back to article Top FBI lawyer: You win, we've given up on encryption backdoors

After spending months pressuring tech companies to add backdoors into their encryption software, the FBI says it has given up on the idea. Speaking at a conference in Boston on Wednesday, the bureau's general counsel James Baker even used the term that has been repeatedly used to undermine the FBI's argument: magical thinking …

  1. John H Woods Silver badge
    1. BillG
      Joke

      After spending months pressuring tech companies to add backdoors into their encryption software, the FBI says it has given up on the idea.

      "Aye, and if my grandmother had wheels, she'd be a wagon." - Montgomery Scott, Chief Engineer U.S.S. Enterprise

      1. Stevie

        4BillG

        "Aye, and if my grandmother had wheels, she'd be a wagon." - Montgomery Scott, Chief Engineer U.S.S. Enterprise

        "Yes, but what does it mean? What does any of this mean?"

        Arnold Rimmer. Technician Third Class, JMC Red Dwarf.

        1. g e

          Re: 4BillG

          "Why can't we all just get along?"

          - The President of the United States of America

          (Mars Attacks, you didn't think it was the real one, surely)

          1. Fungus Bob
            Megaphone

            Re: 4BillG

            STOP CALLING ME SHIRLEY!

    2. Anonymous Coward
      Anonymous Coward

      err wait, there's probably good reason

      The increased HIV risk has probably cost them a bunch of agents

  2. Eddy Ito

    So is he really saying they had a breakthrough and cracked currently available encryption?

    1. JustNiz

      That would be my bet.

      1. Anonymous Coward
        Anonymous Coward

        Same here. Backing down on one nefarious, self-serving arsehole plan usually means they've thought of something even more weaselly.

        1. PsiAC
          Meh

          Lies

          Governments are well known to only concede they were wrong in order to distract their enemy the people long enough to turn around and do it anyways. I'll be keeping my (Five) eyes open.

          See: CISPA (US), Snooper's Charter (UK), Bill C-51 (CAN), and whatever else NZ and AUS are up to. Anyone know?

      2. phil dude
        Black Helicopters

        or...

        they got the companies bang-to-rights with a NSL letter, and got firmware baked backdoors.

        The problem with trust, is once you lose it, it takes exponentially long to recover it.

        Think about that, politicians...

        P.

        1. davemcwish

          Re: or...

          Unlike the realist/cynical/tinfoil hat (delete as appropriate) brigade on ElReg forums and elsewhere, IMHO the public either tacitly accept the behavior of politicians and are easily appeased by panem et circenses or they openly support being spied on as, in the words of a US national I know, 'there are a lot of bad guys and we need our good guys to do whatever they need'.

    2. Mark 85

      I don't think so.. I'm looking at the line: "We're your servants. We will do what the public wants us to do". I'm guessing one or two terrorist blamed attacks will be sufficient to sway public opinion.

      I'm not sure if I need a tin-foil hat or just need to get a grip but it seems we've been down this pot-holed road at least once before.

      1. Anonymous Coward
        Anonymous Coward

        I'm guessing one or two terrorist blamed attacks will be sufficient to sway public opinion.

        .. which is precisely why some of these conspiracy theories are looking less and less insane. If you look at who benefits from these attacks you would start asking questions yourself. Billions and billions are poured into something that didn't even exist before 9/11, and nobody dares asking questions for fear of being accused of letting terrorists roam free. By the way, by some strange but interesting coincidence they never seem to hit any banks - noticed that?

        1. jaduncan

          9/11 involved entire floors of banking staff being hit. It's NYC office space; I don't know why you'd expect there not to be banking tenants.

        2. LucreLout

          @AC

          By the way, by some strange but interesting coincidence they never seem to hit any banks - noticed that?

          Google "Cantor Fitzgerald" you dumb fuck.

          1. Anonymous Coward
            Anonymous Coward

            That doesn't quite hold up as a conspiracy theory, though.

            There were also comparatively few car washes involved, and next to no casinos. Laundromat salons were also completely left alone, nor were newspaper agents hit, so this conspiracy would be, er, complicated?

          2. Afernie

            "By the way, by some strange but interesting coincidence they never seem to hit any banks - noticed that?"

            "Google "Cantor Fitzgerald" you dumb fuck."

            Eloquently and economically put. Out of the 50-odd business in the twin towers on the day, barely a fifth were NOT involved in Banking, Insurance, or Brokerage, for example: Bank of America, Hua Nan Commercial Bank, Morgan Stanley, Lehman Bros, Fuji Bank, First Union, Fiduciary Trust Company International.

