back to article FBI Director wants 'adult conversation' about backdooring encryption

FBI Director James Comey is gathering evidence so that in 2017 America can have an "adult" conversation about breaking encryption to make crimefighters' lives easier. Speaking at Tuesday's 2016 Symantec Government Symposium in Washington, Comey banged on about his obsession with strong cryptography causing criminals to "go …

      1. Destroy All Monsters Silver badge
        Big Brother

        Re: Feels ...?

        But the government also has the right to invade that privacy

        Frankly, this says it all.

        "Government" does not have ANY "rights" whatsoever, and invasion of privacy is NEVER, NEVER a "right". There may at most be a temporary, court-granted waiver.

        That phrase right there should start an armed insurrection against the occupying power.

        1. Marc 25

          Re: Feels ...?

          I completely agree with you. I read that line and recoiled in shock!

          For that line alone he should consider his position untenable and step down immediately. He's completely failed to understand that his role is to protect the people and not to protect the rights of the elected temporary government.

          That line would not wash in the UK and I'm concerned that this is happening in the US, especially when we use so many US online services.

          Right now in the UK we have the Human Rights act 1998 and article 8 states that we have these rights.

          Mind you, Mistress May is doing all she can to tear that down and remove that critical line about phone tapping and email monitoring.

          https://www.citizensadvice.org.uk/law-and-rights/civil-rights/human-rights/what-rights-are-protected-under-the-human-rights-act/your-right-to-respect-for-private-and-family-life/

          1. Anonymous Coward
            Anonymous Coward

            Re: Feels ...?

            Article 8 is unfortunately quite worthless, despite the Daily Fail constantly ranting about how evil it is. It can be ignored for matters of national security, or even worse, matters of public morality. What is the definition of public morality? Whatever the government say it is of course.

  1. Fan of Mr. Obvious

    Dear FBI

    Dear FBI,

    In the real world backdoors get patched when found.

    Thanks, and have a good life.

    PS: Stop acting like a cry baby. Adults take their lumps and move on.

    1. Anonymous Coward
      Anonymous Coward

      Re: Dear FBI

      How about setting up a "safe area" for the dear FBI Director wherein he can navel-gaze in peace and pursue the self-indulgent logic of "anything goes, because I'm the good guy"?

      1. Captain DaFt

        Re: Dear FBI

        "How about setting up a "safe area" for the dear FBI Director wherein he can navel-gaze in peace and pursue the self-indulgent logic of "anything goes, because I'm the good guy"?"

        Well, there are already many state sponsored sanitariums set up for just such a purpose, but alas, they are woefully underfunded. So the psychiatric profession is not a diligent as it should be.

        Maybe if we diverted some of the spook funding to them instead?

        1. BebopWeBop Silver badge
          Trollface

          Re: Dear FBI

          Well, there are already many state sponsored sanitariums set up for just such a purpose, but alas, they are woefully underfunded. So the psychiatric profession is not a diligent as it should be.

          I agree. More funding for University Maths departments :-)

      2. Someone Else Silver badge
        Coat

        Re: Dear FBI

        Well, if he really is a "good guy", then he doesn't need any back doors, front doors, or windows (or Windows...). All he needs is a gun, because as we all know, "A good guy with a gun can stop a bad guy with a gun".

        Now, if the bad guys simply disarmed themselves....

        1. Sgt_Oddball Silver badge

          Re: Dear FBI

          I think Monty Python did an instructional video on that one..."How to defend yourself against a man armed with a banana."

  2. Christoph

    Adult conversation?

    Adult conversation: I will throw a screaming tantrum until I get my own way.

    1. fishbone

      Re: Adult conversation?

      Too true and it's going to happen because the noise of the unthinking will win over civil rights even though the constitution should secure them. The fourth amendment was trashed in the late nineties to accommodate the Amtrak crowds that rode the northeast corridors. Pee in the jar or be fired was not a phrase I remember from civics nor was public safety concerns are more important than personal liberties, but it happens regardless to thousands every year who work in public transportation.No evidence, no suspicion, no witnesses. Same thing will happen again when the chatter reaches a high enough level.

      1. Anonymous Coward
        Anonymous Coward

        Re: Adult conversation?

