back to article Backdoors won't weaken your encryption, wails FBI boss. And he's right. They won't – they'll fscking torpedo it

FBI head honcho Christopher Wray is rather peeved that you all think the US government is trying to weaken cryptography, privacy, and online security, by demanding backdoors in encryption software. During a session at the International Conference on Cyber Security at Fordham University, New York, Wray backed a proposal mooted …

Page:

            1. A.P. Veening Silver badge

              Re: Block P2P comms

              Or those ads that have a 'SOLD' or 'UNAVAILABLE' printed on them

              Those are reports that somebody isn't breathing any more but pushing up the daisies, just like requested.

  1. Winkypop Silver badge
    Childcatcher

    Spinning straw into gold

    And other fairy tales

  2. DJO Silver badge

    Consistency

    Criminals and Terrorists might use encryption - Ban it NOW!!!!!!

    Criminals and Terrorists definitely use guns - Sell more NOW!!!!!

  3. Pascal Monett Silver badge

    "FBI investigators worked with the app's developers to identify the perpetrators, and [arrest them]"

    And you didn't need a backdoor for that, now did you ? You just did actual police work.

    Oh, go ahead and implement your backdoored encryption. The rest of the world will use proper encryption and everyone will point and laugh at you.

    1. Charles 9 Silver badge

      Re: "FBI investigators worked with the app's developers to identify the perpetrators..."

      No, because next they'll sneak in and bork the rest of the world's encryption programs as well. And open source won't necessarily save you, as they probably have ways if beating them. Failing that, there's still the secret quantum computer hidden under the data center in Utah...

      Not even the one-time pad is immune, as I bet there's no way to create a OTP ciphertext that passes for literature. Meaning it stands out, meaning it can be mangled to break synchronization or at least spoil the message.

      1. Baldrickk

        Re: "FBI investigators worked with the app's developers to identify the perpetrators..."

        A puzzling conundrum.

        If we break the strict definition of an OTP using a completely random key, and just the process of OR-ing the characters, with [insert key here] by picking the right key, you can turn whatever message you have into Shakespeare.

        Of course, the key then becomes the holder of the useful information in such a system, which isn't exactly useful, as the idea is that the key can be shared ahead of time and has no relation to the information to be sent.

        yes, you can kill the line of communication, spoil the message, but that would also be telling Alice and Bob that Eve is interested in them.

        But also, how would you tell the difference between say, an encrypted message and idk... a noisy recording of a ham radio signal?

        1. Charles 9 Silver badge

          Re: "FBI investigators worked with the app's developers to identify the perpetrators..."

          "yes, you can kill the line of communication, spoil the message, but that would also be telling Alice and Bob that Eve is interested in them."

          Which doesn't mean much to Gene, because he doesn't care if they know (Gene is Big Brother in this case, Alice and Bob already know about Big Brother): only that they can't talk covertly to each other in this or many other ways that can't potentially be Eved, especially if they've never met in person (meaning Gene can potentially pose as one or the other in the First Contact Problem).

  4. Anonymous South African Coward Silver badge

    He cited instances where images of children being sexually abused were posted online using an anonymizing app. FBI investigators worked with the app's developers to identify the perpetrators, and they were then brought to justice, it is claimed.

    Prove it.

    1. MrReynolds2U Bronze badge

      So... didn't need to backdoor the encryption then.

      Also, encryption has f-all to do with anonymisation.

      Double also... yes, "Prove it."

  5. cbars

    "It cannot be a sustainable end state for us to be creating an unfettered space that’s beyond lawful access for terrorists, hackers, and child predators to hide."

    Sigh. Information being moved privately does not create a space for hiding criminals.

    These wankers used to just whisper to each other and pass things physically. So go fucking catch them by their behaviour, not the whispers. I dont give a shit what these people whisper to each other about, I care when their behaviour hurts people in the real world.

    Just because you've caught a few morons who shout about their bad behaviour doesn't mean that's the only model for catching people who behave in the same way. Laws are for preventing harm, information itself is not harmful - if it is, let's burn all the books again.

    1. A.P. Veening Silver badge

      Laws are for preventing harm, information itself is not harmful - if it is, let's burn all the books again.

