FBI Chief Calls Unbreakable Encryption 'Urgent Public Safety Issue'

The inability of law enforcement authorities to access data from electronic devices due to powerful encryption is an "urgent public safety issue," FBI Director Christopher Wray said on Tuesday in remarks that sought to renew a contentious debate over privacy and security. From a report: The FBI was unable to access data from nearly 7,800 devices in the fiscal year that ended Sept. 30 with technical tools despite possessing proper legal authority to pry them open, a growing figure that impacts every area of the agency's work, Wray said during a speech at a cyber security conference in New York. "This is an urgent public safety issue," Wray added, while saying that a solution is "not so clear cut."

Think of the children

[110010001000]

Think of the children! No, not the children assembling iPhones in sweatshops: the children the FBI are looking to protect. Think of them.

Re:Think of the children

[Opportunist]

As much as these asshole think of the children, I can't help but think that they're pedos.

Re:Think of the children

[sexconker]

It's the Reptilians. They have a penchant for pederasty. That's why so many powerful "people" get found out as being pedophiles. They're just Reptilians.

What can you do to stop the Reptilians? Join the Church of Scientology. The organization's main goal is containing, and eventually eliminating, the Reptilian threat on Earth.

Re:Think of the children

No...this is cyberspace, where the men are men, the women are men and the children are FBI agents.

Re:Think of the children

[ISoldat53]

Doesn't pederasty have something to do with feet?

Re:Think of the children

[Opportunist]

So... the FBI boss wants us to think of the FBI agents?

Kinda makes sense, but it just doesn't really make for a catchy phrase.

Spoiled short-term-thinking brat

[Tablizer]

"I want free access to the cookie jar, waaaaaah!"

Re:Spoiled short-term-thinking brat

[DickBreath]

If the FBI gets their way on this weak breakable encryption, it will have economic consequences for the US.

The other 96% of the world's population will know that they can't trust American products. They might make their own phones, systems, devices, etc even more secure against American TLAs. Thus accomplishing the opposite of what the TLAs want.

Aren't the majority of smartphones already made outside the US? Maybe all they need to do is build their own secure OS with secure encryption that the US won't like. Will the US stop people coming in with foreign made phones that are too secure?

What about economic consequences of American executives traveling abroad using insecure US made equipment and having valuable trade secrets stolen?

But think of the children!

Re: Spoiled short-term-thinking brat

[david_thornley]

Right now, you don't trust US products not to have back doors. Wouldn't it be worse if you knew US products were legally required to have back doors?

Oh no!

[gfxguy]

Heaven forbid people actually be secure in their persons, papers, and effects!

Re:Oh no!

[MachineShedFred]

If he can find unbreakable encryption to be an urgent public safety issue, can I find him to be an urgent public privacy issue?

Also, no amount of wishing will put the AES-256 toothpaste back in the tube. Because, math.

Re:Oh no!

[TheGratefulNet]

pigs just keep on piggin'.

each month is a new cry about their lack of ability to STROLL THRU OUR LIVES and even plant shit on our computers.

we will not give in. but I suspect we'll lose anyway, because they have infinite money, power, almost people, who want to invade our privacy for lulz (mostly).

its sad that we are now in a perpetual state of WAR with our own governments on this very issue. and they show no signs of giving in.

Re:Oh no!

[suutar]

This. Even if it was mandated tomorrow that all encrypted communications shall use X cipher to which the government has a backdoor and through magic psychic software it actually cannot be decrypted without proper cause and judicial review, there's not anything that would prevent the payload from being encrypted again using a different system, and there would be no way to tell without actually decrypting the outer wrapper.

Re:Oh no!

[sdinfoserv]

People said that when television first went to satellites. Back in the '80;s, home satellite TV boxes had card readers (just like credit cards) that had all your data id: channel and subscription info, on them. Possession of card readers, used by hackers to read/write their own cards, even for legitimate purposes (like making library cards on the same technology) became a crime - So too did even the "knowledge" of how the readers worked. It was a crime to post or share data layouts or how the hardware functioned. When a society reaches a point where it accepts that knowledge itself is a crime, essentially, outlawing ideas, the notion of "freedom" from there on is nothing more than veneer.

