Slashdot Mirror
FBI Tells Congress It Needs Hackers To Keep Up With Tech Company Encryption (buzzfeed.com)
An anonymous reader quotes a report from BuzzFeed: A high ranking technology official with the FBI told members of Congress Tuesday that the agency is incapable of cracking locked phones and devices on its own, even with additional resources. Amy Hess, the agency's executive assistant director for science and technology told a panel of the House Energy and Commerce Committee that encrypted communications continue to pose a challenge to the American law enforcement, and to the safety of the American public. But when asked by lawmakers to provide a practical solution beyond the FBI's talking points, she said that the cooperation of technology companies would be necessary. According to the New York Times, "The FBI defended its hiring of a third-party company to break into an iPhone used by a gunman in last year's San Bernardino, Calif., mass shooting, telling some lawmakers on Tuesday that it needed to join with partners in the rarefied world of for-profit hackers as technology companies increasingly resist their demands for consumer information." They are stressing the importance of cooperation with tech companies and "third parties" to help fight terrorism, claiming they do not have the capabilities and resources available to crack encrypted devices. Congress is currently debating potential legislation on encryption.
We will keep making more sophisticated encryption. You will not beable to keep pace with our progress. We do not want you in our devices, fuck your laws. Crapfully yours, The internet
Support your local school shooter, give them your firearms.
What are we paying the NSA for?
JUST MAYBE,
they should think about reparations.
I find it strange that nobody seems to mention that law enforcement worked just fine in ancient history when private conversations were not recorded at all. The government could not get a transcript on demand because there was none. Likewise, the government still is unable to read our thoughts. Why should a thought be treated differently when it is expressed in speech or electronically through writing? Why should the government feel hamstrung by inability to read our encrypted written thoughs when it still can not read them while they reside in our heads? Should we not demand that both be treated as private without question and inaccessible to government extortion? Law enforcement has done just fine without reading our thoughs for centuries; it should do just fine in the future without reading our encrypted letters.
Public vs private pay packet? Easy win.
Should it come to any surprise that the people they need don't want to work for the government? Or fled to Berlin to escape a similar fate?
If you keep backdooring encryption and ostracizing your own citizens who are strong on security, you can't expect to have any citizens who particularly want to help you out.
You can't just throw warm bodies at the problem like you can with traditional war. The Germans lost Einstein and countless other academic Jews to countries like the United States and Russia in WW2, and now the same thing is happening with security experts in the United States. Good luck with that.
moox. for a new generation.
We already assumed the FBI hired hackers. Nope, just good 'ol boys? Then it's the FBIs own damn fault.
Maybe if the FBI stopped requiring drug tests and lie detector tests for those employees it wants to be security and programming experts / hackers of its own, they might get some better applicants. The Venn diagram of those qualities reduces your option pool by quite a lot.
All this will do is promote better software that the hackers can't deal with.
That's how they be.
Hidden services? Oh, right this way, sir: Online games, like GTA Online. People who commit crimes, like games where You can commit crimes. I'm there selling my cunt now. I'm a midget retarded pedo, I'll tell You that I'm a cop.
And oh.. Noticed that half billion Android devices were scanned lately? Hmmmm....
Did anyone notice that Barack Hussein Obama, a Muslim Demoncrat is in office and tells the FBI what to do?
That is what they live for. They want to ruin our lives.
Good analogy especially since it was the fascist Bush Crime Family that greatly increased their powers and removed their judicial oversight.
Good evening...
I'd like to just quickly send a nice friendly message to the, uh, federal bureau of investigation...
Here's somethin' nice and friendly...
Here's somethin' nice and friendly...
Here's somethin' nice and friendly...
It goes a little somethin' like this...
Except Bush wrote his executive orders on a way that they can't be undone. Obama can do nothing in the face of unstoppable laws. Unstoppable laws.
He is a republican you damn liar. He does everything they order him to do. They hate is. Why sh dh
As do all Republicans. It's just that the President has given the FBI unlimited powers.
This. Obama can do nothing to fight the twenty year rule of the Bush Crime Family.
They are the new Gestapo. Bush removed all judicial oversight from his FBI.
See? Encryption is good for jobs.
I've worked in information security for a long time. I 've spoken with colleagues at various government agencies and learned that indeed they don't have a expertise far beyond what's available in the private sector; the movies are as fictional in that respect as they are in others. They do need assistance from the private side of the infosec community.
Fifteen years ago, I would have been happy to assist those who protect and serve if they were working on some actual crime, such as a murder case I was once contacted about. Since Snowden and other events, it's become quite clear that the federal government is not the good guys, for any definition of "good guys".