      Let's start by burning some harmful laws ... and the malevolent idiots who wrote (or even proposed) those.

      1. amanfromMars 1 Silver badge

        SMARTR Opposition in Almighty Competition

        Let's start by burning some harmful laws ... and the malevolent idiots who wrote (or even proposed) those. .... A.P.Veening

        That's exactly what the system relying on malevolent idiots who write (or even propose) harmful laws is absolutely and quite rightly terrified of, A.P.Veening.

        Such though is a perfectly natural reaction/action/proaction and therefore fully to be expected and best enthusiastically supported?

        1. Intractable Potsherd Silver badge

          Re: SMARTR Opposition in Almighty Competition

          @AMfM: there is a lot of truth there. It seems that, over the last 20+ years that I've been involved in this area of research, Western governments have been responding more and more to one overriding thought - "revolution is coming". They are right - Trump and Brexit show that there is a growing dissatisfaction with "normal". As to whether actions taken to protect themselves should be "enthusiastically supported" - no, I don't think so.

          1. amanfromMars 1 Silver badge

            Re: SMARTR Opposition in Almighty Competition

            @AMfM: there is a lot of truth there. It seems that, over the last 20+ years that I've been involved in this area of research, Western governments have been responding more and more to one overriding thought - "revolution is coming". They are right - Trump and Brexit show that there is a growing dissatisfaction with "normal". As to whether actions taken to protect themselves should be "enthusiastically supported" - no, I don't think so. ...... Intractable Potsherd

            Rightly terrifying malevolent idiots, and those also in governments, both Western or otherwise who write (or even propose) harmful laws, is that which is fully to be expected and best enthusiastically supported, Intractable Potsherd.

            I apologise for not making that crystal clear with no shred of ambiguity allowing for misinterpretation and misdirection.

            And does anyone else think that secret security systems arrangements are always easily fatally compromised via higher level steganographic chatter and 0day vulnerability exploitation which phishes quite openly in the See of Minnows Masquerading as Sharks?

            For example, is the following sensible or nonsensical? And what/where/who would it lead?

            amanfromMars [1907281738] …… shedding skins on https://www.zerohedge.com/news/2019-07-27/russia-warns-us-will-unleash-space-arms-race

            Is space dominance virtually realised with IT and AI in Surreal Command of Absolute Remote Control?

            If you think No, here is an AI Journey’s End for you ……… and just whenever Internetworking Things are Leaping Ahead BetaTesting Almighty Hot and Real Spicy Temptations for Quick and Decisive Victory in All Vital Operations.

            Is there an Ultimate Temptation/Heavenly Desire whose Satisfaction EMPowers Ever More Generation of Something Equally EMPowering?

            Explore and Energise that Powerful AIdDriver …… and Conception results in a Perfect Communion/Singularity of Passionate Purpose.

            Venus/Mars/Saint/Sinner/Nymph/Satyr Terrain in Live Operational Virtual Environments. XSSXXXXeRated …. Not for the faint hearted and/or lily livered/the unhealthy and persistently confused.

            Travel Further at Your Own Risk. Insurances and Assurances in such a Space/Place are of Questionable Quality.

            cc US Space Corps c/o Trump Head Quarters

            What one very quickly discovers and uncovers is that some who are as a gifted few amongst the many and who are considerably smarter that appears to be normal, realise the significance in certain communications so encrypted with openly shared secrets and things move on forward at an increased pace, leaving any opposition and competition trailing and trialing defence in the wake of developments which opposing competition struggle with and fail to comprehensively understand.

            The Great Game has been Changed. And it sure as Hell is a Big Heavenly Deal? :-)*

            cc Sino-Soviet Style IntelAIgent Space Forces and Middle East Kingdom Almighty Route Sources.

            * Go on, .... say it hasn't and isn't, and allow AIRevolution free unrestricted stealthy reign wherever it appears out of nowhere, which you might like to realise are Base Cyber Space Places too.

            And we haven't even started on exploiting the bounty available via the Private and Pirate Sectors.

            1. Intractable Potsherd Silver badge

              Re: SMARTR Opposition in Almighty Competition

              "I apologise for not making that crystal clear with no shred of ambiguity allowing for misinterpretation and misdirection."