        Pee in the jar or be fired was not a phrase I remember from civics nor was public safety concerns are more important than personal liberties, but it happens regardless to thousands every year who work in public transportation.

        Ahh.. but they CHOOSE to work in public transportation.

  3. Destroy All Monsters Silver badge
    Big Brother

    "Collecting information". Yes. We are.

    Be very afraid.

    The FBI is currently "uprooting terrorists" by setting paid "agents provocateurs" on mentally challenged brown people who can then be nabbed "in the nick of time" and paraded in front of cameras as "potential terrorists" in a fashion that, I am sure, has absolutely not come from a manual on how to do Stalinist purges.

    If they "collect information" about nefarious use of crypto, some poor sods will make contact with the prison-industrial complex in unexpected ways.

    1. Nuno trancoso

      Re: "Collecting information". Yes. We are.

      "manual on how to do Stalinist purges". You made my day DAM :)

    2. Anonymous Coward
      Anonymous Coward

      Re: "Collecting information". Yes. We are.

      Not just Stalinist, more modern methods than that. . . the conspiracy theorists amongst us would probably remind people about Markus Wolf

      Despite his public transformation, he was barred from entering the United States, which he found hypocritical. . .. Partly to blame, he said, was his refusal to work for the CIA with the promise of a seven-figure salary, a home in California and a fresh identity. from his obituary in the WaPo!

      http://www.washingtonpost.com/wp-dyn/content/article/2006/11/09/AR2006110901967_2.html

      Markus "Mischa" Wolf was head of the DDR(look it up, youngsters) security police, who , allegedly, did eventually make it to the US for a chat with Homeland Security, allegedly (again) with ex-USSR KGB top operatives such as Yevgeny Primakov, Alexander Karpov and Oleg Kalugin - but that was over ten years ago?

      That does remind me but quite a bit of serious crypto thinking recently came/(comes?) from an offshoot of the Stasi, no really! I used to work for a large German company in München, who's crypto dept was/(is?) still based in Berlin. . .it's all rather public information, just covered in a lot of cruft & noise. . .

    3. nichomach
      Big Brother

      Re: "Collecting information". Yes. We are.

      THIS wasn't supposed to be an instruction manual.

  4. Doctor Syntax Silver badge

    "US tech firms are, of course, very worried ... any backdoor would kill their sales, both domestically and internationally."

    They would of course, have the option of becoming non-US companies. I'm quite sure there are a number of companies that would be happy to accommodate them. Ireland anybody.

    They'd have to sell weak encrypted products in the US which is rather ironical. Back in the day the US was very insistent that they should have strong encryption and the rest of the world would have to have weak encryption. If Comey gets his way that might be reversed.

    1. james 68

      Funny thing is, 2/3rds of Crypto comes from non-American companies, so he will endeavor to make the use of "foreign" crypto illegal.

      Because these people my be criminals, but they would never break that law....right?

      It's a circle jerk of epic proportions.

      1. Yet Another Anonymous coward Silver badge

        Wasn't he the cockwomble who explained that it was only "theoretically possible" for non-US companies to write encryption software ?

        1. Anonymous Coward
          Anonymous Coward

          ...while probably using AES that was developed by a couple of Belgians.

      2. tony2heads
        Facepalm

        Making foreign crypto illegal

        makes about as much sense as making foreign mathematics illegal.

  5. Red Bren

    Adult conversation

    "I wanna toy!"

    "No."

    "I wanna toy!"

    "No."

    "I wanna toy!"

    "No."

    "I wanna toy!"

    "No."

    "I wanna toy!"

    "No."

    "I wanna toy!"

    "No."

    ...

    1. Fatman

      Re: Adult conversation

      <quote>"I wanna toy!"

      "No."

      "I wanna toy!"

      "No."

      "I wanna toy!"

      "No."

      "I wanna toy!"

      "No."

      "I wanna toy!"

      "No."

      "I wanna toy!"

      "No." Adult, fed up with petulant child whining, takes out 3 inch wide leather belt, and gives child deserved ass whipping. Child gets message.</quote>

      FTFY

      1. DropBear

        Re: Adult conversation

        "Adult, fed up with petulant child whining, takes out 3 inch wide leather belt, and gives child deserved ass whipping. Child gets message."

