Non-US Encryption Is 'Theoretical', Claims CIA Chief In Backdoor Debate

Iain Thomson, writing for The Register: CIA director John Brennan told U.S. senators they shouldn't worry about mandatory encryption backdoors hurting American businesses. And that's because, according to Brennan, there's no one else for people to turn to: if they don't want to use U.S.-based technology because it's been forced to use weakened cryptography, they'll be out of luck because non-American solutions are simply "theoretical." Thus, the choice is American-built-and-backdoored or nothing, apparently. The spymaster made the remarks at a congressional hearing on Thursday after Senator Ron Wyden (D-OR) questioned the CIA's support for weakening cryptography to allow g-men to peek at people's private communications and data. Brennan said this was needed to counter the ability of terrorists to coordinate their actions using encrypted communications. The director denied that forcing American companies to backdoor their security systems would cause any commercial problems.

The "response" should be an indictment.

[mrchaotica]

Under 18 U.S.C. ss. 1001, lying to Congress is offense punishable by up to five years in prison (or eight if the lie is terrorism-related). The correct "response" to John Brennon's blatant, politically motivated, criminal lie is to indict him, convict him, and send him to Federal prison where totalitarian freedom-hating enemies of the American public like him belong.

Black Hat Herring

[lylefile]

The issue isn't whether the rest of the world would use it. The question is how long until the backdoor is hacked. Knowing its there will make it a prime target. Is the US government willing to back up its confidence with a guarantee to reimbursed all losses for everyone using this technology? Only then could the claim that it wouldn't "cause any commercial problems" be at all plausible.

Re:Lies from Spies

[wierd_w]

There would just be something like cyanogenmod that hits less than a year later. in fact, CM would probably issue a statement that they wont include the back doors.

CM is based on AOSP, and is wholly open source. If your device supports it, then you can use real crypto, while everyone else in the US gets to enjoy fake crypto.

The issue of course, is that you would need to encrypt so much, (because GSM and other hardware assisted crypto would be backdoored, so you have to put real crypto on top) that your battery goes flat very fast.

IMHO, the solution to that is for eurozone countries to mandate denying US variant GSM devices from working in their countries as an issue of national security. The corporate backlash would be intense.

Re:Can't decide

[kheldan]

He's the head honcho of the freakin' CIA, of course he thinks everyone else is stupid, especially politicians! How else other than overweening arrogance and likely a liberal amount of narcissism do you think someone gets that job in the first place? Strong work ethic? A strong sense of justice? LOL no, more likely successfully backstabbing all the competition and covering his tracks so thoroughly that nobody could pin anything on him!

It's politics, stupid

You have to be not actually dumb to get high up in government. But you do have to have a certain capacity to believe in the institutional lies, or at least repeat them as if you mean them. They still institutionally believe in a rather simplistic device to the point that gaming the thing is a criminal offence, for example.

More to the point, this here is politics in action. He is furthering an agenda in front of an audience that made this agenda-pushing their day-and-night jobs, but who do not necessarily have any clue whatsoever about what goes on under the veneer of the nice words from the very respectable chief of this here government outfit reporting to congress. So he's basically daydreaming his "truth" into existence. If he can get it enacted in law, he has won.

* Quiz: What other organisation institutionally believes in an unproven, even outright silly, bullshit device based on similar principles?

'American Companies Dominate'

[Jason+Levine]

Another article has more of the exchange:

Sen. Ron Wyden (D-Ore.), another committee member and staunch privacy advocate, has pilloried proposals to give law enforcement access to encrypted data, saying bad actors would simpy use foreign-based encrypted messaging apps. Brennan argued at the hearing that such a concern was theoretical because “U.S. companies dominate the international market as far as encryption technologies that are available through these various apps.”

Warner [Sen. Mark Warner (D-Va.)] questioned Brennan’s assertion. “Two thousand apps a day are added to the phone store. Over half of those are foreign-based entities,” he said.

In a statement following the hearing, Wyden countered that allowing government access to encrypted platforms “would not stop terrorists from using strong encryption and it would undermine American competitiveness and Americans’ digital security at a time when the threat from foreign hackers and cyberattacks has never been greater.”

Let's allow the assumption that American companies currently dominate the encryption field. We'll say that's true. How long would that dominance that last if foreign companies used strong encryption and American companies used hobbled encryption left vulnerable to the American government and hackers? Thank goodness for Warner and Wyden for pointing out how idiotic Brennan 's assertion was.

Re:American Companies

[St.Creed]

National companies and multi-national companies *do* belong to a nation-state. It doesn't show much, until they need someone to get their potatoes out of some hot fire somewhere. They can't just move and up, since they need ties on a personal level when you get into the big leagues. Not to mention the fact that if they have a lot of infrastructure somewhere, it's also physically difficult to move.

Let's assume corporations don't belong to a particular nation state. Like Disney. Could be Chinese, right? Mi Lao Shu and security guards with pink rifles. Works quite well in Shanghai - they are a minority shareholder though because, for some reason or another, the local company *does* belong to their nation state and the nation state knows it. Or take Coca Cola. Wouldn't hurt the brand at all if it incorporated as a Nigerian company tomorrow, I think. Or Mercedes. It could easily become an Italian brand. Would do wonders for its design, probably. Volkswagen could move to Rumania - their cars have the same amount of pollution as the old cars they have there so they wouldn't stand out so much.

But seriously: no company can do without the protection of a nation state because in the final analysis, a tug of war between competing business interests will eventually be decided with weapons. And that is the job of the nation state. And it will only defend it's *own* companies. Companies that don't have a protector will be at a severe disadvantage. Just consider what the support of the CIA meant for Boeing when it sank lucrative trade deals in the Middle East for Airbus because they had been tapping the trade negotiations and were able to provide tapes that proved corruption. Do you think that would have happened if it had been Airbus versus Dassault? Not a chance.