FBI Director Continues His Campaign Against Encryption

apexcp writes Following the announcements that Apple and Google would make full disk encryption the default option on their smartphones, FBI director James Comey has made encryption a key issue of his tenure. His blitz continues today with a speech that says encryption will hurt public safety.

I don't trust it

[Russ1642]

Anyone wanna bet that they have no trouble breaking this encryption, or they have secret backdoors? This is just a big advertising campaign to get people to think they can't break it.

Re:I don't trust it

[BitterOak]

Exactly. If they really couldn't break it, the last thing the FBI director would be telling the public is "Hey, here's a device that criminals could use and completely cover their tracks!" By persuading the public that these phones provide an impenetrable wall that law enforcement can't get past, they are hoping criminals will feel comfortable recording their secret activities on their phones. This could provide a treasure trove of information and evidence for law enforcement.

No matter how strong the encryption algorithms are themselves, there's nothing to stop the FBI from planting a malicious app (a keylogger for instance). They could even serve Apple with a warrant to require them to install this app as a software update. And there's nothing to stop them from serving a warrant to the user of the phone him or herself requiring them to unlock the device. And, of course, there's always the possibility of exploiting vulnerabilities in the OS or some poorly written app. It's hard to believe that the iOS operating system has perfect security.

So it seems pretty clear that this publicity campaign is really all about creating a false sense of security. Think about it: if the FBI were really concerned, they'd be having quiet discussions with Apple, not shouting their concerns to the public. Is anyone not going to buy the device because the encryption is to strong for the FBI's taste? So what would the purpose of this publicity campaign be?

Make a case...

[msauve]

It would help his position if the FBI were to go after Federal agencies (e.g. the NSA) for their illegal violation of citizen's privacy rights, and make it perfectly clear that the only searches of cell phones the FBI is interested in would be supported by probable cause and warrants from legitimate courts.

But I somehow think his reasoning is more on par with "we don't like people protecting their rights, because it makes it harder for us to violate them."

Re:(Re:The Children!) Why? I'm not a pedophile!

Kids these days... encryption didn't just arrive with the latest iPhone release, you know.
The Founding Fathers were well versed in ciphers. If they did not outlaw encryption of personal effects and they did not grant special powers for the state to force you decode them, one has to conclude that they had their reasons.

Re:(Re:The Children!) Why? I'm not a pedophile!

[dunkindave]

I'd like to know how Jim Comey reconciles his position on encryption with the requirements set for in the CJIS Security Policy

Because he isn't saying people can't encrypt, he is saying the keys must be available such that the government can get in if needed, even if the owner would like to block the access. The CJIS Policy allows for escrow as well.

What he doesn't seem to get (though I bet he actually does), and where some of the arguments here are missing the mark, is that if someone else holds a key that will grant access, even if the holder is the government, that provides a path for a bad guy to abuse the ability to access. The bad guy(s) can be hackers/attackers from down the street, on the other side of the planet, employees of our government, etc.

And the issue regarding the 4th amendment is somewhat misleading because he is saying a REASONABLE search is what is being prevented, namely one where conditions like a valid warrant exist or an imminent physical threat is present (I am not going to argue the problem here about anything can be claimed as an imminent threat). So the question is does the Constitution allow a person to use technical means to prevent the government access to data even when a valid warrant is presented? Many here obviously believe the answer is yes, mostly for reasons like those I gave above, but understand that this doesn't appear to be a protected right under the 4th since the 4th only says you and your effects are secure until a warrant is issued, not after.

Obama Admin!

Why not "Obama Admin Continues Its Campaign Against Encryption"? If the Obama admin was against it, they'd fire him. Obama or Bush, the result is the same, the government does not want encryption.

Re:Obama Admin!

[Grishnakh]

Yes, I know Bush did a lot of spying, but that's different than encryption. Did any of Bush's honchos run around saying people shouldn't use encryption because the government needs to see it? Or pushing for laws banning the use of encryption, or trying to force everyone to have government-approved encryption chips with NSA backdoors built-in? Clinton did all of that, completely publicly, and now Obama's doing it.

Maybe I'm misremembering things, but I do remember "strong" (>40-bit) encryption being illegal to export during the Clinton years, and this finally being relaxed during the Bush years because it was so stupid and everyone outside the US already had it.

Yeah, Bush is evil and all, but I don't remember him being so obnoxiously paternalistic and publicly saying we should only be able to use computers with government backdoors; instead, he just did things behind everyone's backs.