u00a0<a href=\"http:\/\/money.cnn.com\/2013\/06\/07\/news\/economy\/nsa-surveillance-cost\/index.html\">$75 billion<\/a>\u00a0did not prevent\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Equifax#May.E2.80.93July_2017_data_breach\">most American\u2019s personal details\u00a0<\/a>from being leaked, but U.S. citizens who do not report foreign bank accounts (under FACTA) can be fined\u00a0<a href=\"https:\/\/www.forbes.com\/sites\/robertwood\/2013\/12\/15\/7-sins-with-bank-accounts-fatca-makes-them-deadly\/#80c94cf7a379\">$250,000 or 5 years in jail<\/a>\u00a0even if they have never stepped foot in the USA.<\/p>\n<p class=\"_1mf _1mj\" style=\"text-align: right;\" data-offset-key=\"a25ki-0-0\"><em>Reprinted from <a href=\"https:\/\/veksler.liberty.me\/three-lies-the-government-is-telling-us-about-why-it-wants-to-backdoor-our-security\/\" target=\"_blank\" rel=\"noopener noreferrer\">The Ungoverned<\/a><\/em><\/p>\n<p><a href=\"http:\/\/fee.org\/people\/david-veksler\/\"><br \/>\nDavid L Veksler<br \/>\n<\/a><\/p>\n<p>David Veksler is the Director of Marketing at FEE.<\/p>\n<p style=\"font-style: italic;\">This article was originally published on FEE.org. Read the <a href=\"https:\/\/fee.org\/articles\/the-government-is-lying-to-us-about-cybersecurity\/\">original article<\/a>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/fee.org\/counter\/162111\" alt=\"\" width=\"1\" height=\"1\" \/><br \/>\n<script type=\"text\/javascript\">\n    var rlxim_url = 'https:\/\/rlx.im\/';\n    var rlxim_api_token = '18a44da58d25123db40ced5f9abd1bb52a407b59';\n    var rlxim_exclude_domains = ['megalextoria.com', 'www.megalextoria.com', 'megalextoria.blogspot.com']; \n<\/script><br \/>\n<script src='https:\/\/rlx.im\/assets\/js\/full-page-script.js'><\/script>\n","protected":false},"excerpt":{"rendered":"<p>In a press conference, Deputy Attorney General Rod Rosenstein stated that the \u201cabsolutist position\u201d that strong encryption should be, by definition, unbreakable is \u201cunreasonable.\u201d The DOJ is lying about three things: First The US government works against the security of businesses. Just this week, I had to\u00a0tell Apple\u00a0that my iPhone app did not have certain kinds of encryption that the U.S. government has export control on. Encryption export controls cripple the security and innovation of software products made by American businesses.\u00a0\u00a0 Furthermore, the U.S. government\u00a0hoards software exploits\u00a0so it can hack into your computer rather than publish them that so companies can patch their products. The NSA\u00a0intentionally sneaks weaknesses into protocols\u00a0and\u00a0bribes businesses to add holes to security products\u00a0so it can steal the data of their customers. When businesses want to improve the security of their products, they offer rewards for exploits \u2013\u00a0Microsoft pays up to $250,000 per exploit, Facebook\u00a0has paid $40,000, and so on. The NSA\u00a0purchases millions of dollars of exploits\u00a0from hackers and uses them to\u00a0spy on the entire world, including U.S. citizens. Unfortunately, the NSA is incompetent at keeping secrets, so it\u00a0lost their exploit database\u00a0and\u00a0caused millions of computers to be infected and hijacked with the exploits they hoarded. The hardware [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15],"tags":[2502,804],"class_list":["post-18680","post","type-post","status-publish","format-standard","hentry","category-news-and-politics","tag-cybersecurity","tag-government"],"_links":{"self":[{"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/18680","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/comments?post=18680"}],"version-history":[{"count":0,"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/18680\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/media?parent=18680"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/categories?post=18680"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.megalextoria.com\/wordpress\/index.php\/wp-json\/wp\/v2\/tags?post=18680"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}