        Actually I think by saying "adult" he has the exact same thing in mind, only in reversed roles.

        "Clean up you room!"

        "No."

        "Clean up you room!"

        "No."

        [...]

    2. Someone Else Silver badge
      Coffee/keyboard

      @ Red Bren -- Re: Adult conversation

      Look what you went and made me do ------>

      (I'd put up the beer icon, but I don't know how to get this thing to print two icons...)

  6. Yet Another Anonymous coward Silver badge

    Perhaps a childish conversation

    It would be useful if invaded for bridges, tunnels, ports, runways to be demolished

    So we should install demolition chargers now with a big red button marked "for DoD use only"

    That seems perfectly reasonable doesn't it ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Perhaps a childish conversation

      er.... you might not have noticed - but certainly SWITZERLAND already has this national protection system installed (confession: I was in a café on the border@CERN in around 1986 when I saw the pneumatic cylinders/tank-traps being carefully installed - look for the patterns on the roads/motorways) then. . .

      http://io9.gizmodo.com/5919581/how-switzerland-camouflaged-its-ready-to-explode-architecture-during-the-cold-war

      To interrupt the utility of bridges, tunnels, highways, railroads, Switzerland has established three thousand points of demolition. That is the number officially printed. It has been suggested to me that to approximate a true figure a reader ought to multiply by two. . . .

      Where a highway bridge crosses a railroad, a segment of the bridge is programmed to drop on the railroad. Primacord fuses are built into the bridge. Hidden artillery is in place on either side, set to prevent the enemy from clearing or repairing the damage. . . .

      McPhee points to small moments of "fake stonework, concealing the artillery behind it," that dot Switzerland's Alpine geology, little doors that will pop open to reveal internal cannons and blast the country's roads to smithereens.

      Later, passing under a mountain bridge, McPhee notices "small steel doors in one pier" hinting that the bridge "was ready to blow. It had been superseded, however, by an even higher bridge, which leaped through the sky above-a part of the new road to Simplon. In an extreme emergency, the midspan of the new bridge would no doubt drop on the old one."

    2. Anonymous Coward
      Anonymous Coward

      Re: Perhaps a childish conversation

      We've done it here in the US. The Strand in Coronado (San Diego, CA) is wired for explosives just in case the Coronado bridge is brought down, not that this is expected to be a problem as its pieces are designed to float. This is all to insure that the US Navy doesn't have any problems if San Diego is attacked, well beyond any direct strikes.

  7. Marty McFly Silver badge
    Mushroom

    The road to Hell....

    ....starts at the backdoor.

    1. Anonymous Coward
      Anonymous Coward

      Re: The road to Hell....

      That's what she said.

      Sorry. A bit.

  8. Daniel Voyce

    1984 was a warning not a fucking reference manual you complete bunch of elbow wanking cockatoos! Stop kicking your toys out the pram every time sane people who know MUCH more about the subject than you tells you it is a really shitty idea!

    1. Someone Else Silver badge
      Coffee/keyboard

      bunch of elbow wanking cockatoos!

      Too friggin' funny! Can I use it?

  9. a_yank_lurker Silver badge

    Comey = Traitor or Idiot

    Anyone with rudimentary knowledge of cryptography knows all cryptographic systems have one glaring weakness - the brute force attack. Given enough time and resources all messages can be broken and read. Also, it is likely (more like a certainty) that any commonly used system has implementation errors that weaken it. Now the esteemed traitor/idiot wants in add a backdoor (implementation error) and expects no one will look for.

    1. MacroRodent Silver badge

      Re: Comey = Traitor or Idiot

      Given enough time and resources all messages can be broken and read.

      Enough time, sure. As in millions of years. And adding bits to the key makes the time go up exponentially. DES with its 56-.bit key is now considered crackable, so it has been replaced by algorithms with a longer key. I expect they too will be replaced as computing power grows. But it does not really matter, as long as the time needed for a brute force attack is longer than the time the message is expected to be relevant.