    3. Anonymous Coward
      Big Brother

      NSA designed all that crapto in the first place. Posing as "NIST (honest!)" latterly. It can hardly be considered a breakthrough when it's a feature. The breakthrough will be when academia unpicks it.

      I hope no-one thinks this is the end of the post-Snowden propaganda orgy. There's undoubtedly YEARS of braindead theatre still to come..

      1. Tomato42
        Boffin

        Neither RSA, DH (GCHQ described them first), AES nor SHA-3 were created by Americans, let alone NSA.

        Nice theory, but about as founded as "faked moon landings"

        1. Anonymous Coward
          Coffee/keyboard

          Actually AES is the work of the NSA: It is an NSA defined subset of the Rijndael cipher - which was itself selected for NSA adjustment and endorsement by an NSA designed and orchestrated "contest". As you're doubtless well aware, SHA3 was also ordained by a practically identical NSA "contest". Interesting you neglected to mention any of it's predecessors: SHAxxx, SHA1, MD5 etc. Why was that? Don't you know how they came about? Or other similarly ordained and aggressively disseminated cipher crapto like AES's predecessor - so blatantly hamstrung then vigorously extolled by that very same agency... and still needlessly causing problems due too it's (so carefully contrived) needless fragility.

          ...but I'm sure you're well aware of all your careful omissions, as you go on to indicate by rounding off your splaff with that little ad homenem attack.

          Great stuff.

          1. Anonymous Coward
            Facepalm

            *hominem (oops)

            Oh, and haven't you heard, GCHQ & NSA collude on crippling and then disseminating crapto. Haven't you read your Snowden? Or are you one of those who likes to dismiss him as some sort of bizarre double-agent decoy thingy?.. of course that would make you a conspiracy theorist. Ironic, eh?

    4. Captain DaFt

      "So is he really saying they had a breakthrough and cracked currently available encryption?"

      Nah, he's just saying that they've been successful in getting the concessions from the tech companies that they really wanted by using the backdoor demand as leverage.

    5. Christian Berger

      Probably not

      "So is he really saying they had a breakthrough and cracked currently available encryption?"

      No, but the vast majority of people is using equipment already back doored by the manufacturer and using cloud services. From there you can simply get it with a "national security letter" or something.

      Also modern mobile operating systems are so vastly complex, that they are full of bugs and therefore probably full of security bugs which can be exploited.

    6. Dan 55 Silver badge

      Probably. By the time they gave up on the Clipper Chip, they'd got a Plan B.

  3. ThomH

    Has anybody told Theresa May?

    She still seems to be running on the old memo.

  4. Anonymous Coward
    Anonymous Coward

    > When it comes to surveillance, what do you want us to do and what risks are you willing to take on?"

    Well here are a few things to be going on with:

    - Don't monitor everyone: in a free society you must assume that everyone is innocent.

    - We don't expect you to be mind readers. We expect you to detect crime after it has happened, not try to predict it Minority Report style.

    - You must accept that in a free society, free people will do bad things sometimes. Live with it. The best we can do is understand why people do bad things, and learn from it.

    None of these things should be a surprise to anyone, but it is good to have it said every now and again.

    1. Anonymous Coward
      Anonymous Coward

      "You must accept that in a free society, free people will do bad things sometimes. Live with it. The best we can do is understand why people do bad things, and learn from it."

      Several problems. First, the human mind is too malleable to understand; perfect, upstanding citizen one day, total psycho the next, and no one really knows why, let alone see the warning signs until after the fact. Second, you are incapable of living if you're killed; murder is the one crime where the ONLY effective solution is prevention. After the fact is just too damn late. Finally, the level of power capable by an individual is approaching the point where one man can wreak havoc on whole communities and approaching the point where a whole country can be threatened (a power multiplier of thousands to millions). Such threats become direct challenges to sovereignty. Once again, such threats have to be dealt with before the fact or there may not be a means to solve the case after the fact. So by your thinking, a free society can never be a stable one because the very freedom you espouse can easily be the cause of its demise.

      1. Anonymous Coward
        Anonymous Coward

        Indeed.

        From the article:

        However in a line that was used repeatedly at the conference, Baker noted that the FBI was there to serve the American people. "We are your servants,” he said. "We will do what you want us to do."

