FBI Director wants 'adult conversation' about backdooring encryption FBI Director James Comey is gathering evidence so that in 2017 America can have an "adult" conversation about breaking encryption to make crimefighters' lives easier. Speaking at Tuesday's 2016 Symantec Government Symposium in Washington, Comey banged on about his obsession with strong cryptography causing criminals to "go …
But the government also has the right to invade that privacy
Frankly, this says it all.
"Government" does not have ANY "rights" whatsoever, and invasion of privacy is NEVER, NEVER a "right". There may at most be a temporary, court-granted waiver.
That phrase right there should start an armed insurrection against the occupying power.
I completely agree with you. I read that line and recoiled in shock!
For that line alone he should consider his position untenable and step down immediately. He's completely failed to understand that his role is to protect the people and not to protect the rights of the elected temporary government.
That line would not wash in the UK and I'm concerned that this is happening in the US, especially when we use so many US online services.
Right now in the UK we have the Human Rights act 1998 and article 8 states that we have these rights.
Mind you, Mistress May is doing all she can to tear that down and remove that critical line about phone tapping and email monitoring.
https://www.citizensadvice.org.uk/law-and-rights/civil-rights/human-rights/what-rights-are-protected-under-the-human-rights-act/your-right-to-respect-for-private-and-family-life/
Article 8 is unfortunately quite worthless, despite the Daily Fail constantly ranting about how evil it is. It can be ignored for matters of national security, or even worse, matters of public morality. What is the definition of public morality? Whatever the government say it is of course.
"How about setting up a "safe area" for the dear FBI Director wherein he can navel-gaze in peace and pursue the self-indulgent logic of "anything goes, because I'm the good guy"?"
Well, there are already many state sponsored sanitariums set up for just such a purpose, but alas, they are woefully underfunded. So the psychiatric profession is not a diligent as it should be.
Maybe if we diverted some of the spook funding to them instead?
Too true and it's going to happen because the noise of the unthinking will win over civil rights even though the constitution should secure them. The fourth amendment was trashed in the late nineties to accommodate the Amtrak crowds that rode the northeast corridors. Pee in the jar or be fired was not a phrase I remember from civics nor was public safety concerns are more important than personal liberties, but it happens regardless to thousands every year who work in public transportation.No evidence, no suspicion, no witnesses. Same thing will happen again when the chatter reaches a high enough level.
Pee in the jar or be fired was not a phrase I remember from civics nor was public safety concerns are more important than personal liberties, but it happens regardless to thousands every year who work in public transportation.
Ahh.. but they CHOOSE to work in public transportation.
Be very afraid.
The FBI is currently "uprooting terrorists" by setting paid "agents provocateurs" on mentally challenged brown people who can then be nabbed "in the nick of time" and paraded in front of cameras as "potential terrorists" in a fashion that, I am sure, has absolutely not come from a manual on how to do Stalinist purges.
If they "collect information" about nefarious use of crypto, some poor sods will make contact with the prison-industrial complex in unexpected ways.
Not just Stalinist, more modern methods than that. . . the conspiracy theorists amongst us would probably remind people about Markus Wolf
Despite his public transformation, he was barred from entering the United States, which he found hypocritical. . .. Partly to blame, he said, was his refusal to work for the CIA with the promise of a seven-figure salary, a home in California and a fresh identity. from his obituary in the WaPo!
http://www.washingtonpost.com/wp-dyn/content/article/2006/11/09/AR2006110901967_2.html
Markus "Mischa" Wolf was head of the DDR(look it up, youngsters) security police, who , allegedly, did eventually make it to the US for a chat with Homeland Security, allegedly (again) with ex-USSR KGB top operatives such as Yevgeny Primakov, Alexander Karpov and Oleg Kalugin - but that was over ten years ago?
That does remind me but quite a bit of serious crypto thinking recently came/(comes?) from an offshoot of the Stasi, no really! I used to work for a large German company in München, who's crypto dept was/(is?) still based in Berlin. . .it's all rather public information, just covered in a lot of cruft & noise. . .
"US tech firms are, of course, very worried ... any backdoor would kill their sales, both domestically and internationally."
They would of course, have the option of becoming non-US companies. I'm quite sure there are a number of companies that would be happy to accommodate them. Ireland anybody.
They'd have to sell weak encrypted products in the US which is rather ironical. Back in the day the US was very insistent that they should have strong encryption and the rest of the world would have to have weak encryption. If Comey gets his way that might be reversed.
<quote>"I wanna toy!"
"No."
"I wanna toy!"
"No."
"I wanna toy!"
"No."
"I wanna toy!"
"No."
"I wanna toy!"
"No."
"I wanna toy!"
"No." Adult, fed up with petulant child whining, takes out 3 inch wide leather belt, and gives child deserved ass whipping. Child gets message.</quote>
FTFY
"Adult, fed up with petulant child whining, takes out 3 inch wide leather belt, and gives child deserved ass whipping. Child gets message."
