back to article FBI boss: No encryption backdoor law (but give us backdoors anyway)

President Obama will not push for laws requiring tech companies to cripple their encryption systems with backdoors, FBI boss James Comey has said. But – and you knew a but was coming – the United States government will continue to lean heavily on American giants to plant backdoors in their systems. Speaking at a Homeland …

  1. JakeMS
    Thumb Up

    Let's make a deal!

    Okay feds, you want a backdoor in my computers, servers and phones.. you can have a backdoor in my computers, servers and phones IF you let me have a backdoor in your computers, servers and phones too.

    It's only fair right? Afterall you have nothing to hide right as you are all following the law right?

    Whaddaya say? Sounds like a plan to me!

    1. Anonymous Coward
      Anonymous Coward

      Re: Let's make a deal!

      Look, these three-letter agencies are all part of the Executive Branch and any U.S. civics book will tell you are bound by law to obey Obama, who is the head of the Executive Branch.

      Why doesn't Obama just issue an Executive Order telling them to stop demanding back doors? He's issued plenty of EOs on Snowden.

      Unless Obama wants the back doors anyway,

      1. Mark 85
        Devil

        Re: Let's make a deal!

        Obama's busy with other stuff right now... he'll slip something to the TLA's soon but it may not be what we want.

      2. g e

        Re: Let's make a deal!

        I suspect the existing arrangement is working so BO will take the opportunity to look a little less rubbish by saying he won't mandate it with that 'conversation' running along the presumably well-established lines of 'You know this security of yours, OH! What a delightful photo on your desk, are they YOUR children..?'

        (Or the alternative of 'Those two hookers you used whilst on that trip to Seattle. Yeah,we have the footage')

      3. Michael Wojcik Silver badge

        Re: Let's make a deal!

        Why doesn't Obama just issue an Executive Order telling them to stop demanding back doors?

        How would he (or his office) enforce that? How would they even know whether it was being obeyed?

        The President is the nominal head of the executive branch, but that doesn't mean he has magical power over it. History suggests that vast bureaucracies are capable of and willing to break the law at the drop of a hat, and security and intelligence agencies are particularly unlikely to have much respect for it.

        And, of course, you don't get to be President by virtue of a mighty desire to rein in the power of the executive.

    2. Anonymous Coward
      Paris Hilton

      Re: Let's make a deal!

      Okay feds, you want a backdoor in my computers, servers and phones.. you can have a backdoor in my computers, servers and phones IF you let me have a backdoor in your computers, servers and phones too.

      Whaddaya say? Sounds like a plan to me!

      Gee, thank you kindly for your offer Sir but we already have total access to all that shit.

      Why doesn't Obama just issue an Executive Order telling them to stop demanding back doors? He's issued plenty of EOs on Snowden.

      Because if we made the show private you wouldn't be able to watch it. Duh! All this oh-so-loud-and-very-public banter is nothing other than a PR exercise. Have you forgotten what that pesky Snowden man disclosed yet? Real inter-agency horse trading is always done in private - not via the international media. Even the trivial stuff with nothing to do with national security. Can you guess how this script ends? Spoiler alert: "No you can't have any backdoors into the dear people's private business, you naughty, naughty boys."

      --Barry O

    3. Anonymous Coward
      Anonymous Coward

      US Law Enforcement discriminates against the intelligent

      You have to remember that for the last roughly 20 years, US Law Enforcement has specifically discriminated against hiring the best & the brightest. And it's been court sanctioned (see for example, http://abcnews.go.com/US/court-oks-barring-high-iqs-cops/story?id=95836 ).

      So the FBI & most other US law Enforcement are by now headed by types who really don't have the brains to understand what they are asking for.

      1. Anonymous Coward
        Anonymous Coward

        Re: US Law Enforcement discriminates against the intelligent

        Crikey, yet another reaon I wouldnn't want to visit the USA, if they're deliberately employing merely averagely intelligent police to try to catch criminals who may be extremely intelligent. They do realise that they aren't actually living in a Batman film, I hope? Flippin, bloody idiots (the people doing the hiring, not the police themselves.)