Re:Oh no!

[rickb928]

The question might better be phrase 'is it unreasonable to require breakable encryption that may expose all of a person's 'papers and effects' despite their intention to be private in such?'

Because we recognize a right to be secure from unreasonable searches and seizures.

Re:Oh no!

[jittles]

Also, no amount of wishing will put the AES-256 toothpaste back in the tube. Because, math.

Which is exactly why I would like to outlaw specific types of math. Nobody needs anything larger than a 32-bit number for anything, nor a decimal point number. Let's ban floating point math and any number larger than 2^31 (for scientific use) and 2^29 (for economic use). This prevents strong encryption (remember that symmetric encryption can be done in far fewer bits than the FBI would like to allow). Problems solved for everyone.

The benefit of the doubt

[sinij]

I will grant Christopher Wray benefit of the doubt and interpret his words charitably - he must have meant it is public safety issue that more people don't use strong cryptography, potentially exposing sensitive data to FBI and other crooks.

Re:The benefit of the doubt

[pr0fessor]

What the law enforcement clambering for a back door or weaker encryption forget or fail to see is that the 7k cases they are talking about isn't even a drop in the bucket compared to the 17 million identity thefts each year

Re:The benefit of the doubt

[suutar]

Actually, the IRS cancelled that contract and went with Experian. How much better that is is up for debate, of course :)

Apparently they suspended the contract on 10/12, Equifax protested, and the GAO denied the protest.

Re:The benefit of the doubt

[amiga3D]

The real safety issue is the lack of respect our government has for the Constitution. I for one am not happy with the whole secret court, secret warrant and other "Patriot Act" nonsense. The government has immense power and only wants more and more. The most dangerous thing in any society is a government that forgets it rules for the people and not OVER them.

I'm not sure it is

[H3lldr0p]

I don't see it all that short term thinking. This is definitely part of a larger picture, a longer termed plan.

Get this wedge in now, this idea that some authority should have all the keys to the encryption kingdom, and it should be easier to keep it there when the next privacy scheme comes along. Otherwise it's a doubly hard fight the next time. You have to convince more people that the authorities are correct to want it. Do it now, when it is of less concern.

Re:I'm not sure it is

[110010001000]

Exactly. Once the plan is in place it is very hard to repeal. After all, the plan was keeping us safe. Why would you want to repeal it? Do you want the terrorists to win?

Re:I'm not sure it is

[Archtech]

In fact the story goes back to 1975 (at least). That's when Diffie and Hellman found themselves battling the NSA, which wanted DES to be accepted as the encryption standard simply because NSA could crack it.

Re:I'm not sure it is

[ebyrob]

It's sad.

Breakable encryption is no encryption at all. I guess the 3 letter agencies want to back-door themselves to indeterminism along with the whole world just because they think it'll give them that last 2% of control. Perhaps they don't realize what an asymptote maximizing control is. (With an emphasis on the as)

Re:I'm not sure it is

[bluefoxlucid]

I strongly oppose government efforts to weaken our protections. I'm relying on unbreakable encryption in my own campaign, notably in my plans to end identity theft and increase voter participation. The most-powerful encryption ever used has been the spoken word, in closed quarters, with a soft noise generator to prevent electronic surveillance: no record of communications. Written and then pulped notes. Anything that destroys the data.

I haven't translated these plans to my new site yet. I need to, but I've been working alone. My political competitor, Elijah Cummings, has expressed no interest in protecting our privacy from domestic spying.

Re:I'm not sure it is

[nine-times]

To be honest, I don't think he's exactly wrong to say that unbreakable encryption is a public safety issue. It's an issue. It's an issue we can debate and think about and talk about. If encryption is unbreakable, then it makes it harder for law enforcement to do certain things that they might validly want to do.

On the other hand, if people can't encrypt their data (or that encryption is breakable), then it creates an entirely different set of problems. People can't safeguard their data or protect their systems. It increases the vulnerability of our infrastructure. It increases the chances that criminals and terrorists can gain access to important and private information.