              No apology needed - you were perfectly clear! I was simply paraphrasing to agree with you.

  6. Zippy´s Sausage Factory
    Devil

    Hmm... apply that to home security (something the FBI man might actually understand) and it comes out a bit like this:

    We should have skeleton keys that can unlock anyone's door. I mean, if you have nothing to hide, you have nothing to fear. And this won't weaken your security - there's absolutely no chance of any of these skeleton keys ever falling into the hands of criminals. Not once. Not ever. Nope.

    1. Baldrickk
      Black Helicopters

      Like the TSA lock keys?

      1. A.P. Veening Silver badge

        Wrong icon, you should have used the joke alert as those TSA lock keys are a (very) bad joke.

    2. Jens Goerke

      Like the TSA-mandated luggage locks for which the "TSA only" keys are freely available?

  7. Anonymous Coward
    Anonymous Coward

    *sigh*

    The same back door by law enforcement and intelligence agencies would be used by other threat actors.

    How do senior people get to such positions of power and be utterly clueless.

    1. Anonymous Coward
      Anonymous Coward

      Re: *sigh*

      Possibly because they are appointed by politicians who haven't a clue - and in turn they were elected by a minority of the general public who didn't have a clue either.

  8. Anonymous South African Coward Silver badge

    When you outlaw guns, only outlaws will use guns.

    When you outlaw encryption, only outlaws will use encryption with a failsafe selfdestruct.

  9. Rosie Davies

    Technically Do-Able

    At the risk of getting flamed to oblivion and with caveats that I don't necessarily think it's a good idea and that it being technically do-able doesn't consider a lot of other factors...

    It is do-able using something akin to RBAC with crypto protection on various layers of access. Broad brush (without thinking about it too deeply), you'd want three sets of (PKI) credentials:

    Keypair1: User keypair, what is in place in pretty much any of the secure end-to-end products already

    Keypair2: Communications records keypair. Who said something to whom and when but not what was said

    Keypair3: Wrong'uns keypair. Access to everything, communications. Used for reading what clowns, mime artists and other undesirables are saying to one another.

    Information accessable to one key pair isn't accessible to any other key pair with KeyPair2 and 3 being subject to legal/regulatory/whatever controls.

    Yeah, I know. Those controls are a right whatnot to get right.

    Rosie

    1. cbars

      Re: Technically Do-Able

      Think the only way to do that without breaking encryption is to encrypt at each level, so end to end wrapped in 2 more layers. Massive computational expense and traffic volumes go up by an order of magnitude. And you still dont solve the problem, does layer 2 maintain session aware scope? In which case you implement TCP on top of an encrypted byte stream and your in a lot of trouble at this point.

      How does this address the key issue, that it's apparently impossible to catch terrorists unless you can do a keyword search for jihad or IRA or bomb?

      1. Rosie Davies

        Re: Technically Do-Able

        You'd encrypt only the data, forward it $somewhere for safe storage until someone turns up with the appropriate bit of paper saying they're allowed to look at it. No need to wrap encryption in encryption in encryption, just three different sets of encrypted information each using a different key pair. Traffic goes up by a bit over 2 (two copies of the actual content plus a tiny bit for the comms data) and no need to be diddling down at the TCP layer.

        I never said it was a good idea, just tht it could be done.

        And you don't catch people by keyword search, at least not unless you're really stupid and believe that would work. You catch people by working out who you'd like to know more about and then set about knowing more about them and the people they talk to. Old school like.

        Rosie

        1. DJO Silver badge

          Re: Technically Do-Able

          It's all whitewash, most intelligence is gathered from the metadata which is not encrypted anyway.

          This encryption bluster is just to make it easy for the security services to spy on the home population.

          1. Dr Dan Holdsworth

            Re: Technically Do-Able

            It is actually easier to deal just with metadata than with content, given the number of bullshitting blowhards on the Internet. People tend to talk a load of complete crap on the Internet, so some silly billy busily ranting away at the evils of the current government and how everything is a conspiracy run by the Milk Marketing Board is not actually very much in demand by the security services.