        Continuing that line of thinking, he said: "At the most fundamental level, it is about the relationship between the people and government. When it comes to surveillance, what do you want us to do and what risks are you willing to take on?"

        Sounds like they're going on strike. He's basically saying that if someone wants to coordinate a plot, they can just go right ahead and get away with it. He's also ensuring that if anything nasty happens from this point onwards the authorities can turn to the public and say "This is what you wanted. Don't dare say we didn't warn you. You told us to be here simply to sweep up the pieces afterwards". There may well be some public sackings, but it would ultimately be the sitting politicians of the day who would carry the can. Of course there's a whole lot more to policing than comms intercept, but as you've rightly pointed out, finding out afterwards is too late.

        What companies like Apple, Google, Facebook, etc. don't seem to realise is that they're laying themselves open to blackmail by those of terrorist intent. Imagine the publicity of hypothetical headlines such as "Attrocity Perpetrated and Coordinated with the help of Apple iPhones - Thousands Killed - Apple Clueless". How much would, say, Apple pay to keep a plot's surviving co-conspirators quiet about the use of Apple's services by the perpatrators? If the atrocity was particularly bad, someone might even be able to find a criminal charge to lay against a company running such a service.

        Okay, so that's perhaps a remote possibility, but the damage to a business could be catastrophic. It's one of those low likelihood, high damage risks. The sort of risk that companies are generally very bad at taking seriously...

        Mind you, gun manufacturers and lobbyists seem to get away with the constant low level background bad publicity.

        1. MrTuK

          "Attrocity Perpetrated and Coordinated with the help of Apple iPhones - Thousands Killed"

          The same could be said about say a vehicle stolen and used for a terrorist explosion due to not having good security so anything good can be turned against anyone !

          Where do you draw the line ?

          Maybe several camera's in every room of every building in the country, just in case of a sexual assault or bomb plot or murder ?

          Several camera's on every vehicle, one pointing forward and one point backwards, two inside so you can see what anyone is doing at any time !

          Would the general public be happy with that, also say an RFID chip put into every person when they are born so the security forces will know where everyone is at any given time so even if you don't own a phone or the battery is flat so you can still be tracked just in case you are kidnapped !

          How far do we allow our privacy to be taken away ?

          Tracking can already be done with a phone but an RFID chip would be the next step just in case someone is kidnapped they can be tracked ASAP, but in reality the real criminals would find a way of replacing their chips or destroying them so they couldn't be tracked !

          In the UK most dogs have an RFID chip just in case a dog is lost or stolen so this idea is already being tested ! The UK has the most camera's especially in Cities, So going the next step of adding them to every room is not such a far step, especially if Home Insurance companies said this will reduce your premiums !

          Most homes already have internet access although not unlimited or high speed these days but that could be another incentive, Free unlimited Broadband with Home insurance and internal home surveillance !

          Sheeesh !

      2. Pascal Monett Silver badge

        Re: the very freedom you espouse can easily be the cause of its demise

        Not the point, actually.

        The point is : which society do you want to live in, the nanny state where what you can do is not decided by you and you are controlled 24/7 to ensure compliance, or the place where you are free to do as you wish and will take responsibility for your actions if you harm someone ?

        I believe the latter is a more adult kind of society. Maybe that is why we have been regressing in the past half-century ; too many gutless wonders having their say and you end up without freedom nor the right to demand any.

      3. Anonymous Coward
        Anonymous Coward

        I see the icon so I guess you're only semi-serious, but let's address those points:

        > First, the human mind is too malleable to understand; perfect, upstanding citizen one day, total psycho the next, and no one really knows why, let alone see the warning signs until after the fact.

        Actually, it is fairly well understood and our understanding is improving all the time.

        We do have a fairly good understanding of the factors that lead to why people do such things. We do, in fact, fully understand why individuals get indoctrinated into religious dogma as young children, why they invest in it emotionally through their life, how it is reinforced by their cultural peers, then hold onto it (in many cases until death) since their entire world view is based on it. There is no mystery here. Secondly to that point, it is very rare for someone to suddenly "go psycho". In nearly all cases, the signs were there to see, if anyone was particularly interested to see it.

        >Second, you are incapable of living if you're killed; murder is the one crime where the ONLY effective solution is prevention.

        So how do you solve this dilemma? How do you prevent a crime that has not yet been committed?

