Slashdot Mirror
James Comey: the Man Who Wants To Outlaw Encryption
Patrick O'Neill writes: "There has not been a tradeoff between liberty and security in our response to terrorism in this country and in our efforts to offer security to the people of the United States," said James Comey, now the director of the FBI. Comey was the number two man in the Department of Justice during the Bush years when NSA and law enforcement surveillance of Americans grew to unprecedented heights. Now he's pushing to stop encryption by default on Apple and Android devices.
And this guy is the director of the FBI...for real? :-/
More and more surveillance of Americans instead of the supposed enemies. This is the US after 9/11 and the Boston bombing. Welcome to 1984.
liberare massarum ex ignorantia, clausa descendit molestie.
Correct, there has not been a tradeoff between liberty and security in our response to terrorism in this country and in our efforts to offer security to the people of the United States. What there has been is a complete and utter disregard for liberty and destruction of individual rights. Forget tradeoffs, the Constitution was abolished, that is what happened.
You can't handle the truth.
False, although mostly true so far. Notably, the intrusiveness of airport security has gone way up, for the big example on the false side.
Mostly what there's been so far has been a tradeoff between *privacy* and security. As in none of the former.
I feel for the guy--his job is to prevent another 9/11. He gets the call if a city blows up. And he probably really cares about defending liberty.
But unfortunately, pervasive surveillance without amazingly well-engineered procedural oversight and security will inevitably lead to tyranny. Anyone who doesn't see that isn't stepping far enough back. He's concerned about the next five years; I'm concerned about the next twenty or fifty.
I suppose there's an AI issue, too--a singularity is going to get into this data in a few decades. I can't predict what an AI a hundred times smarter than any of us might do with it.
From TFA: Comey said in an Oct. 2014 speech "Justice may be denied because of a locked phone or an encrypted hard drive." I can somewhat understand that from an investigator's perspective.
But my take is that lots of people are constantly attacking my devices, from the petty skript kiddies to corporations wanting secrets to the NSA who wants everything. Most of the attacks never see justice, they are never prosecuted. There is no justice in most cases, only criminals who break in.
If my devices are properly hardened in advance, I don't need to wait for the government to apply "justice".
//TODO: Think of witty sig statement
Yeah, but the reason he wants the default of 'no' is to make it easier to monitor communications. He doesn't give a shit about the 4th, naturally. The government shouldn't be dictating the default setting either, which is what he wants.
because we might need to look in your house for terrorists. Also get rid of locks on car doors because we might want to randomly search your car
First step to banning encryption all together? Why does this guy strike me as a "The internet is a series of pipes" kind of guy?
And I would like some evidence that this default "gather up and record everything" mode of spying has paid off, I don't believe I've seen any hard evidence it's stopped anything, in fact I have seen several articles that state it hasn't stopped any attack.
Personally I believe Apple, Microsoft and Google (along with others) will have something in place to aid the decryption, I see the tech giants, the NSA, FBI, as the digital portion of the MIC.
They work together, and the only concern of the corps is that they have deniability if discovered, you know like Apple's got fail SSL error.
Hell he might be bitching about it just to get people to think it actually works, and make them complacent again, like most were prior to Snowden.
"If any question why we died, Tell them because our fathers lied."
I never understand why people consider it news when someone takes a position that is 100% predictable given who they are.
Sheesh, evil *and* a jerk. -- Jade
encryption is encoding, you just aren't sharing the decoder with everyone !
If a human can't understand the message with their five senses it is encoded/encrpyted.
And any language is a coded message to people that don't understand that language.
Navaho anyone? octal, binary, unicode, ascii, cpu microcode, 6800 machine code, F21, etc...
This is my opinion based on what little I know and understand of the rumors and lies Thanks, Randal
" They only want backdoorsâ"to break encryption, but just for the good guys."
And
"âoeThe FBI makes this proposal to look like theyâ(TM)re looking for a simple law to add a simple feature,â says Robert Graham, CEO at Errata Security. âoeBut when you look into it, what theyâ(TM)re really asking for is dramatic, itâ(TM)s a huge thing. Theyâ(TM)d need to outlaw certain kinds of code. Possessing crypto code would become illegal.â
But that boat has sailed, just ask Zimmerman.
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
so they can have access to and control your life. Fuck those who want to control anyone with laws that go above natural and common sense laws.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
When they pry it from my cold, dead fingers!
The government has all the power here. They can easily OFAC the crap out of any security chip that can't be owned by side channel attacks. Judging from laptop TPM scene where vendors have gone as far as enumerating list of vectors they don't even try to defend against... seems to me like open season for anyone with the resources to pull it off.
Anything protected directly by user entry into a smart phone is bound to have no usable entropy by itself anyway.