            What they would like to know about are people who know people who are on one side competent chemists, and on the other extremist religious sorts. That's a mix you don't want to encourage, unless they are playing with fluorides and fulminating oils in which case at some point you're going to be scooping up their remains with a brush and shovel after the decontamination people have finished.

            Metadata is everything in the spying game, and has been so ever since the days of the Spanish Inquisition (who were remarkably modern in some respects, along with being thoroughly medieval god-bothering nutcases in others).

        2. whitepines
          WTF?

          Re: Technically Do-Able

          Sorry, no way in heck I'll be sending along copies of my personal, private, intimate thoughts desined either for myself or my SO to some bit barn for a politician or his hacks to rifle through.

          Though...if you send me all your thoughts and conversations I'll be quite happy to keep them safe, until presented with a proper warrant. Until I think of course (some years from now) building an AI to impersonate and discredit you, or just string together a few more salacious bits into something that'll lock you away for life might be a more profitable way to monetize your data?

        3. cbars

          Re: Technically Do-Able

          Rosie I didn't down vote, but to clarify: how do you send the message content $somewhere without encrypting it? Either its encrypted with standard keypair (so unreadable before I send it), or it isn't. So in effect you're suggesting I *dont* encrypt it and I trust someone else to do it for me.... so, breaking encryption

        4. cbars

          Re: Technically Do-Able

          And just to refute that bit about factors of two or ten... 1 byte of text, encrypted, is not 1 byte of random data. Doing it properly you have to add data to get nice random pattern. So you cant add 3 layers of encryption and get 3 x the data, you get a larger factor for every layer you add. Hence my factor of ten comment. Again, I'm attempting to educate and not flame, very carefully, but Rosie you are wrong.

          1. Rosie Davies

            Re: Technically Do-Able

            Wouldn't surprise me if I were wrong, I'm good at being wrong.

            I was thinking PKI type stuff.

            Keypair 1 is used to allow encryption between the two people who are having the conversation (sender's private, receivers public).

            Keypair 2 for the comms data, (sender's private, $somewhere[comms_data_store] public)

            Keypar 3 for the stream containing the same as keypair 1, (sender's private, $somewhere[warrant_required_data_store] public).

            Access to the private key for 2 and 3 would be the bit that's subject to controls, far moreso for 3 than 2. That's also the reason I said a bit over double the traffic as I was starting from the point that there's already one encrypted stream, not one unencrypted stream.

  10. Augie
    Mushroom

    What a pair of cockwombles I'd imagine right now, that if their brains were dynamite, they would be hard pressed to blow their own noses!

  11. Martijn Otto
    Joke

    It's double rot13 for me

    I recently switched all my encryption to double rot13. It's very fast and it has the built-in feature that the government can lawfully intercept the communications. I can recommend this to everyone.

  12. Milton

    Mathematically illiterate

    In the pre-technological world it was impossible to reach high office, either in government or in business, unless you could read and write*¹. The reasons are obvious.

    In this extremely technological world we have become used to influential people periodically displaying breathtaking ignorance—sometimes it seems like wilful ignorance—of technical issues. Notwithstanding the damage that can actively be done by powerful people who don't understand things, the opportunity cost of their stupidity is that vast amounts of time and effort are wasted by everybody trying to make them understand. If Christopher Wray had even a decent undergraduate knowledge of math he simply wouldn't keep spouting this nonsensical bullshit.

    The problem is serious both with senior officials and the politicians who appoint them.

    The quality of politicians in the UK and the US has dropped off a cliff in the past 35 years or so. Look at the circus of prize idiots and know-nothings infesting both the White House and now the British cabinet. We may not have liked or agreed with some ministers of, say, Thatcher's or Reagan's administrations, but most of them at least deserved the respect due to educated, knowledgeable and experienced adults. Boris Johnson's cabinet looks like a toddlers' party compared with people like Thatcher, Carrington, Nott, Whitelaw and a good many others: they were grown-ups.

    One of the responses to this horrifying infantilisation of the body politic is to suggest that some kind of baseline of intelligence and ability is established before people can even become candidates. Personally I'd be all in favour of independently conducted, thorough IQ testing for parliamentary candidates: if you cannot average a modest 110 across the three classic zones (verbal, mathematical, visuospatial) then you don't get to stand for election.