There are going to be real valid problems either way. There should be open discussions about what all of those problems are, and how we can mitigate them. But ultimately, I don't think breakable encryption (or backdoored encryption) is a viable long-term option, even if we were willing to live in a police state. The ability to break or circumvent encryption will inevitably fall into the hands of criminals.

Re:I'm not sure it is

[sdinfoserv]

My biggest problem with "them" having the keys to the entire kingdom is "they" have repeatedly demonstrated a lack of accountability, complete disregard to law when not being immediately scrutinized, and just the basic ability to keep the keys they already have, safe.
Other than that, what's the problem?

Re:I'm not sure it is

[dgatwood]

Even if you assume that they'll do their jobs perfectly, there would still the problem that any back door is essentially guaranteed to eventually be discovered by bad actors and used against the public at large. If the NSA gets their way, we won't be able to do banking online, because it won't be possible to secure the transactions. We won't be able to use credit cards at stores, because it won't be possible to secure the transactions. Basically, imagine a global information apocalypse, and then multiply by 1,000, and you're still not scared enough. Their proposal would be a ticking time bomb that at some arbitrary point in the future would quite literally bring about the end of modern civilization as we know it.

And it would only affect the good guys—the people who have nothing to hide. The bad guys—the people who are actually trying to hide things from law enforcement—would still use unbreakable encryption. After all, the punishment for breaking a crypto law can't practically exceed the punishment they would get if they handed over proof of two decades of drug smuggling, contract murders, etc. Better to go to jail on that minor charge for a year or two than for the rest of your life. So there's absolutely no incentive for the bad guys to follow the law, which means they won't.

This isn't even one of those situations where you can justify it by secondary effects. Folks scream about gun control even though reducing the number of weapons in the hands of the good guys does reduce the number of weapons in the hands of bad guys by reducing the number of weapons out there in the world that can easily be stolen, de-serialed, and sold on the black market. This doesn't even have that advantage, because you don't have to steal crypto software. It costs nothing to make a copy of a piece of software (assuming it isn't commercial software), so the bad guys won't have any trouble getting real crypto even if they take away everyone else's access.

And even if somehow they could magically fix all of those problems with a crypto system based on rainbows and unicorn farts, breaking everyone's crypto still wouldn't buy them much. At best, in the hypothetical situation where someone committed a terrorist attack, they might be able to determine whether the people that person contacted were terrorists or not, instead of having to investigate all of them. So it would save a relatively small amount of investigative effort. And in exchange for that tiny savings by our government, they want us all to give up every shred of privacy—every shred of information security—and send us hurtling headlong towards the end of the world as we know it.

No, what they are proposing is approximately the single most stupid thing ever to come out of any branch of government. This tops the ban on carrying soft drinks through airport security. This tops the ban on pocketknives. This tops the California cities that limit the number of electric vehicle parking places at businesses in the hopes that somehow it will magically reduce road congestion by making people drive their gas guzzlers. It is completely unjustifiable through any logic, no matter how far you try to stretch it—completely and utterly bonkers. Sad.

Their idea is bad, and they should feel bad.

Re:I'm not sure it is

[geekmux]

To be honest, I don't think he's exactly wrong to say that unbreakable encryption is a public safety issue. It's an issue. It's an issue we can debate and think about and talk about. If encryption is unbreakable, then it makes it harder for law enforcement to do certain things that they might validly want to do.

On the other hand, if people can't encrypt their data (or that encryption is breakable), then it creates an entirely different set of problems. People can't safeguard their data or protect their systems. It increases the vulnerability of our infrastructure. It increases the chances that criminals and terrorists can gain access to important and private information.

There are going to be real valid problems either way. There should be open discussions about what all of those problems are, and how we can mitigate them. But ultimately, I don't think breakable encryption (or backdoored encryption) is a viable long-term option, even if we were willing to live in a police state. The ability to break or circumvent encryption will inevitably fall into the hands of criminals.

You want to have open discussions? Fine. We'll start with dismantling the FISA court system that seeks to hide Unconstitutional activity.