Actually I think by saying "adult" he has the exact same thing in mind, only in reversed roles.
"Clean up you room!"
"No."
"Clean up you room!"
"No."
[...]
er.... you might not have noticed - but certainly SWITZERLAND already has this national protection system installed (confession: I was in a café on the border@CERN in around 1986 when I saw the pneumatic cylinders/tank-traps being carefully installed - look for the patterns on the roads/motorways) then. . .
http://io9.gizmodo.com/5919581/how-switzerland-camouflaged-its-ready-to-explode-architecture-during-the-cold-war
To interrupt the utility of bridges, tunnels, highways, railroads, Switzerland has established three thousand points of demolition. That is the number officially printed. It has been suggested to me that to approximate a true figure a reader ought to multiply by two. . . .
Where a highway bridge crosses a railroad, a segment of the bridge is programmed to drop on the railroad. Primacord fuses are built into the bridge. Hidden artillery is in place on either side, set to prevent the enemy from clearing or repairing the damage. . . .
McPhee points to small moments of "fake stonework, concealing the artillery behind it," that dot Switzerland's Alpine geology, little doors that will pop open to reveal internal cannons and blast the country's roads to smithereens.
Later, passing under a mountain bridge, McPhee notices "small steel doors in one pier" hinting that the bridge "was ready to blow. It had been superseded, however, by an even higher bridge, which leaped through the sky above-a part of the new road to Simplon. In an extreme emergency, the midspan of the new bridge would no doubt drop on the old one."
We've done it here in the US. The Strand in Coronado (San Diego, CA) is wired for explosives just in case the Coronado bridge is brought down, not that this is expected to be a problem as its pieces are designed to float. This is all to insure that the US Navy doesn't have any problems if San Diego is attacked, well beyond any direct strikes.
Anyone with rudimentary knowledge of cryptography knows all cryptographic systems have one glaring weakness - the brute force attack. Given enough time and resources all messages can be broken and read. Also, it is likely (more like a certainty) that any commonly used system has implementation errors that weaken it. Now the esteemed traitor/idiot wants in add a backdoor (implementation error) and expects no one will look for.
Given enough time and resources all messages can be broken and read.
Enough time, sure. As in millions of years. And adding bits to the key makes the time go up exponentially. DES with its 56-.bit key is now considered crackable, so it has been replaced by algorithms with a longer key. I expect they too will be replaced as computing power grows. But it does not really matter, as long as the time needed for a brute force attack is longer than the time the message is expected to be relevant.
The real issue is whether there are implementation flaws or back doors (which act like implementation flaws). Adding a known backdoor is just painting a bullseye on the code telling hackers come look for the backdoor. Whether they find the backdoor they are certain to find some flaws they can abuse.
No cryptographic systems is truly unbreakable even if takes millennia with current hardware. The fact that older systems once touted as effectively unbreakable now can be seccomb to brute force attack means there is ongoing arms race between the systems and the hackers.
Go easy on the heavy words. Comey isn't a traitor, but is simply someone with a very limited span of interest. He wants US manufacturers to make his life easy with no regards for the consequences (or for the side effects, because how do them terrorists make money? Exactly, with crime - that you facilitate with such idiocy).
So, he's an idiot whose only redeeming feature is that he hasn't tried the "you can trust us" line. Yet.
Has he done 'If you've nothing to hide, you've nothing to fear' or the classic 'you're either with us or against us'?
How about 'there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don't know we don't know.'?
That's not true. For encryption systems where the key is as long as the message (one time pad for instance) there is no way to brute force the encryption and identify the correct message. You may well try an encryption setting and reveal "The FBI is full of idiots", but you will also have another encryption setting which will reveal "The CIA is full of idiots" and another that says "The gov is full of idiots", there is no way of working out which is the true original message. Even when the key is shorter than the message there will still probably be multiple decryptions which may appear to be valid messages, though you can probably discard a large proportion of the decryptions if you know the syntax of the output (e.g. it will be english text).
'For encryption systems where the key is as long as the message (one time pad for instance) there is no way to brute force the encryption and identify the correct message. You may well try an encryption setting and reveal "The FBI is full of idiots", but you will also have another encryption setting which will reveal "The CIA is full of idiots" and another that says "The gov is full of idiots", there is no way of working out which is the true original message.'
Well that's has obvious uses, they just 'crack' the cyphertext to reveal whatever plaintext they need to secure a conviction.
"Now the esteemed traitor/idiot wants in add a backdoor (implementation error) and expects no one will look for."
Actually it's worse than that.
Implementation error --> May not exist || can't be found with methodology attacker is using.