Failing this we have baseband processors with full read write access to OS memory to reduce material costs. I would be surprised if there was a consumer baseband on the planet without capability of being field "upgraded" by Agent Smith... at least from various accounts of ancient feature phones being turned into bugs.
While I don't doubt encryption will make things more difficult if/when it catches on you can bet the feds will invest in beating it and they will win at least for the subset of people who don't really care about security.
I have a feeling the bigger issue with ubiquitous encryption for TLAs is that when everyone uses encryption then the ability to use the fact that encryption was used to justify suspicion evaporates... that's what I think they are really afraid of.
Actually, you're a complete and total moron.
The difference between encryption and encoding is that encryption is designed to hide the content from those without specific knowledge of the encoding. The standard such as Unicode, ASCII, etc. are designed to make the content available to anyone who receives the content. It may be only a matter of intent, but that makes it different.
A law that will affect innocent citizens and dumb criminals. The criminals the FBI is after will probably be aware of it and manually turn on encryption.
I wouldn't want just anyone to know my bank password for example. Even if the feds weren't going to do anything malicious with it, if *THEY* can see it, then so can people with less honorable intentions.
File under 'M' for 'Manic ranting'
> "There has not been a tradeoff between liberty and security in our response to terrorism in this country and in our efforts to offer security to the people of the United States," said James Comey, now the director of the FBI. Comey was the number two man in the Department of Justice during the Bush years when NSA and law enforcement surveillance of Americans grew to unprecedented heights. Now he's pushing to stop encryption by default on Apple and Android devices.
Asshole.
James Comey is
BWgSZ9ZYLw5I kmoBvJiRvnO7uQU9x6NoYlKBOaO vmb3df8lNwkgeFc30rNPB9kh09Fr61CxW24IkH3YWKRe8H YdTd8YHzpRBMQJcwyxn+O3cUPQ4sP2dN4GEA/9v17IipHz12Bon8o7dc0o8UaOj3tl Pr19cq3meoufARx7PLJ0SKclb3LG7SxW+GTISS1cRGpDRr d0NvdC8lHHkfyDx5YGnIp DUgQa9lMCpQbHSln40 LCosKrQamj4Ni27wIbikaSWV+IiDsn jyfc7eLKlq QSOgCFzMsBglGzC2+j9HifrKU/z9Fzc8HZ3UiaQahMiOj EnohZdYQqCdPAmeZlEkK/qaZBtwA13A BLrbolhR0C/NSgvA hPZzh7oj33/LHPY8tC TP7zXULYP/RsccmOc aS88VzbzOAaRwEf9KCu1YtKICdVyGlYhn5IN4q vM80+vNtkc0QiRUdKW
And I'll tell him that again to his FACE!
HA! I just wasted some of your bandwidth with a frivolous sig!
Do you speak Navajo? Basque ? Russian ?
How about assembling an binary without writing anything down ?
I am only a moron to people that don't know me.
This is my opinion based on what little I know and understand of the rumors and lies Thanks, Randal
You do not rise to a high position by actually being good at your job, you raise by understanding infighting, being part of the right circles and having the right opinions. Of course nobody in such a position has any clue.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Lol, are you drunk? Most people are not going to pick up their guns an revolt against the government unless one thing happens: The government comes into THEIR town, and tries to take THEIR house/car/money/loved ones. Nobody is going to grab an AK-47 and march on Washington because the feds are reading their e-mail to grandma.
And the feds probably know it too, or else they wouldn't be doing it....
HA! I just wasted some of your bandwidth with a frivolous sig!
What have languages got to do with it? Languages are just like standards the GP mentioned (Unicode, ASCII, etc) - you need to understand the language to read the message, just like you need to understand how ASCII encoding works. Using a [non made-up] language means that you are designing the message to be read by anyone who receives the content - just because they may need to do some work to understand it doesn't make it encryption.
And yes, I'm aware that the US used Navajo radio operators during WW2, and that it worked. However, it would have taken just one Japanese linguist who had studied native American languages to have recognised Navajo (not necessarily understand it, but use it as a crib). Which is why the US didn't use this method in Europe - because of German linguists and anthropologists efforts to understand the languages (the method was used during WW1). It's also the reason why the US used *actual* encryption devices.
All this BS from gun nuts about needing firearms to protect citizens from government wouldn't be such a pile if they would actually do it once in a while.
This is why we need encryption to be ON by default. So we don't let these idiots use that argument. The peasant public will always fall for it, it's for the children after all.
No matter how wrong they are they will always argue that encryption is suspicious until it is always activated by default. And with Snowden's revelation that is far from unreasonable to expect that from our software.
Secure by default should ALWAYS be the policy pursued in software. People are afraid to change the default setting and if that default setting compromises their safety, privacy or otherwise puts them at risk then the default sucks.