  2. a_yank_lurker

    Idiots or traitors

    If the Russian, Chinese, etc. believe there are backdoors to break the encryption they will very, very aggressively be hunting for it. Whether they discover it is not important. They are likely to find some hole to exploit. Only an idiot or traitor believes this is a good idea.

    1. Adam 1

      Re: Idiots or traitors

      Not necessarily either of those. Could be both.

      1. Mike Bell

        Re: Idiots or traitors

        That's Boolean algebra for you.

      2. I. Aproveofitspendingonspecificprojects

        Could be both.

        I presume that a country with gifted police wanting to join the constabulary, all the genii have to do is answer some questions wrong. This nod to the mediocre seems to be catching. Is the subject of the article just playing along and how can you tell?

        Apart from the fact that only a fool would want to join such a police force.

        It is well known that any agent seen by JEH to be too smart for his own good got a job riding herd on the Indians. He even sent Elliot Ness to the back woods. At least it explains why the FBI still think Kennedy was murdered with a weapon their own agents couldn't use.

        The only way to deal with such a threat to security is to make sure the moron is removed. Assassination is the method perceived most effective in the land of the continually trigger happy but no longer free.

    2. Tim Jenkins

      ...they will very, very aggressively be hunting for it...

      or hunting for someone on the inside to coerse/extort/bribe or otherwise manipulate to just hand them the key. Look how good the West was at keeping all those nuclear secrets back in the last Cold War...

      1. a_yank_lurker

        Re: ...they will very, very aggressively be hunting for it...

        And the recent OPM hack will provide all the information needed for extortion to work.

    3. John 98

      Re: Idiots or traitors

      It won't only be be Uncle Sam demanding a backdoor - there will soon be 200+ plus other governments saying use of same software without their backdoor too is illegal. Then, soon after, it will be illegal to use it with any other government's backdoor open. Happy travelling ....

  3. jonnycando
    Mushroom

    People know

    Obama knows a dead horse when he sees one I guess. And the companies know that if we know there's holes in their encryption we will abandon them and they will go broke. I hope they got the bollocks to keep saying no!

    1. This post has been deleted by its author

    2. Destroy All Monsters Silver badge

      Re: People know

      > Obama knows a dead horse when he sees one I guess

      Well, he keeps flogging the Syrian one fiercely. Now with added Russian sado-masochism.

      1. Anonymous Coward
        Anonymous Coward

        Re: People know

        Well, he keeps flogging the Syrian one fiercely. Now with added Russian sado-masochism.

        Don't forget the bit-part actors. I particularly enjoyed* Cameron condemning the Ruskies for bombing "the wrong sort of rebel", and "killing women and children" on the same day that the Yanks deliberately bombed an MSF hospital in Afghanistan. Funnily enough, the pudgey faced Etonian forgot to condemn the murder of volunteer medical workers.

        * Well, not "enjoyed" as such. Rather, I put aside the tragedy of another US war crime, and reveled in Cameron showing off his finest 's Forrest Gump qualities.

  4. Lysenko

    This quagmire...

    ...is arguably the primary real world relevance of the "Ubuntu on a phone" idea. The semi-existence of this option creates a back door in the market if people get sufficiently suspicious about iOS or the huge binary blob injections Google essentially mandates with Android.

    Personally I would probably switch to something fully Chinese or Russian (Yotaphone?). That's not because I imagine the PLA and FSB are less likely to be snooping. It's because the USA has a virtually unique propensity to try and extradite people who may never have set foot on US territory to face charges under US law in US courts.

    The hubris, overweening arrogance and anti-democratic totalitarianism of the USA in attempting to to project legislative and judicial authority extra-territorially is easily as big a problem as the obsession with snooping.

    I'm not remotely concerned with some spook raiding disrobed selfies from my phone (that's their problem: some things you just can't unsee!). I am concerned with an electioneering DA misinterpreting something snaffled from my email, concluding that I'm involved in a Libor rigging conspiracy and screwing up my life with extradition proceedings (I write software for Banks, among other things).

  5. Mike Bell

    Someone should tell David Cameron

    Flogging this dead horse is about as clever as fucking a dead pig.