        There is no crime until the crime has been committed. To be arrested for the intent is thought-crime. Someone may intend to commit murder then change their mind. Where do you draw the line? We do have laws that push the boundary of this principal: all charges that start "conspiracy to ..." are just such laws. However, as soon as the perpetrator takes physical steps that are unambiguously related to the act of murder or fraud or whatever, then it stops being thought-crime. Therein however lies the danger.

        All we can realistically do is to understand why people commit such acts and takes steps to avoid those circumstances.

        - For crimes of passion, recognise the signs.

        - For religiously motivated crimes, promote rational thought, real education for all, teach logic in schools, publicly vilify idiotic thinking wherever we see it, stopping telling others that faith is noble and declare it the stupidity for what it is, stop tip-toeing around religious criticism.

        There really are many things that we can do to make the world a safer and more peaceable place that don't involve a paranoid government watching everyone. We just need to do them and unfortunately many of them involve us being an awful lot braver than we currently are.

        1. Anonymous Coward
          Anonymous Coward

          "Actually, it is fairly well understood and our understanding is improving all the time."

          No, we only THINK we understand the human brain. Then the next psycho comes along and changes the rules again. Many times, people don't see these things happen ahead of time because the psycho is able to put on a peaceful front when they're really a Janus or a Stepford Smiler.

          "So how do you solve this dilemma? How do you prevent a crime that has not yet been committed?"

          You're right, it's a dilemma, but one where a lot of people are demanding an answer: particularly families of murder victims. And because of the permanent nature of murder, inaction is considered accepting murder which to them is not acceptable.

          "There really are many things that we can do to make the world a safer and more peaceable place that don't involve a paranoid government watching everyone. We just need to do them and unfortunately many of them involve us being an awful lot braver than we currently are."

          That assumes the average human is capable of this. Unfortunately, further research into the human psyche shows we're rather more base than that. Sure, in non-zero-sum matters, sure we agree to help each other because then we all win. But once the game turns zero-sum (competing for jobs, spouses, good schools, etc.) we tend to get nasty because we don't want the neighbor to earn the last slot and so on. I think if a Vulcan-like race were to observe us today, they'd denounce us as disturbingly primitive and capable of self-annihilation for seeming trivialities. To those who say we need a "more adult" society, I respond the human race isn't ready for it.

          1. Anonymous Coward
            Anonymous Coward

            >No, we only THINK we understand the human brain

            I don't mean to claim that we have an in depth knowledge of the mechanics of the brain but there is no mystery as to why religious conflicts occur. You say that we don't understand psychos but religious people are not mad. They are sane ordinary people that (in my view) have been misled. Real psychos are responsible for very few deaths. If we only had to worry about the insane, we would be in a very good place indeed.

  5. Vector

    "Maybe that is scientifically and mathematically not possible."

    Maybe? I think the scientific and maths communities have been pretty clear on this point.

    Even if some math whiz could overcome that problem, it still beggers the question of how that magical key would be kept safe. Kept safe for decades, no less, 'cause it only has to slip out once...

    1. Tomato42
      Facepalm

      Re: "Maybe that is scientifically and mathematically not possible."

      and crooks would still encrypt the copy-for-the-man of the current communication key using bad key and no one could stop them (or even test if they did it)

    2. phil dude

      Re: "Maybe that is scientifically and mathematically not possible."

      I was on a short trip with one of my classmates (another maths geek) and after quite a few beers, we came to the agreement that if ANYONE shows P~=NP, then the world might be f*cked.

      This is the problem with the rhetoric. It is completely devoid of the technical details that makes rolling your own encryption foolish, and meddling by the NSA/GCHQ counter productive.

      The maths is secure, but that doesn't discount special edge cases that *could* be found using massive computers, and then punted as "special keys".

      I am worried that the random numbers are not good enough, because that *is* a problem crackable IMHO...

      P.

    3. Anonymous Blowhard

      Re: "Maybe that is scientifically and mathematically not possible."

      How about "Maybe it's not morally defensible"?

      The rights of individuals to private communications shouldn't just be a matter of whatever is left after the limits of technology have been reached.

  6. Someone Else Silver badge
    Flame

    Condescending git

    Continuing that line of thinking, [Baker] said: "At the most fundamental level, it is about the relationship between the people and government. When it comes to surveillance, what do you want us to do and what risks are you willing to take on?"

    Like you're going to eliminate all the "risks" of living in the US of A by backdooring all encryption, right? Douchebag.