When it's your job to catch bad guys, everyone starts looking like a bad guy
Anyone who follows the above approach ain't not going to catch many crooks
You simply do not catch crooks by hammering everybody and their dogs
Top crime investigators throughout history don't treat everybody like criminal. Instead, they put themselves in the shoes of the criminals so that they can get to see what the criminals see, think what the criminals think, and understand what the criminals gonna do next ... and then all they have to do is to set a trap for those criminals
And in the case of this so-called 'chief' of FBI, all I can say that under his tutelage FBI ain't going to achieve anything meaningful
Muchas Gracias, Señor Edward Snowden !
That's just one of the next steps. If encryption is off by default, turning it on will in itself become a suspicious act in the eyes of law enforcement types like these. "If you have nothing to hide you have no reason to turn it on. So why did you turn it on?" For this reason I say that government should not be allowed to know who of us made a conscious choice to encrypt our data; that choice itself is data of a highly private nature. And I suspect that this data is of interest to law enforcement as well. If encryption is on by default, not only are people safer from wrongdoers by default, but those of us who actually care about encrypting our data can remain "hidden in the crowd", so to speak.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
In order to trade off some of A to get some of B, you have to actually get some of B. In this case, we've given a lot of A and gotten nothing for it
I have read many comments here and what you have said is so very true I just need to add to what you have written
I came from China
I left China back in the early 1970's, way back when the entire Chinese society was in a turmoil, where nobody can live in peace because the social contract between the government and the people had broken down
A political struggle at the top echelon resulted in a power-struggle at every level, and power grab was everywhere ... the so-called 'Red Guard' was a by-product of power-grabbing exercises, mostly at the local level
Anyway, people at large in China had no say --- they kept on losing their liberty, their livelihood, even their lives, --- with some driven into madness and many simply committed suicide since they couldn't take it anymore
To put it in simple terms, to the average Chinese citizens, what they had gone through in between the late 1950's and the early 1970's was that everything they had was taken away, just like that ... yep, without any tradeoff
Now that I am an American, I am alarmed at the current development within the United States of America
The people in the USA will be facing the same thing the people in China faced, if nothing is being done to stop TPTB
What happened back in China was that there was no one who could stop Mao. Zhou En Lai tried his best to slow Mao's incessant hunger for power but he just couldn't muster enough strength to halt Mao in his track. All Zhou could do was to do patchworks here and there
Even Zhou suffered greatly during the social turmoil. His own daughter was brutally slaughtered by Jiang Qin, that feisty wife of Mao, and even with his own daughter slaughtered, Zhou couldn't do anything
The experience from China should be a lesson to the Americans ... that is, even if you have someone who has conscience INSIDE the power structure, it is still NOT ENOUGH when TPTB turns ugly
And if the Americans don't do something now --- frankly, even now, it may be too late --- they and their children will eventually be facing a similar fate the Chinese faced some 50 years ago
I certainly don't wish that to America, my adopted country, but I am afraid that too many of the Americans are way too brainwashed to be able to comprehend what is going on and what is going to come
Muchas Gracias, Señor Edward Snowden !
... with people like this in control of anything.
now we need to go OSS in diesel cars
Even in a world without encryption (digital) people can communicate secrets, all one has to do is look to the past. WWII they used Radio Broadcast to communicate secretly. So the FBI will still have to work for it.
No, he also wants that encryption to contain flaws which will be guaranteed to be found and exploited by more than just the "good" guys. Just as we have seen done with other backdoors that criminals have found and exploited.
Or how about we make it a capital crime to run any sort of US-focused SIGINT within any branch of the US Federal or State government without a specific warrant that notes a maximum period of time, the medium being monitored, the exact group of individuals allowed to observe or possess the intercept, and the date or event which will cause it to be destroyed. It's almost the same thing as Mr. Comey wants - only the exact opposite?
imagine a soft, buttery paw gently pressing down onto a sleeping soldier's face. forever.
We can play the word games too. Instead of "encryption", let us start calling that kind of computing a "baroque data formatting" or something else. I am very confident coders can play much better than lawyers.
"There has not been a tradeoff between liberty and security..."
We have no way of validating this. So, based on previous experience, it is a lie.
Prove anything by multiplying Huge Number times Tiny Number
Because if you can't decrypt the encryption (and clearly they can't or they wouldn't be trying to illegalize it) how do you know it's encrypted and not just gibberish?
What about speaking "private"/"invented" or otherwise unknown languages? Will that become illegal also? Will there become a legal requirement that I be able to speak an understood language and only speak understood languages?
Slippery slope, here we come.
I will always be able to enable encryption manually, I don't use it for nefarious purposes. I use my phone for work, and I work in an industry where there is a LOT of industrial espionage. Whether you're protecting trade secrets, customer lists, whatever, there is a perfectly sound reason for encrypting your phone/computer(s). That said, the fact that I have to manually turn it on really isn't a big deal to me. At the same time, my Mom really has no need for it. The FBI can look at the stuff on her phone all they want...they're not going to find anything fun.