I agree, there are issues on both sides. No one is debating the existence of a Catch-22 here. The real problem is those who are asking for the keys to the kingdom cannot be trusted to respect The People or their Constitutional Rights. THAT is the real issue to address.

Re:I'm not sure it is

[Trailer+Trash]

To be honest, I don't think he's exactly wrong to say that unbreakable encryption is a public safety issue. It's an issue.

He's absolutely correct that it's a public safety issue. The last century taught us (those who were paying attention, at least) that authoritarian government is the biggest public safety issue that has ever existed, save for maybe the bubonic plague. So, sorry FBI, the bottom line is that we have bigger fish to fry than "encryption".

Re:I'm not sure it is

[VeryFluffyBunny]

And the FBI doesn't see weakened, back-doored, or no encryption as a threat to national security? Just think, Russia or North Korea could interfere with US elections!

Re:I'm not sure it is

[HornWumpus]

We don't get much data on the FISA courts. What we get shows the promises made to be pure, unmitigated bullshit.

The FISA judges are supposed to be holding the government to standards. They are FAILING, based on 100% FISA court warrant issue rate reported for the initial years of operation.

Rubber stamp court should be abolished immediately, all warrants quashed. All records publicly reviewed and any perjury by feds (or anybody else) prosecuted to _full_ extent of law (after a period of a few years).

I can dream can't I? Not a crime to dream of justice for the justice department, at least not yet.

Re:I'm not sure it is

[infolation]

Their meltdown backdoor's unavailable so it's time to legislate on front doors again.

Re:I'm not sure it is

[HornWumpus]

Because they are cops and that's what cops do? Adversarial system and all, they're supposed to reach (just not perjure themselves in the process).

It's not a big assumption at all. Assuming that all the applications were good is a HUGE assumption.

A public review (and prosecution for lying cops/prosecutors) is the only remedy at this point. Like I say, give them a couple of years to 'cool down', then it's off to jail for at least a few feds.

Lying to a fed is a crime. Feds lying to themselves _should_ be prosecuted.

Re:I'm not sure it is

[ewhenn]

I'd also wager that the 1st amendment protects encryption. I can communicate using any language I wish. In this case, I communicate in AES256. If you don't understand it, that's on you to figure out and not up to me to explain it to you. Also, I agree 100%, unbreakable encryption is not going to go away - the genie is already out of the bottle.

Re:I'm not sure it is

And the FBI doesn't see weakened, back-doored, or no encryption as a threat to national security? Just think, Russia or North Korea could interfere with US elections!

They don't.

They view themselves as primarily tasked with controlling the law-abiding.

They don't consider following the Constitution, upholding the law, or protecting US citizens as what they do.

They are a political attack-dog for the deep state cabal. Nothing more. (And they have ALWAYS been this.)

Re:I'm not sure it is

[cayenne8]

Hell, on the other hand, they may already actually really have it all broken, and the TLA's are doing a very smart thing...bitching that they can't get into devices to give everyone a false sense of security.

Or...am I giving them too much credit?

Re:I'm not sure it is

[Bob+the+Super+Hamste]

I have always viewed the issue around encryption and law enforcement as one of, does someone have to assist prosecutes in prosecuting them? So do I have to interpret data for those who want to use it against me as that is what one is doing? They have the data, just because they can't figure it out doesn't mean I have to help them.

There is no middle choice here

[DontBeAMoran]

Either encryption works for everyone, or it works for no one.

In the end, calling unbreakable encryption an "urgent public safety issue" is pointless.

Why are cars lacking security features against terrorists?
Why are guns lacking security features against terrorists?
Why is cash lacking security features against terrorists?

The FBI/CIA/NSA does not only want to access the devices thieves/killers/terrorists, they want to spy on EVERYONE.

Re:There is no middle choice here

[110010001000]

Exactly. Think of the children. How many children could have been found if only there were no encryption? Why aren't you thinking of the children? You must want the kidnappers to win.

Re:There is no middle choice here

[Opportunist]

How many children could we have found if torture had been an option so we could make the kidnapper talk?

How many children could we have found if that whole search warrant thing wasn't a problem and we could simply break into every home with impunity and pry the house apart?