      1. a_yank_lurker Silver badge

        Re: Comey = Traitor or Idiot

        The real issue is whether there are implementation flaws or back doors (which act like implementation flaws). Adding a known backdoor is just painting a bullseye on the code telling hackers come look for the backdoor. Whether they find the backdoor they are certain to find some flaws they can abuse.

        No cryptographic systems is truly unbreakable even if takes millennia with current hardware. The fact that older systems once touted as effectively unbreakable now can be seccomb to brute force attack means there is ongoing arms race between the systems and the hackers.

    2. Oengus

      Re: Comey = Traitor or Idiot

      Comey = Traitor or And Idiot

      FTFY

    3. Anonymous Coward
      Anonymous Coward

      Re: Comey = Idiot

      Go easy on the heavy words. Comey isn't a traitor, but is simply someone with a very limited span of interest. He wants US manufacturers to make his life easy with no regards for the consequences (or for the side effects, because how do them terrorists make money? Exactly, with crime - that you facilitate with such idiocy).

      So, he's an idiot whose only redeeming feature is that he hasn't tried the "you can trust us" line. Yet.

      1. Anonymous Coward
        Anonymous Coward

        Re: Comey = Idiot

        Has he done 'If you've nothing to hide, you've nothing to fear' or the classic 'you're either with us or against us'?

        How about 'there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don't know we don't know.'?

    4. The Mole

      Re: Comey = Traitor or Idiot

      That's not true. For encryption systems where the key is as long as the message (one time pad for instance) there is no way to brute force the encryption and identify the correct message. You may well try an encryption setting and reveal "The FBI is full of idiots", but you will also have another encryption setting which will reveal "The CIA is full of idiots" and another that says "The gov is full of idiots", there is no way of working out which is the true original message. Even when the key is shorter than the message there will still probably be multiple decryptions which may appear to be valid messages, though you can probably discard a large proportion of the decryptions if you know the syntax of the output (e.g. it will be english text).

      1. Anonymous Coward
        Anonymous Coward

        Re: Comey = Traitor or Idiot

        'For encryption systems where the key is as long as the message (one time pad for instance) there is no way to brute force the encryption and identify the correct message. You may well try an encryption setting and reveal "The FBI is full of idiots", but you will also have another encryption setting which will reveal "The CIA is full of idiots" and another that says "The gov is full of idiots", there is no way of working out which is the true original message.'

        Well that's has obvious uses, they just 'crack' the cyphertext to reveal whatever plaintext they need to secure a conviction.

    5. John Smith 19 Gold badge
      FAIL

      Re: Comey = Traitor or Idiot

      "Now the esteemed traitor/idiot wants in add a backdoor (implementation error) and expects no one will look for."

      Actually it's worse than that.

      Implementation error --> May not exist || can't be found with methodology attacker is using.

      Backdoor --> Definitely exists && has known access process to it

      AFAIK this will be "one (code) key to open them all." It will be the most desirable target for every cyber criminal, terrorist or state actor on the face of the planet and they will never stop looking for it

  10. Anonymous Coward
    Stop

    James Comey's dream "adult" conversation...

    America: F*ck us Jim! Give it to us hard!!

    Comey: Take it, bitches!

  11. dan1980

    Mr Comey and his like-minded counterparts in 'law enforcement' and government around the world are starting from the premise that this is possible. Thus, the conversation they want to have - however 'adult' - is for people to tell them how to do it.

    An 'adult' conversation isn't enough; what is needed is an open and honest conversation - one that starts with a proposition for a desired end result and then investigates whether this end result is feasible or even possible before it gets any further. That conversation must have, as a fundamental understanding, the admission from Comey (et al) that it really might not be possible to do what he wants.

    Comney and his ilk are trying to jump straight to the 'how' without wishing to seriously address the 'if' first. "Stop telling me it can't be done and start telling me how it can be done."

    In that way, he's almost like the two wireless power 'start-ups' getting press: uBeam and Energous. Both of these companies have a 'vision' of an outcome: wireless power transmission that is safe, affordable and efficient. The basic technology - power transmission via sound or radio waves - is certainly possible and uncontroversial. The problem is that to get it to work in any useful way is either dreadfully dangerous or insanely wasteful/expensive.