  6. ratfox
    Paris Hilton

    Die Gedanken sind frei…?

    The government has not made it mandatory to submit to examinations by mind-reading machines who will delve into your mind and read your every thought, despite the obvious advantage this would be for national security.

    The question is, is the reason they haven't done it that they don't think the government has the right to do it, or is it only that these machines do not exist — yet?

    1. Anonymous Coward
      Anonymous Coward

      Re: Die Gedanken sind frei…?

      Do they really need such a device when they have a cell with Bubba waiting for Contempt of Court? That alone would work for most people. [Not a problem here. Terminal with long bouts of level 10 pain. Either Bubba becomes my friend or I'm dead. A relief either way.]

      I'm upping my game, airgaps, strict one way information flows (ASCII-armored the other), etc., but that's me being a total asshole with zero tolerance for authority. They, whoever They are, are going to know that. It's a question of pressure points and most people have dozen or more threat axes.

      Actually I wish they would have such a device. Back in my teenage years I used to volunteer for the psych experiments. Fifty to seventy-five bucks for one to two hours doing whatever they asked for. Only conclusion they came to was I'm an outlier, period. Bring the nice machine over here.

  7. Teiwaz

    Computer defence

    This is the U.S. (we're referring to)

    Just include a gun with every 'computer', that solves everything, right?

    Having a backdoor in your system won't matter then, 'cause you'll have a gun.

    1. Anonymous Coward
      Thumb Up

      Re: Computer defence

      What a great marketing idea. I'm sure they already do that in Texas.

      1. Destroy All Monsters Silver badge
        Thumb Up

        Re: Computer defence

        I'm into this!

        "Eject Glock" in case of raid.

  8. Anonymous Coward
    Anonymous Coward

    As a curious onlooker and like most people a casual computer user I have a question about encryption tools. Have many software companies switched to libressl from openssl? I read openssl was the most commonly used but many issues were discovered through the heartbleed incident and, of course, that OpenBSD is renowned for its security.

    1. Anonymous Coward
      Anonymous Coward

      Not yet.

    2. Michael Wojcik Silver badge

      I don't believe there's any compelling reason to switch to LibreSSL, and some strong reasons not to.

      The LibreSSL team has some decent people, but their plan and focus is questionable. (Rewriting the code in accursed KNF? That's just dumb.) Maybe it's gotten better since the project launched - I admit I haven't paid close attention.

      For a business, there are significant costs in switching - opportunity costs, primarily. LibreSSL dropped support for some less-prominent platforms which some people may need; some of those platforms (e.g. zOS) are still in wide use, though a relatively small fraction of OpenSSL installations.

      More importantly, they dropped support for algorithms and protocols such as MD5 and SRP, which many people still need for backward compatibility. I think that was a foolish move.

      And even more importantly, for anyone who wants to sell to the US government (a big customer for some vendors), they don't have FIPS 140-2 validation.

      Meanwhile, post-Heartbleed, OpenSSL is much better funded and staffed, and has been making great progress. The code base is still a ball of hair, true; some of the LibreSSL refactoring (and Google's BoringSSL, another OpenSSL fork that feeds back into LibreSSL) was good and greatly needed. But the OpenSSL team are at least cleaning up the API and making some progress on code quality in the 1.1.x stream.

      It's certainly not a simple case of "just switch to LibreSSL because it's better".

  9. Salamander

    Don't worry. Legislation will happen. There are always ways of getting the legislation through the backdoor. Case in point: FATCA.

    FATCA was written entirely by the IRS with no consultation and made law by attaching it to the HIRE ACT of 2010. FATCA is the financial equivalent of putting a backdoor into encryption technology.

    Of course once FATCA was law, America needed to strong arm the governments of the world to cooperate with it, which they did with false promises and good old economic strong arm tactics and threats.

  10. Big_Ted

    On reading this 2 things come to mind.

    malicious actors’ . . . . . . . . what have they got against Hollywood ? ?

    And more importantly how does this tie in from this side of the pond re personal data security / human rights and a new safe harbour or similar.

    Any company that agrees to this must surely be breaking the rules unless the EU bends over for the US.