The correct answer is 42.
You fail to realize that peaceful democratic political change sometimes happens behind closed doors, like hopefully, the firing of you.
Read the U.S. Constitution and the Bill of Rights, and check again to see if what you are doing agrees, or if you should go somewhere else.
https://www.youtube.com/c/BrendaEM
Go suck an egg, Mr. Comey.
Play Command HQ online
"There has not been a tradeoff between liberty and security in our response to terrorism in this country and in our efforts to offer security to the people of the United States,
Last night the parking-lot exit from one of the terminals at Dallas/Fort Worth Airport was flooded.
This meant there were now only 2 ways to get out of the terminal: walk through the rain, or take the tram that connects the terminals.
The tram was inside security and most passengers had already existed security, either to get their bags or for other reasons.
Prior to 9/11, they had the liberty to re-enter security, take the tram to another terminal, and arrange for their ride to pick them up there.
Thanks to a "tradeoff between liberty and security" they were forced to either sit in the terminal for several hours while the flood cleared or walk out in the rain to get to another terminal (the buses that connect the terminals couldn't operate due to the floods).
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
If encryption were off by default, and they want to ask me why I was using encryption if I wasn't doing anything wrong, I would tell them, entirely matter-of-factly, that my reason for using encryption is so that people with less noble intentions than what the government might claim they have may not also be secretly monitoring my communication, with the intent of trying to gain access to important things that I feel I should take measures to keep secure, such as my finances. I would then ask them whether such concern on my part, even if they may hypothetically characterize me as paranoid (which I do not allege, but even if it did), somehow automatically make *me* a criminal as well.
File under 'M' for 'Manic ranting'
OR
You can have my encryption when you pry it from my cold dead hands.
OR
You actually think terrorists will obey anti-encryption laws? You're a special kind of stupid, aren't you?
Thank you, I'll be here all month. Try the veal.
It ain't what they call you. It's what you answer to. http://mylyceum.us/
Yes, I know RSA has been broken.
If you want to monitor my communications, get a warrant. Otherwise, they're violating the 4th amendment. If they are going to argue that we should have nothing to hide if we are not doing anything wrong, I must ask why the government keeps secrets from its citizens - after all, we are also the "good guys". Any reason they have for not trusting citizens with access to their "secrets" would stand as a good reason why citizens would not trust these agencies with ours.
They probably already have the ability to get all the information they want/need regardless of encryption. This could just be a way to placate the public when this ridiculous idea is eventually shot down and declared "a victory for privacy". If this was really a thing, it seems likely that we would have heard about it pre-Snowden.
Just exploring the possibilities.
He's totally wrong about this issue. But this is the guy who stood up when Bush administration thugs (Card and Gonzales) tried to get the Justice Department to sign off on their warrantless wiretapping program. He refused, prevented them from going around him and later threatened to resign: http://www.washingtonpost.com/... You can disagree with him on encryption (and I do), but this is not a guy who has no respect for the Constitution.
Which goes to show that no one is applying discretion when enforcing these rules. Providing exceptions when the situation calls for it is required in many situations. Things like allowing people to use an emergency staircase while an escalator is under repair, or allowing drivers to cross the double yellow when there's a fallen tree blocking the lane for your direction of travel. In the case of DFW airport case they should have simply allowed people to re-enter security (provided they comply with all the rules, obviously you can't bring your checked baggage through if it contains things that cannot enter the secure area) would have been immensely helpful.
And they certainly could have. For years the only currency exchange in town was located in the secure area of the airport. Customers would go to a TSA office outside the secure area, provide ID, sign a log and be given a photo ID pass to enter the secure area for a short amount of time (I believe the default was an hour). The pass was to be handed to the TSA agent guarding the exit, and they would reconcile the returned passes with the sign in log. Not sure what happened to you if you forgot to return the pass, and wasn't particularly interested in finding out.
There has not been a tradeoff between liberty and security in our response to terrorism in this country and in our efforts to offer security to the people of the United States
is an attempt to take advantage of this:
http://en.wikipedia.org/wiki/S...
and the reason it will succeed is that those who are smart enough to know better than to make logic errors in public don't make them in error. They make them because they are selling something. And if they are selling it in the open, their sales pitch is just the tip of the iceberg.
Any guest worker system is indistinguishable from indentured servitude.
The greatest danger to people in law enforcement and related areas) is not the violence they face every day (directed at them or others) but in a warped view of the world. After dealing with so many criminals it's very easy to fall into the mindset that everyone is a criminal in some way or other. What the people see as protecting their rights and liberties these people all too often see as suspicious behaviour with probable criminal intent.