There's no single solution, but there is one thing that would really help. Prior to 9/11, international spy agencies such as the NSA were prohibited from sharing information with domestic police at agencies such as the FBI. The thinking was that the techniques and mindset used against our enemies, such as North Korea, shouldn't be used against our own citizens. After 9/11 it was determined (correctly) that the prohibition on cooperation made it more difficult to defend against attacks, so the rules were weakened or eliminated and cooperation between intelligence and law enforcement was encouraged. We need to put those walls back in place. Yes it will make defending against attacks more difficult, but it's worth it because the alternative turns out to be having the NSA and FBI attacking the citizens.
So what is the difference between wiretapping and surveillance, and hacking an encrypted phone? FBI probably outsources their microphones, lock-pics and letter openers as well. It is the intent, the circumstances and law that matters, not the general principle, in my not so humble opinion. Fundamental right violations have been viewed as targeting a specific person or a group of people, not to the formless mass of general public. Apple users are not a distinctive group of citizens from the perspective of fundamental rights, even if those users may like to view themselves as such.
If they want any hope of attracting top level talent to their field.. plain and simple. When you're that good you get to make your own rules to employment. Why would anyone want to take a pay cut to work for the FBI and deal with all the drug testing and clean desk policy? They don't pay more and they suck more to work for. There is no upside for people in high demand other than perhaps some kind of power trip, but career wise it would be a step backward for anyone even CLOSE to the top of their field. You should be making several hundred thousand dollars per year or millions if you are really that good, and those goes for just about any field. Top level talent is worth way way more.
should not throw stones.
By hiring hackers, the FBI's paying the throwers to get better at throwing.
One possible lesson is that maybe Apple putting in a hole which is controlled by a private key absolutely controlled by Apple stinks less than where this is heading.
Alternatively, the hackers will get good anyway and we'll have to figure out how to make secure gadgets.
This seems the only long term solution regardless of what Apple, the FBI and the courts do.
So how do you get the Web infrastructure companies,
which currently have an economic incentive to make things holey,
to suddenly have an incentive to plug the leaks?
That seems a much more important national security question here.
The FBI wants to grow the market-sector of black-hat hacking? (Yes, I know, but language evolves, so I use the 'press-accepted' term here.)
In what reality could this conceivably be a good idea? Tons of new "exploit-mining" companies would spring up. Many would then have the FBI as perhaps one of their clients.
We already saw this with Symantec in the 1980's giving away $50 for each 'new' or even 'variant' of a virus that someone 'discovered'. They helpfully provided examples – you know, for training and reference purposes. We ended up with tons of variants on the first PC viruses, with someone changing a single line of a text string in an irrelevant way – such as changing the text displayed.
Back to the FBI hoping to contract this work out: WTF? That's worse than making this part of the revolving door between government service and private-sector employment.
The FBI becomes indistinguishable from black hats.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
Who else are they going to turn to? All the honest, moral people gave them the finger.
Ah, and in the last eight years, what had the Obama administration done to counter that? Fucking moronic AC.
Just another day in Paradise
Umm, no. The executive branch doesn't control the judicial.
Just another day in Paradise
No, executive orders can be reversed at any time by the occupant of the White House. Nice try.
Just another day in Paradise
How many politicians are in jail, how many CEOs, how many multi-millionaires? It might just be the wealth and influence of those people invokes the 'too big to jail' effect but it's clear who the winners are in the war on crime/terror/drugs/piracy/pedophilia. EJ Hoover was a cross-dressing homosexual according to anecdotes, yet he spent his life enabling the policies of an elite society he could never join. The FBI hasn't changed that, they just using more brutal tactics against the losers.
Federal government is an organisation which, like all organisations, protects itself from loss and 'assault', however defined, first. Being "good guys" occurs when it feels like it. The cold war forced countries to demonstrate they were better than communists, or be destroyed by Marxist revolutionaries. That need to demonstrate their usefulness to their citizens has gone. Now their citizens are just another obstacle in the government's war on whatever.
It's a general problem with police forces in general. A police force can only function effectively if it has the consent and support of the population. To do this, it has to be seen as being on the side of the majority of the population. When you pass laws that criminalise the majority and when you cut funding for police programs that visibly assist the community, then this breaks down.
I am TheRaven on Soylent News
By their own laws the people they seek to "help" them are not "hackers" but "crackers" who would normally pursued and locked up by that same FBI. Don't tehy have NSA assets to use? No, because even the NSA cannot blatantly circumvent what Congress has ruled over and over regarding mandatory back doors. No, they are looking for criminals because they are engaging in crime and in circumvention of he will of the people. They must be treated as law breakers.
The US already have a bunch of very bright hackers on its payroll. They work down at Fort Meade in a big glass building with NSA written on the front of it.
What this smacks of, is kingdom building. The FBI is trying to bolster its own little playpen, instead of playing nicely with others and asking the NSA for help.
The FBI simply wants a bigger budget.