    Politicians thus qualified would be far less likely to be influenced by the kind of drivel Wray keeps spewing and, indeed, might be much less inclined to appoint such people to senior positions in the first place.

    Perhaps an extension to this idea is to require some educational minima as well. Perhaps a modern politician should have to prove a decent level of scientific and mathematical literacy? Such higher-quality minds would swifly shut the likes of Wray up, or replace him if he persists in talking rot and wasting everyone's time.

    Perhaps it sounds elitist, or even a touch draconian, but just think of all the problems that would simply vanish from the world ....

    ·

    I am aware that some social media platforms now offer a way for those who are either semiliterate or lazy—or, in the case of the most famous Twatter, both—to showcase the stupidity of their needy egos.

    1. Charles 9 Silver badge

      Re: Mathematically illiterate

      "Perhaps an extension to this idea is to require some educational minima as well. Perhaps a modern politician should have to prove a decent level of scientific and mathematical literacy? Such higher-quality minds would swifly shut the likes of Wray up, or replace him if he persists in talking rot and wasting everyone's time."

      The biggest problem with ANY kind of standard is that the standard itself can be twisted by whoever's up top, as there is no law written by man that cannot be changed by man if he's powerful enough. Even the vaunted Constitution can become just ink on a page to anyone with enough oomph to say, "Burn it or DIE" and be able to back up the ultimatum.

    2. rnturn

      Re: Mathematically illiterate

      > Perhaps an extension to this idea is to require some educational minima as well. Perhaps a modern politician should have to prove a decent level of scientific and mathematical literacy?

      I think the public has come to believe that -- while the politician him/herself may not be technologically literate -- they will put together a competent staff that includes technologically educated people who will properly advise the poltician about these matters. Unfortunately, this hasn't happened except in a few cases. What seems to have taken place is that the staffs are filled with poltiical hacks who excel at writing flowery policy statements that cover up the fact that the politician nor his staff have any idea of what's really happening with technology.

      When a politician actually /does/ have a background in the sciences, they are rarely taken seriously and described as a `political outsider', `political newcomer', etc., ignored by the press, and/or rarely make it onto Congressional committees where they could grill people like Wray.

    3. the Jim bloke
      Facepalm

      Re: Mathematically illiterate

      What reality would end up with is something like an MBA being required for political office.. "management", not STEM, and definitely not ethics.

      While there are dangers in disenfranchising sections of the population here are a couple of suggestions for exclusion from eligibility (With a large enough population, it would be impossible not to bear some resemblance to real persons. funny, that.)

      Multiple bankruptees - once is fair enough, twice is unlucky, three or more is either stupid or criminally deceitful - either case not anyone who should have authority over public money.

      Reality TV 'stars' - narcissist attention whores practiced at appealing to the lowest common denominator.

      Deliberate Hypocrisy - Espousing a mode of behaviour acceptable to their supporters but not living up to it eg "family values" while cheating.

      1. Kiwi
        Angel

        Re: Mathematically illiterate

        Deliberate Hypocrisy - Espousing a mode of behaviour acceptable to their supporters but not living up to it eg "family values" while cheating.

        That's rather a tough one y'know.

        The values I most believe in sadly are not the values I manage to live by. It's not hypocrisy per se, but human weakness. Near complete honesty (not full disclosure but not lying), living by the sexual mores I support (save it for the marriage bed - but I haven't been married once let alone...), even little things like stopping for every stopped motorist unless I have a bloody good reason not to - much of the time I have the knowledge and tools that could get them going and if not, I could at least give them a ride or make a call (sometimes meet strandees in country areas where there's no reception).

        I'd love to say "look at me, I'm perfect! You can be too!", but I'm only 'perfect' if you like toxic waste dumps. As Paul said, that which I hate I do, that which I want to do I do not do :(

        1. the Jim bloke

          Re: Mathematically illiterate

          Its not so much the personal failing to live up to whatever standard, its the blatant hypocrisy when someone sells themselves to the public as an upholder of a certain set of values, gaining votes/donations/followers/mana/upvotes, whilst in their private life they completely ignore those standards.