    Still a victory is a victory, and assuming we can take this guy's word at face value, it is a ray of sunshine on an otherwise gloomy day. I'll take it.

    1. Paul Crawford Silver badge

      Re: Condescending git

      In most countries we live with typically a 10 to 100 times greater risk of being killed on the roads than by a murder. Even in that case its something like 90% are not unknown psycos doing the deed, but "friends", partners, business associates, etc.

      Add to the in the USA something like 90k gun deaths per year (OK, only about 30% of those are crimes, as opposed to stupidity in gun handling, or suicide) versus a few k in the twin towers terrorist event and just how big is this risk? Yes, I know people are dumb and can't evaluate risks, etc, but it hardly seems that bad guys having encrypted phones is your biggest risk.

      1. John H Woods Silver badge

        Re: Condescending git

        "In most countries we live with typically a 10 to 100 times greater risk of being killed on the roads than by a murder" -- Paul Crawford

        Well in the UK, road deaths have run at a rough average of 3k/yr since 2000 (although have dropped to just over half that in the last few years). In the same period terrorism has run at 5 per year (including the London 7/7 bombings). So you're talking more like 3-500 times greater risk for a road fatality. For heart disease and cancer we're talking about 150k each (forming about 60% of the annual death toll) --- these are 50,000 times more likely to get you than UK terrorism, which is right down there with the death toll from stinging insects.

        1. jonathanb Silver badge

          Re: Condescending git

          2001 was an outlier, because of the 7/7 bombings, in most years, terrorism deaths are 0 or 1. The last one I'm aware of is Lee Rigby, and before that, the Glasgow Airport bombers which I'm not sure really count as the only deaths were the terrorists themselves.

        2. My Alter Ego

          Re: Condescending git

          I tried to explain that to a colleague, in an effort to explain why I wasn't shitting myself about terrorism, and why his acceptance for the authorities to completely bypass the judiciary because "it's anti-terror" is incredibly short sighted. I gave examples of how anti-terror legislation has been completely abuses, but to no avail.

          The most telling comment from him was - when I mentioned civil rights - "that whole human rights things is a load of bullshit, and it should be gotten rid of".

          This is why this legislation will succeed simply because of people like him - civil rights simply don't feature highly in peoples' priorities because most of us have never needed them. Personally, I want them still to be there if I ever do need them.

    2. anonymous boring coward Silver badge

      Re: Condescending git

      " assuming we can take this guy's word at face value"

      Yeah.. about that..

      Never mind.

  7. elDog

    Ahhh. They've mastered Spooky Surveillance At A Distance (SSAAD

    Since all those little electrons flitting about now have a counterpart in the mega-giga-biga spying centers, everything you own is also theirs, Encryption, privacy, keys? Fools. Sleep well tonight, friends.

  8. Evil Auditor Silver badge
    WTF?

    What have I just read? It doesn't make any sense at all. That is, it actually makes a lot of sense, but it doesn't come from the corner which usually is that sensible on those matters.

    As others pointed out, makes you wonder what they are really up to...

  9. xeroks

    Smoke screen

    This is still the same post-snowden smokescreen they've been blowing for a while.

    "poor us, we can no longer see what the bad guys are up to! "

    They are still able to pick up loads via message analysis, and if they're really interested, i dare say most software is hackable by various means.

  10. allthecoolshortnamesweretaken

    Tactical retreat or rare insight? We'll have to watch that.

  11. Sgt_Oddball
    Holmes

    Strange...

    Makes you wonder if they've been protesting too much?

    Also there are other ways of getting to know the sort of stuff they're after, forget the content, I'm talking the real old school stuff of just watching who speaks to who. That can be just as telling (if not more so) than the contents of the messages. Besides, if it's a big enough public company they're communicating through then there are other legal means of getting hold of data.

    But maybe i'm just over thinking it.

  12. Teiwaz

    No. 190 - Hear all, trust nothing.

    Made me think of the 76th Rule of Aquisition....

    "Every once in a while, declare peace. It confuses the hell out of your enemies."

  13. erikj

    Impinging Cops

    Comey decried the decision by Apple and Google to turn on file system encryption ... complaining that it was impinging the ability of cops to do their jobs.

    He also believes Ferguson, MO is somehow impinging the ability of cops (nationwide) to do their jobs.

  14. Anonymous Coward
    Anonymous Coward

    Heheh

    I will be true, but still deceive.