Take away the academy, weapons qualification, etc parts and will let them get more people as well as older tech pro's who should not be cut out if they are.
older than 37 (right now only have an Veterans ones)
don't have the right degree (they can also add more wavers)
driver’s license (easy to get but there are people in areas where you don't need a car)
There should be non field desk job roll that even some in wheel chair can do tech stuff for the FBI.
There is no right of the government to monitor communications. Before we had communications technology, it was all but impossible. The telegraph offered the first viable method for the government (and others) to spy on any and all communications, followed by the telephone, the cellphone, email, texts, etc. At each step, security was an afterthought, and so it provided a larger and larger attack surface. Governments (and others) have enjoyed the access that inattention has brought for too long. For so long, in fact, that they now view their access as an inalienable right that's being assaulted by "evil" tech companies.
The fact is that communications cannot be subject to eavesdropping by the government without also being subject to eavesdropping by criminals. The government knows this, and uses encryption to protect its own communications. The banks know this, and use encryption to protect their communications. Criminals know this, and use encryption to protect theirs. But that doesn't make criminals omnipotent. It doesn't even obstruct targeted surveillance. From bugs to keyloggers to laser microphones to tails, there are a wide array of surveillance tools and techniques to practice targeted surveillance. The problem is laziness -- the government wants to sit on its ass and let the information come to it, instead of going out and collecting it.
That's all well and good, if it works. But the downside isn't just the potential for abuse by the government, or the lack of oversight, or the intrusiveness. An insecure infrastructure is open to attack by malicious individuals, organizations, and nation-states. "Protection" against the narrow segment of "crimes and attacks that are preventable by solely by dragnet surveillance" comes at the cost of criminal network penetration, identity theft, corporate espionage, credit card fraud, malware, ransomware, and spying by foreign powers. We shore up defenses against the rare (if spectacularly awful) terrorist attack at the expense of the everyday cybercrimes, which are, taken together, *far* more harmful and preventable, even if they don't make for very dramatic headlines. It's like devoting all of our law enforcement resources to stopping serial killers and leaving regular murders -- the vast majority -- uninvestigated, let alone solved, and in fact encouraging them by a declared lack of enforcement. Worse, it's allowing our enemy to dictate our actions, to provoke a change in our behavior, ethics, and values.
Perversely, dragnet surveillance is not the antidote to anything other than security, and it takes a myopic vision and tragically flawed reasoning to believe otherwise. When the government asks for the keys to everything, just say no.
https://www.eff.org/https-everywhere
Not when they have been backed by congress.
"Patriot" act remember?
Would that matter?
I'm surprised they can find anyone who would claim to be a Hacker to work with them.
Low pay.
Poor track record sticking to the letter of the law, let alone the spirit of the law.
Do illegal things and hide them behind national security.
To me it is no different than the scientists that won't work on weapons technology for the military.
We can't trust them to use that kind of power responsibly at any level (local, state, or federal law enforcement).
The proper checks and balances are just not there.
Note to FBI: You're doing it wrong.
There should be non field desk job roll that even some in wheel chair can do tech stuff for the FBI.
There probably are. There is law that lets people declared permanently disabled by the SSA –people on SSDI – "go to the front of the line". Effectively, from the bits I've read, anyone SSDI disabled, applying for a Federal Government job:
* Gets to skip the resume-culling steps that everyone else must pass through—They get to be considered in the last round.
* Is entitled to 'special considerations'. Not just wheelchair ramps, but flexible scheduling and similar accommodations.
* Is a 'diversity hire', scoring the hiring departments political points
The program is intended to have the same % of 'regular' people employed in proper jobs as the $ of SSDI people employed in proper jobs – jobs for which they must be qualified, BTW.
The reason the FBI will never be able to recruit the types of talent it needs, are as follows:
Must be a US citizen
Must be able to obtain a government issued top secret security clearance w/SSBI and lifestyle polygraph
Most of the best hackers simply don't apply, due to the fact they wouldn't qualify, and in addition, a lot of hackers
like to mess around with recreational drugs, which is a killer on the SF-86, unless it's pot and not a felony conviction
(or has been reduced from a felony).
I'm not shedding a tear over their in-ability to attract the best and brightest, due to the fact that if people remembered
what happened to Wen Ho Lee at the U.S. Dept of Energy, he was railroaded by the government and pled guilty to
mishandling classified information when the government's case fell apart (even the federal judge in the case apologized
to Mr. Lee after sentencing him, which is a pretty strong rebuke, esp. from a US. Federal Judge)...
Pathetic, if you ask me...
They went after the Quest CEO and put him in jail for 6 years after he refused to cooperate with the NSA.
And sloshes back up to The Hill. These Congressional leaders know what they know and don't listen to no scientists! The contempt and fear is palpable. When reality doesn't conform, they resort to threats, blame games and force.
So the FBI can't find talented people to help them with imaginary, badly conceived, and wrongheaded problems. I'm shocked, I tell you, shocked!
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"