    Similarly, Comeys 'vision' of encryption that can be broken by the feds but not by anyone else has, at its heart, a (technically) uncontroversial reality: it is possible to make encryption that is able to be decrypted by a third party. The problem comes, as it does with uBeam and Energous, when it is asserted that this access can be achieved while keeping all the benefits provided by the current technology.

    uBeam and Energous can create transmitters to supply power to devices wirelessly but they are only able to do so by throwing out all the benefits of the existing technology - efficiency, speed and economy - because, you know, physics.

    In Comey's case, encryption can be created that is crackable by feds but only if they throw out the benefit provided by current encrytion: security. Because, you know, mathematics.

    For both, the focus on the vision renders the product useless for it's main purpose: charging devices in uBeam/Erergous's case and security data in Comey's.

  12. Random Comment

    Creating your own enemies

    OK, so you convict and imprison those who do not create weakened encryption.

    You now have only criminals who have strong encryption.

    You have created your own enemies. And they can talk about you behind your back because you rely on having the keys to unencrypt messages - you now know you do not have to develop your own, so you don't have anyone to break encryption anymore.

    Idiot.

  13. Nuno trancoso

    Maybe

    Maybe we should. We start the adult conversation by pointing out to the US public that:

    a) only they will be subjected to this

    b) only they will be vulnerable

    Given a+b it will be easy to show 'merkans that what the FBI REALLY wants is to freely snoop on the US citizens, because basically ROTW doesn't give a f***ing f**k about their backdoors and will happily go about making it's own crypto even stronger.

    It's not like the US public doesn't distrust the government already, shouldn't be too hard to convince them about this one, it sounds... like truth.

    1. The_Idiot

      Re: Maybe

      Sadly, as many recent reports have shown, much of the Rest of the World are busy talking out of a similar orifice to the one Mr Comey appears to favour, and demanding, or moving towards demanding, the same thing.

      Of course, that won't stop Black Hats, Grey Hats and all sorts of colours in between making 'illegal' encryption that actually works and using it. Which will, no doubt, also be declared illegal. So the next step (already in progress) will be to create more crypto-stealth methods to hide the fact that crypto is in use at all - and so it goes on.

      I'm not actually fond of getting old - but this sort of thing almost makes it bearable. There's only so much stupidity one life should have to take, and this type of thing adds more than it's fair share to that total, at least for me. Sigh...

      1. MacroRodent Silver badge
        FAIL

        Re: Maybe

        Sadly, as many recent reports have shown, much of the Rest of the World are busy talking out of a similar orifice to the one Mr Comey appears to favour, and demanding, or moving towards demanding, the same thing.

        Yes, and if the FBI gets its way in te U.S, it will accelerate similar backdoor schemes elsewhere. When every major governement wants access to a backdoor, the magic keys will leak even faster, and the security afforded by such encryption will be worse than that of a girl's toy lock on her pink diary.

      2. Anonymous Coward
        Anonymous Coward

        Re: Maybe

        "I'm not actually fond of getting old - but this sort of thing almost makes it bearable. "

        OT:

        I have that feeling too this morning. Trying to get the new "Demon" email service to even connect has raised my blood pressure by 20 points. It is becoming clear it does not do the same job for serious email users. The marketeers and bean counters appear to consider "email is email - so we can substitute Office 365".

  14. Mark 85 Silver badge

    This ranks as probably the biggest twit in government at the current time. Did he ever take any mathematics in school? Logic? Reasoning? I guess those "experts" who say "nay" aren't adults. Hell, he won't even listen the NSA.

    And while we're at it... have there been any documented cases where the FBI stopped an attack (and not a set-up either)? Or how about any of the terrorist attacks that would have been stopped if they had the keys to encrypted comms? I recall hearing of maybe one or two cases of "stopped" but the perps weren't using encryption. The key is the second question... which ones could they have stopped?

    1. Anonymous Coward
      Anonymous Coward

      As director of the FBI, he has access to the best cryptographers in the world, if he wants it.

      How this will play out is that Business, sufficiently large Commercial entities, will get strong cryptography and we home users and small business will get cracked, old methods.

      This will make it easier for large Corporations to hide their maleficence and we won't have the same level of safety. It shocks me that banks and online stores are still viable, TBH. I expect these will stop once Comey gets his way.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021