FBI Chief Calls Unbreakable Encryption 'Urgent Public Safety Issue'

The inability of law enforcement authorities to access data from electronic devices due to powerful encryption is an "urgent public safety issue," FBI Director Christopher Wray said on Tuesday in remarks that sought to renew a contentious debate over privacy and security. From a report: The FBI was unable to access data from nearly 7,800 devices in the fiscal year that ended Sept. 30 with technical tools despite possessing proper legal authority to pry them open, a growing figure that impacts every area of the agency's work, Wray said during a speech at a cyber security conference in New York. "This is an urgent public safety issue," Wray added, while saying that a solution is "not so clear cut."

Re:Why Not Try?

[ledow]

Decapping a chip is difficult, expensive and not guaranteed. Most TPMs and security-chips are almost impossible to open without damage.

Go look at the arcade-ROM decapping efforts. Even 30-year-old ROMs have protections that mean some games are now permanently lost forever, and the ones that are successful rely on "seeing" (via X-Ray etc.) the data as a visible effect on the image. That doesn't work for anything modern at all, you'd need new kinds of instruments or something to measure the individual charge on an individual transistor from billions of them on a tiny sliver of silicon.

Modern chips, especially those designed to be secure and avoid tampering? Not a chance. Nobody has yet demonstrated an attack on a modern TPM chip like that, and the private keys aren't exactly just sitting there in plain-text even if you could.

And then updating for EVERY technology change, nm-advancement, etc.? Cost would not just be prohibitive but astronomical.

Do you believe that those 7800 devices a year are all just one read away from stopping a terrorist attack each? Highly unlikely. If anything one arrest could result in 20-30 devices, not even worrying about whether it was a drug-deal or a telecoms violation or whatever else the FBI might deal with.

The value just isn't there, even if the technology could exist.

To my knowledge, literally NO-ONE in the world has read a key from a physical iPhone security chip, for instance. There have been software flaws, and things found in publicly available firmware that are quickly patched out but even those don't cause the processor to magically give up all its private keys. That's not how those chips work. Even Apple themselves may not be able to do it (only replace the device in question and reset it, not bring across the private keys).

This is part of the "problem". The system is secure. And that means secure from all attackers, including the people who want access to the devices for legitimate reasons (e.g. the owners in some cases!). If it wasn't, it would be insecure, against both those categories of people, and thus not be fit for purpose.

Sure, at some point, someone will find a hole. And then the next round will devices will counter that. But the FBI expecting to have something that nobody else in the world has, possibly even the manufacturer, which can only be given by weakening the whole purpose of the system for everyone, and for it to be cost-effective, to handle a boat load of enquiries that they presumably have NO OTHER evidence for? That's just silly.

I'm sure if it was "go to war or not" territory, someone would find a way. But there, no expense is spared. As a run of the mill "let's see what this terrorist suspect texted via WhatsApp" enquiry? Not a chance.

If they COULD do this, they would be. And they'd be keeping very quiet about it. Because the second it was public, every new phone, chip and computer would be redesigned to stop it in the future.

Re:The benefit of the doubt

[suutar]

Actually, the IRS cancelled that contract and went with Experian. How much better that is is up for debate, of course :)

Apparently they suspended the contract on 10/12, Equifax protested, and the GAO denied the protest.

Re:There is no middle choice here

[apoc.famine]

No downvotes for you at the moment, so I'll have to settle for pointing out how stupid your argument is.

First, "think of the children" is a shitty, fear-mongering argument designed to play to people's base instincts, and trap them in a corner so they can't produce a good argument against you. How do you argue against protecting children without seeming like a monster?

Second, if there is a switch to flip, that can and will be abused. Between nation states and malware, if you want it on there's the chance that it will get turned off without your notice, and if you want it off there's a chance it will get turned on without your notice.

Third, enabling authorities to invisibly snoop on anyone not smart enough to turn on their encryption is stupid and wrong. It sets up an expectation that they can check in on anyone when they want to, and creates the "why are you encrypting if you have nothing to hide" line of thought.

Last, technology isn't some magic shit that prevents law enforcement from doing it's job. It's the opposite, actually. Not only can they can do the same damn job the same damn way as they always have, we now live in a world with cameras everywhere, face identification, cell phone tracking, OnStar and other car tracking and remote control abilities, etc., etc., etc.

Law enforcement already has orders of magnitude more tools with which to catch bad guys than they had even a decade ago. There is absolutely no reason to allow them invisibly monitor every facet of a large percentage of people's lives, data mine and machine learn, heuristically profile, and otherwise pry into their lives without a trace because there's a vanishingly small chance they might be up to something. I don't care how bad or stupid those people are - that's abusive fascist secret police shit right there.

Re:I'm not sure it is

[Trailer+Trash]

To be honest, I don't think he's exactly wrong to say that unbreakable encryption is a public safety issue. It's an issue.

He's absolutely correct that it's a public safety issue. The last century taught us (those who were paying attention, at least) that authoritarian government is the biggest public safety issue that has ever existed, save for maybe the bubonic plague. So, sorry FBI, the bottom line is that we have bigger fish to fry than "encryption".

Breakable encryption != no encryption

[davidwr]

If encryption is breakable with a large amount of effort, then it does several useful things:

* It prevents people without the resources from accessing your mail.
* It may provide short-term security, which may be sufficient.
* It makes those who do have the resources be selective in whose encryption they break.

For example, if it takes a minimum of a week to break the encryption on an encrypted web connection that discusses an embargoed news item that will be published in 6 days, that's good enough.

Another example: If a government wants to crack down on encrypted communications among drug traffickers, but it costs them $10,000,000 for each decryption effort, they will need to pick and choose who they go after.

There are encryption systems that are provably unbreakable without a key, such as a one-time pad. Unfortunately, they are usually not practical to implement correctly.

Re:Breakable encryption != no encryption

[Bob+the+Super+Hamste]

Strong encryption is usually measured by the energy requirements on an ideal computer. If those energy requirements are on the order of the total energy released from a star over its entire life then it is strong. If it is something that is a sizeable portion of a nation state's total annual energy usage then it isn't strong. Very smart people are figuring out better ways to crack codes so the energy requirement for any cipher do decrease over time until they are so low that DES was cracked in under a day on a $200,000 machine in 2002.

Here is a nice little excerpt from Bruce Schneier's book Applied Cryptography that puts things in perspective on how to think about it. As an added bonus there is the phrase "orgy of computation" included:

One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

Given that k = 1.38×10-16 erg/Kelvin, and that the ambient temperature of the universe is 3.2 Kelvin, an ideal computer running at 3.2 K would consume 4.4×10^-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

Now, the annual energy output of our sun is about 1.21×10^41 ergs. This is enough to power about 2.7×10^56 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2^192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.

But that's just one star, and a measly one at that. A typical supernova releases something like 10^51 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.