[Cryptography] Statement from Attorney General William P. Barr on Introduction of Lawful Access Bill in Senate

Sid Spry sid at aeam.us
Tue Jul 7 00:17:04 EDT 2020


On Mon, Jul 6, 2020, at 1:38 PM, Henry Baker wrote:
> At 10:56 AM 7/6/2020, Ray Dillinger wrote:
> >In rather the same way that cryptography actually protects very little
> >of your privacy now that we live in a surveillance economy where every
> >large company is analyzing everything - where you shop, what kind of
> >dogfood you buy, where you get gas for your car, every word you type on
> >social media, where your cell phone goes every minute of every day, and
> >everything else they can get - and constantly cross-referencing it
> >against public records etc.  Maybe defensive crypto makes a difference,
> >but really, how much difference does it make?
> 
> You might want to ask some of the folks who have lost millions in
> Bitcoin due to almost-if-not-actual-state-level-hacking.
> 
> As a taxpayer, I'm more than a little pissed that the NSA/CIA have
> no responsibility to protect *me* as a citizen; apparently, NSA's
> only responsibility is to protect the *federal govt* from hackers.
> So I have to personally protect myself against state-level hackers,
> while ***my own govt is sawing on my encryption limb to make me even
> more vulnerable.***
> 
> I hate to suggest it, for all sorts of obvious reasons, but the
> NSA might get a tiny bit more sympathy from ordinary citizens if
> the NSA was actually tasked with protecting said citizens.  It's
> nice for the banks that the NSA occasionally provides them with
> assistance, but when was the last time the NSA helped an ordinary
> citizen?
> 

Tangential perhaps but a good example of this is the signed
bootloaders that restrict freedom and are ostensibly to prevent
malware.

However in the Asian markets you can find chipsets doing things
they were never advertised to do, implying some local companies
have the signing keys and are reprogramming the chipsets.

If you weren't aware typically everything in those economies is for
sale and it's typical that you take your old employer's IP with you
when you go. So, organized crime the world over likely has signing
keys for chipset level exploits. But you have no ability to sign your
own board firmware as a preventative measure :^)


More information about the cryptography mailing list