  15. Anonymous Coward
    Anonymous Coward

    Hmmm

    All data starts out unencrypted. I'd start looking there.

  16. NeonTeepee
    Coat

    Its all a load of Quantum

    I would say they have used the time to get their quantum computer on line. Tata asymmetric crypto that should keep them amused for a bit.

    Have a look at the main answer here

    http://security.stackexchange.com/questions/48022/what-kinds-of-encryption-are-not-breakable-via-quantum-computers

    asymmetric crypto will get its coat

  17. a_yank_lurker

    Rule 1 of encryption

    The first rule of any encryption system is given enough time and computing resources it will be broken. The question is really how long would a brute force attack take - 1 hr, 1 day, 1 week, 1 year, 10 years, or even longer. The time element is critical for the information to be useful and varies somewhat depending on the purpose. Cracking government signals generally as close to real time the better but for police investigation a month might be fine.

    Also, assume that all encryption systems have inherent flaws that are magnified by operator screwups. In WWII, often times daily Enigma settings were broken because a large part of the text could be guessed. Mostly this was due to operator screwups.

    1. Allan George Dyer
      Headmaster

      Re: Rule 1 of encryption

      Not for a one-time-pad. Mathematically proven to be unbreakable, and also, in most real-world scenarios, impractical. Which brings us to the real Rule 1 of encryption.

      1. Anonymous Coward
        Anonymous Coward

        Re: Rule 1 of encryption

        Look, that comic fails to take two types of people into consideration: masochists and wimps. Masochists would get off on the treatment and ask for more while wimps would faint before you got very far, meaning they can't talk.

  18. Anonymous Coward
    Anonymous Coward

    "Also, assume that all encryption systems have inherent flaws that are magnified by operator screwups. In WWII, often times daily Enigma settings were broken because a large part of the text could be guessed."

    Apparently one of which was putting "Heil Hitler" at the start of messages.

  19. Winkypop Silver badge
    Meh

    Backdoor access is so yesterday

    We have a new shiny thing to play with now...

  20. dan1980

    "Maybe that is scientifically and mathematically not possible."

    Maybe?

    You could add that it was also plain stupid and displayed a dangerous* lack of understanding or a truly Orwellian lack of concern for anything beyond the power of the government.

    So, even assuming that this admission is 100% genuine and the FBI really understands that this isn't the way forward, security is the very last place that once should indulge in 'magical thinking' and the fact that an agency as (supposedly) important to the safety of the public pushes for measures without actually understanding the environment, the technology or the consequences is thoroughly damning.

    In using the term "magical thinking", along with the reference to the "amazing technology sector", they are attempting to imply that they were doing it for the right reasons and had good intentions but perhaps dared to dream a bit too big; that they put too much faith in the IT world to get creative and sort it out.

    But that is rubbish. The FBI shouldn't be engaging in 'magical thinking' in any part of their jobs. EVERY expert in the tech and security sectors pointed out the faults from DAY ONE. What is their excuse for not listening to them until now? Hell, let's go back further - if they didn't have the knowledge and expertise to start with then why didn't they at least run the idea by those experts beforehand?

    That's a far larger and deeper problem than just being optimistic or that simply being dumb - it's being arrogant and reckless and believing that, because terrorism, they should be allowed a free pass to do what they want without having to be accountable. It's exhibited every time a spokesperson for these agencies talks about how people against some measure are 'weakening our security' and 'putting lives at risk' and 'enabling criminals to roam free'. It's the implied assertion that due diligence and caution and placing a value on personal privacy and rights are all unimportant red-tape that must be cleared because the threats are so dire and so immediate that we can't waste a single second on doing things properly.

    It's the unspoken assertion that when you allow rights and privacy and any kind of expectation of a free way of life to get in the way of security then the 'terrorists have won'.

    And that's what they really need to apologise for and really need to change.

    * - Literally. Given the positions of the people pushing for this, their stubbornness in demanding things without understanding or caring about the negative consequences can't just be laughed off as they have the power to steamroll any objections.

    1. Anonymous Coward
      Anonymous Coward

      @dan1980 - I suspect that the reason that the NSA/GCHQ actede as they did wasn't due to technical stupidity on their part, it's more likely to have been arrogance, or incorrect assumptions. They are, after all, a carefully selected cadre of very bright folk. Due to that careful selection, their average intelligence will be much higher than that of the general populace, and given that, all sorts of things can lead them to forget that the number of equally bright folk in the general population is likely to be greater than the number in their team. Anarrogant personality is an obvious possibility - time pressure (I'm trying to solve a really dificult problem in an insanely short time, and you want me to carefully check EVERY assumption I'm making?! - sound familiar to anyone here?) is another.