Backdoor --> Definitely exists && has known access process to it
AFAIK this will be "one (code) key to open them all." It will be the most desirable target for every cyber criminal, terrorist or state actor on the face of the planet and they will never stop looking for it
Mr Comey and his like-minded counterparts in 'law enforcement' and government around the world are starting from the premise that this is possible. Thus, the conversation they want to have - however 'adult' - is for people to tell them how to do it.
An 'adult' conversation isn't enough; what is needed is an open and honest conversation - one that starts with a proposition for a desired end result and then investigates whether this end result is feasible or even possible before it gets any further. That conversation must have, as a fundamental understanding, the admission from Comey (et al) that it really might not be possible to do what he wants.
Comney and his ilk are trying to jump straight to the 'how' without wishing to seriously address the 'if' first. "Stop telling me it can't be done and start telling me how it can be done."
In that way, he's almost like the two wireless power 'start-ups' getting press: uBeam and Energous. Both of these companies have a 'vision' of an outcome: wireless power transmission that is safe, affordable and efficient. The basic technology - power transmission via sound or radio waves - is certainly possible and uncontroversial. The problem is that to get it to work in any useful way is either dreadfully dangerous or insanely wasteful/expensive.
Similarly, Comeys 'vision' of encryption that can be broken by the feds but not by anyone else has, at its heart, a (technically) uncontroversial reality: it is possible to make encryption that is able to be decrypted by a third party. The problem comes, as it does with uBeam and Energous, when it is asserted that this access can be achieved while keeping all the benefits provided by the current technology.
uBeam and Energous can create transmitters to supply power to devices wirelessly but they are only able to do so by throwing out all the benefits of the existing technology - efficiency, speed and economy - because, you know, physics.
In Comey's case, encryption can be created that is crackable by feds but only if they throw out the benefit provided by current encrytion: security. Because, you know, mathematics.
For both, the focus on the vision renders the product useless for it's main purpose: charging devices in uBeam/Erergous's case and security data in Comey's.
OK, so you convict and imprison those who do not create weakened encryption.
You now have only criminals who have strong encryption.
You have created your own enemies. And they can talk about you behind your back because you rely on having the keys to unencrypt messages - you now know you do not have to develop your own, so you don't have anyone to break encryption anymore.
Idiot.
Maybe we should. We start the adult conversation by pointing out to the US public that:
a) only they will be subjected to this
b) only they will be vulnerable
Given a+b it will be easy to show 'merkans that what the FBI REALLY wants is to freely snoop on the US citizens, because basically ROTW doesn't give a f***ing f**k about their backdoors and will happily go about making it's own crypto even stronger.
It's not like the US public doesn't distrust the government already, shouldn't be too hard to convince them about this one, it sounds... like truth.
Sadly, as many recent reports have shown, much of the Rest of the World are busy talking out of a similar orifice to the one Mr Comey appears to favour, and demanding, or moving towards demanding, the same thing.
Of course, that won't stop Black Hats, Grey Hats and all sorts of colours in between making 'illegal' encryption that actually works and using it. Which will, no doubt, also be declared illegal. So the next step (already in progress) will be to create more crypto-stealth methods to hide the fact that crypto is in use at all - and so it goes on.
I'm not actually fond of getting old - but this sort of thing almost makes it bearable. There's only so much stupidity one life should have to take, and this type of thing adds more than it's fair share to that total, at least for me. Sigh...
Sadly, as many recent reports have shown, much of the Rest of the World are busy talking out of a similar orifice to the one Mr Comey appears to favour, and demanding, or moving towards demanding, the same thing.
Yes, and if the FBI gets its way in te U.S, it will accelerate similar backdoor schemes elsewhere. When every major governement wants access to a backdoor, the magic keys will leak even faster, and the security afforded by such encryption will be worse than that of a girl's toy lock on her pink diary.
"I'm not actually fond of getting old - but this sort of thing almost makes it bearable. "
OT:
I have that feeling too this morning. Trying to get the new "Demon" email service to even connect has raised my blood pressure by 20 points. It is becoming clear it does not do the same job for serious email users. The marketeers and bean counters appear to consider "email is email - so we can substitute Office 365".
This ranks as probably the biggest twit in government at the current time. Did he ever take any mathematics in school? Logic? Reasoning? I guess those "experts" who say "nay" aren't adults. Hell, he won't even listen the NSA.
And while we're at it... have there been any documented cases where the FBI stopped an attack (and not a set-up either)? Or how about any of the terrorist attacks that would have been stopped if they had the keys to encrypted comms? I recall hearing of maybe one or two cases of "stopped" but the perps weren't using encryption. The key is the second question... which ones could they have stopped?
As director of the FBI, he has access to the best cryptographers in the world, if he wants it.
How this will play out is that Business, sufficiently large Commercial entities, will get strong cryptography and we home users and small business will get cracked, old methods.
This will make it easier for large Corporations to hide their maleficence and we won't have the same level of safety. It shocks me that banks and online stores are still viable, TBH. I expect these will stop once Comey gets his way.