          Crooked politicians and police, multimillionaire sybarite leaders of austerity cults, child molesting teachers or priests, televangelists,.. Its behaviour that should not be tolerated, let alone supported and rewarded.

          1. Kiwi
            Thumb Up

            Re: Mathematically illiterate

            Its not so much the personal failing to live up to whatever standard, its the blatant hypocrisy when someone sells themselves to the public as an upholder of a certain set of values, gaining votes/donations/followers/mana/upvotes, whilst in their private life they completely ignore those standards.

            I'd forgotten some of that. I tend to avoid the 'news' over these ways so miss hearing a lot of that stuff.

  13. Doop99

    This is the issue with all idiot politicians and government officials.

    We are being quoted as one of the groups that are prepared to work with government because we made software that watermarks/obscures and swirls over parts on an image and uses tracking to do the same in videos. In other words the software the shits use to hide their faces.

    To view without the watermark/swirl etc you need the key - pretty simple basic stuff like a password for a spreadsheet. Or as these c.... like to quote advanced end to end encryption.

    The funny part is nearly all the cases of us reversing watermarks on p.... images/video is from people not using our software. Yep - it is nothing at all to do with backdoors but image manipulations (layers etc).

    But hey no different than the iphone issue from a few years ago, open it for a terrorist and the NY DA had over a hundred requests teed up.

    1. ibmalone Silver badge

      This is the issue with all idiot politicians and government officials.

      It is not at all a problem. Repeat something enough, people will come to believe it through sheer reinforcement, eventually they get the outcome they want. Idiocy isn't a requirement. (Not an obstacle either of course.) Maybe he really believes what he's saying or maybe he knows the flaws and thinks it doesn't matter, people just need to be persuaded to do the Right Thing and it doesn't matter exactly how.

  14. Quenda

    The FBI and the congressional advocates should lead by example and put a back door in their systems to prove how safe they are.

  15. 0laf Silver badge
    Facepalm

    Insert title

    It's a more honest argument I suppose.

    "We want to access your stuff, we know it will make you less secure, you will likely be subject to theft and identity fraud, and we don't care".

    Lunacy certainly but more honest.

  16. EnviableOne Silver badge

    Here we Go Again

    Universal Declaration of Human Rights, to which the USA is a signatory as are all other members of the UN (General Assembly resolution 217 A)

    Article 11.

    (1) Everyone charged with a penal offence has the right to be presumed innocent until proved guilty according to law in a public trial at which he has had all the guarantees necessary for his defence.

    (2) No one shall be held guilty of any penal offence on account of any act or omission which did not constitute a penal offence, under national or international law, at the time when it was committed. Nor shall a heavier penalty be imposed than the one that was applicable at the time the penal offence was committed.

    Article 12.

    No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

    1. Charles 9 Silver badge

      Re: Here we Go Again

      As I've said before, ink on a page. What is everyone going to do if someone with a whole bunch of nukes says no?

    2. Anonymous Coward
      Anonymous Coward

      Re: Here we Go Again

      "No one shall be held guilty of any penal offence on account of any act or omission which did not constitute a penal offence, under national or international law, at the time when it was committed."

      IIRC the UK tax agency has just prosecuted people for illegal tax evasion that happened 20 years ago. Their financial penalties are eye-watering. Yet it appears that the people made tax returns that were treated as legal tax avoidance schemes at the time.

    3. rnturn

      Re: Here we Go Again

      In the `Oughties' we effectively blew off the effin' Geneva Convention. What's going to stop an administration from completely ignoring yet another UN declaration -- signed or not -- after you have an internal memo that OKs torture?

  17. Anonymous Coward
    Anonymous Coward

    A story from Windows 7 days...

    Scene: A meeting between Microsoft and NSA

    NSA: We want you to include a back door in the forthcoming Windows 7.

    Windows 7 Chief Architect: Over my dead body.

    NSA: We find your terms acceptable.

    Have a good weekend all.

  18. Anonymous Coward
    Anonymous Coward

    Just use a Book cipher or a one time pad. I would like to see the FBI backdoor into those

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021