  11. Frumious Bandersnatch

    The problem that governments have in this arena is that any time they open their mouths to mention "encryption", their audience will include a lot of very savvy technical people who understand how these things work. There are mathematicians, cryptographers and regular software/hardware engineering guys who will hear (paraphrasing) "we are committed to strong encryption, but we want backdoors/escrow systems anyway" and know that logically and mathematically speaking the two are fundamentally incompatible. The usual rules of political bullshit (say one thing when you mean the opposite) simply won't work on "us" (I'm including most reg readers in that group). After that, it doesn't matter how much bluster and misdirection ("but the terrorists!") the politicians and civil servants add on to try to make their lies more appealing to the common Joe since "we" will know that their arguments are a pack of lies right from the start.

    Basically politicians are acting way outside their zones of expertise (such as they are) on this one. I guess that Obama (or one of his advisers) was shrewd enough not to call for mandatory backdoors, but this FBI guy is obviously too stupid to realise that he's just getting enough rope to hang himself (along with any US company that wants to do business in the EU or elsewhere).

  12. Primus Secundus Tertius

    The Person not the Machine

    Why bother with the machine when you can go for its owner?

    In the UK you can be jailed (someboody[*] was) for not telling THEM the password when they ask. Has the US not thought of that?

    [*] When he realised he was going to jail, he 'remembered' it. But by then it was too late. Mind you, he deserved it.

    1. Lyndon Hills 1

      Re: The Person not the Machine

      Why bother with the machine when you can go for its owner?

      because then the owner will know that their stuff has been read. The FBI et al. want to be able to read stuff without letting the owner know that they're being watched.

    2. Boris the Cockroach Silver badge
      Big Brother

      Re: The Person not the Machine

      Because some of us are smart enough to use a password of " I'm not telling you".

      Worst that could happen is you goto prison for 5 yrs, you'll still pass every polygraph test going with that one.

      And for sure, the cops are'nt smart enough to type it in

  13. Stevie

    Bah!

    Well I'm convinced. What possible downside could there be?

  14. DerekCurrie
    Facepalm

    #MyStupidGovernment At Work

    What's worse?

    A) 'Terrorists' being able to break into every computer in the USA because of back doors?

    B) US citizens exercising their constitutional, Fourth Amendment rights to total privacy?

    We've already been watching the result of crap software and operating systems allowing China, ad nauseam, to steal millions of government employee's identities, including fingerprints. We want these computer illiterates to have a back door into ANYTHING that can invade our privacy. NO!

    Deal with the fact of the US Constitution, dear government of mine. Stop destroying our trust in you!!!

  15. Wommit
    Unhappy

    WHAT!!!!!!

    When will these idiots learn? Perhaps they're incapable of rational thought processes. But for $DEITYs sake won't someone lart them?

    Well since 911 you aren't feeling quite so secure are you now? Well suck it up cus that's the way the world is. And most of the blame is down to you, yes YOU dear Old Uncle Sam. Just because POTUS nearly shit his pants with the thought that one of those planes could have flown into the White House, or Camp David, and there wouldn't be a huge amount that anyone could have done about it.

    Oh well, sucks to be you. You wanted the big job, didn't anyone tell you about becoming the big target?

    Dumpster loads full of data does not give you intelligence, it gives you a headache. Actually getting humans out and amongst the people will get you intelligence, but only when those people trust you. And you Mr. & Mrs. & Mz. (and any other affiliated / nonaffiliated being) US government certainly blew that trust away didn't you.

    We know our politicians are a bunch of twats and cowardly wankers, but seriously, your lot take the piss. If you want proper results from police or intelligence work, then actually DO that work. Spend some shoe leather, get out of your warm, cosy and SAFE offices and find stuff out!

    I've an idea, how about, the next time someone has this great idea that it would be fun to invade another country, we all say "OK, but only if our political 'leaders' lead us from the front. That's right, get a rifle, put your combats on and off we go." Then, maybe, the world will settle down a bit and, who knows, the world might become a slightly better place to live in. Of course I'm just dreaming now.