      In short, it may just have been that because the bulk of the populace might well not have understood the practical issues on keeping backdoors secure from other actors, that the NSA/GCHQ assumed that there wouldn't be a problem, forgetting that there are still plenty of folk in the community like some of those here, that do understand the issues, and thus can call them out on practices that are legally, practically and ethically unsound, once it's discovered what they're up to. Not to mention that there'll be some quite bright enough to understand that are criminally-inclined and happy to take advantage of any weaknesses in current IT, whether innate or deliberately put in place by 'security' organisations like NSA/GCHQ.

      It's another instance of failing to appreciate the risks properly - as has been pointed out above, the risk of death from car acidents greatly exceeds the risk of death from terrorism, and yet it's the latter that excercises people, sometimes to the point of irrationality. Having been given combatting terrorism as part of their remit, NSA/GCHQ naturally want to do so as well as possible (hey, nothing wrong in taking personal pride in doing a good job, eh?), and given the internet, well, it's obvious, isn't it? And we are the good guys, trying to protect our not-so-bright compatriots, no?

      Except that they decided to engage on a strategy with extremely serious negative consequences should it ever be exposed, rather than sticking to those which are no worse than ethically borderline, and according to reasonable due process of law. Quis custodiet ipsos custodes? - in this case, it'd appear to be Snowden and others, aided by folk like some here (this doesn't include me, I'm nowhere near technically knowledgable eniough) and denizens of other tecchy websites. And to Mr Snowden and those doing such a fine job of explaining what's going on to the rest of us, I can only say thank you. There just aren't the words to sufficiently express my appreciation that people like you are out there helping to try to ensure that Government doesn't run amok no matter how well-intentioned (or otherwise) it might be.

      1. dan1980

        Arrogance is definitely part of it - not just an arrogance when it comes to their abilities and knowledge but also when it comes to their 'mission'; they believe that their purpose and their function is more important than any petty concerns like privacy or freedom.

        In other words, they are either self-righteous or stupid (possibly both at the same time). And that is a generous way to read it. The other way to interpret their behaviour is as outright fascism.

        But, going back to what you said about 'time pressure', that's not relevant here because they weren't developing something in house - they were asking the 'tech community' to come up with the solution. And yes, there are certainly times when you end up making a bunch of assumption as shortcuts so you can get on with the work. That's valid in some situation but the important thing in such an approach is that, when someone else (or indeed everyone else) points out not only that your assumptions are wrong but exactly how and why they are wrong, then you should bloody well LISTEN TO THEM!

        That, to me is the most damning thing about this affair - whatever excuses and explanations can be trotted out for why this plan was devised and pushed-for in the first place cannot be used to explain why they persisted despite the advice of all the experts who weighed-in it.

        In that way, it's similar to the elliptic cryptography PRNG blow-out (last year?). In that instance, it seemed that the NSA developed an intentionally flawed cryptographic standard that was then published and promoted by NIST. There were several detailed, expert analyses from experts in the field dissecting it and showing exactly where the weaknesses were but NIST continued to promote it.

  21. msknight
    Joke

    "We don't want to use a backdoor. We want to use a frint door." ... have they been evesropping on UK politicians AGAIN ?!?!

  22. Shane McCarrick

    Person of Interest?

    If they already have a pervasive monitoring system- wholly independent of back doors into encrypted communications etc- the logical thing to do is to focus their resources on systems to leverage the monitoring and surveillance that most people don't seem to either have cognisance of- or those who do- don't give a rats arse about.........

    I suppose the American public will only wake up to the nature of all-pervasive surveillance- when the level of saturation approaches that of Britain- where curiously- there seems to be little discourse on the subject.

    Wonder are GCHQ developing similar capabilities- with or without the assistance of our American cousins?

  23. Stevie

    Bah!

    Judging from the language I'd say the G-men are still unclear on the concept of why not.

  24. Anonymous Coward
    Anonymous Coward

    Not the only threat

    The massive commercial interests of Apple, Facebook, Google, Microsoft etc. seem to have been completely successful in deflecting criticism of their own global surveillance and personal data gathering activities.

  25. Former Spook

    Is this The Register or The Onion?! :-)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like