  16. Anonymous Coward
    Anonymous Coward

    cunning plan

    I'll keep using my $USA_based email as a blind, for all my plans to take over the world I use $something_else. I was going to use the black helicopter icon but thought better of it. The stupid thing is that the USA's biggest enemy is living in the USA. Just follow the money, who made the most after 9/11?

    1. I. Aproveofitspendingonspecificprojects

      Re: cunning plan

      > who made the most after 9/11?

      It wasn't George the Chimpanzee. I'm pretty sure he just handled stolen money to make it disappear. And it wasn't Rumsfeld. He just lied to sell sugaryish water. that leaves Shotgun Dick Cheney, well he looks the sort. But weren't they all just too stooooopid?

      Oh wait, that's a double bluff is it?

      For some?

  17. Trigonoceps occipitalis

    You can read Comedy testimony ...

    FTFY

  18. Sir Runcible Spoon

    Sir

    When there are reportedly 106,000 people in the US alone who die every year from legally prescribed drugs I think we can take our foot off the gas on this 'terrorist' thing for a while and focus on things that result in more loss of life than any terrorist action will ever create.

    If they don't, then it's obvious to anyone (it should be) that preventing terrorism isn't their purpose with all this - the real question is why isn't anyone saying this to them in public? How the hell can they defend their 'boogeyman' defense when there are so many other things that are more important.

    Besides, the simplest way to combat terrorism is not to bomb the shit out of these peoples' countries in the first place.

    1. Michael Wojcik Silver badge

      Re: Sir

      Drowning kills about 3500 a year in the US alone. Time for a Global War on Water!

  19. Anonymous Coward
    Anonymous Coward

    If Safe Harbor was not enough...

    ... thank you, US agencies, to keep on screwing your own industry! Huge marketing opportunities opens for non US-controlled devices outside US.

  20. Henry Wertz 1 Gold badge

    Good luck with that

    First off: Hey Feds, good luck with that. It's business suicide for a business to slip intentional backdoors into a service in this day and age, and it WILL be found out. And probably exploited by hackers. And spread all over the media, so you'll lose all your business.

    "Why doesn't Obama just issue an Executive Order telling them to stop demanding back doors?"

    Because he doesn't want to. Like most members from the US's main two political parties, he will say what he thinks people want to hear at election time, so I'm sure at some point he vaguely intimated he'd do something about this little surveillance problem. But (based on his actions in office) he is actually a staunch supporter of ubiquitous surveillance. And based on both words and actions in office, he's a supporter of the NSA's programs in particular.

    "Do they really need such a device when they have a cell with Bubba waiting for Contempt of Court?"

    They don't need it either way, they don't have to be omniscient. Unlike UK, however, as much of a zeal as the US's main 2 political parties have shown in ignoring the constitution, if you're asked to give up crypto keys in the US you can still take the 5th (invoke the 5th ammendment right against self-incrimination.)

  21. Anonymous Coward
    Anonymous Coward

    In the US there's this thing called the 4th amendment to the Constitution

    Intended to keep Americans free from government intrusion into their communications. We demonstrably cannot trust our government agencies - they lie to their Congressional oversight. Deception is in their job description. We can never let government have unfettered access to our lives if we wish to maintain any sort of autonomy and sustain our individual liberties.

    1. I. Aproveofitspendingonspecificprojects

      Good grief

      The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things.

      How on earth do they even have airport security let alone the NSA?

      They should give Snowden a CMH.

      In Britain if it wasn't for Treason Blair, he would have been given a knighthood. (Then quietly sewn into a sports bag and left in a Clapham Junction waiting room along with several sticks of used secrets and some paedophile literature.)

  22. Anonymous Coward
    Anonymous Coward

    Forget the backdoors and terrorists

    It's domestic gun violence that you need to tackle.

    And fast!

    Sure terrorists kill.

    But domestic gun violence kills way more.

  23. Developer Dude

    "Perhaps this is because politicians don't understand that adding a backdoor blows the whole thing apart, rendering the encryption worthless – it's not something that can be switched on for an investigator and switched off at all other times"

    Oh, they understand perfectly well.

    They just don't care one whit.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like