How many children could we have found if every person would get chipped at birth, like a dog, so we can track there whereabouts at every moment of their life?

How many...

tell me when it's getting close to home, ok?

Re:There is no middle choice here

[suutar]

so we're going to be selecting for smarter criminals, yes? Nothing could possibly go wrong with that.

Re:There is no middle choice here

[Metabolife]

How about you drop the blanket sarcasm shield and put some rationale behind your opinions?

If 30% of the population enable optional encryption, and 70% do not. That's 70% of potential "dumb" criminals to be caught. 30% is still enough to prevent targeted monitoring, privacy channels remain intact and effective, and more crimes get solved. Over time, the news will spread, and the majority of people will consciously choose to enable encryption on their devices.

Having an informed population helps the long-term fight for encryption.

Re:There is no middle choice here

[apoc.famine]

No downvotes for you at the moment, so I'll have to settle for pointing out how stupid your argument is.

First, "think of the children" is a shitty, fear-mongering argument designed to play to people's base instincts, and trap them in a corner so they can't produce a good argument against you. How do you argue against protecting children without seeming like a monster?

Second, if there is a switch to flip, that can and will be abused. Between nation states and malware, if you want it on there's the chance that it will get turned off without your notice, and if you want it off there's a chance it will get turned on without your notice.

Third, enabling authorities to invisibly snoop on anyone not smart enough to turn on their encryption is stupid and wrong. It sets up an expectation that they can check in on anyone when they want to, and creates the "why are you encrypting if you have nothing to hide" line of thought.

Last, technology isn't some magic shit that prevents law enforcement from doing it's job. It's the opposite, actually. Not only can they can do the same damn job the same damn way as they always have, we now live in a world with cameras everywhere, face identification, cell phone tracking, OnStar and other car tracking and remote control abilities, etc., etc., etc.

Law enforcement already has orders of magnitude more tools with which to catch bad guys than they had even a decade ago. There is absolutely no reason to allow them invisibly monitor every facet of a large percentage of people's lives, data mine and machine learn, heuristically profile, and otherwise pry into their lives without a trace because there's a vanishingly small chance they might be up to something. I don't care how bad or stupid those people are - that's abusive fascist secret police shit right there.

Re:There is no middle choice here

[DickBreath]

Encryption can be either secure or insecure. You can't have it both ways.

If secure, then the hackers can't break it, but neither can the government.

If insecure, then the government can read your data, but so can the hackers.

If US made products are known to have mandated weak encryption, the rest of the world will take note of that. It will put US products at a competitive disadvantage relative to other products not subject to mandatory weak encryption. US travelers abroad can have their valuable trade secrets stolen because: think of the children!

Re:There is no middle choice here

[110010001000]

Yeah, but think of all the dumb ones that will be caught! We could also do something to make the smart ones dumb. Like put stuff in their water. Or make them read the comments on Slashdot. That way we will catch them all. Because they will be dumb. It will be like Idiocracy, but real.

Re:There is no middle choice here

[lgw]

Encryption is nothing new. All that's changed is that now ordinary people are using it too - not just people with something to hide. Odd that it's suddenly a problem - it's almost like the FBI has some ulterior motive.

Where is the mass danger?

[Arzaboa]

An urgent public safety issue? Talk about first world problems. Even if one person gets through and kills 50 people, Its a sad day, but certainly not the end of the world.

--
We had every right to shoot him. - G. Gordon Liddy

Legal authority to pry them open

[nctritech]

You have the legal authority to pry them open. Get prying. Having the authority to try to open something doesn't give you the entitlement to open it. Unfortunately, it seems the top dog at the FBI does not understand this concept. It's also entirely the fault of the FBI and other government agencies with police powers that this encryption situation has gone in this direction. They made this bed and they must lie in it. No law can change the fundamental properties of mathematical operations, and good luck outlawing consumer encryption since every CPU being made nowadays (even Celerons and Atoms) has hardware AES and such strong encryption is ubiquitous. Combined with the epic failure and subsequent revelations of major flaws in the government's key escrow Clipper Chip, there is no way the FBI is killing off the spread of encryption.

Re:Legal authority to pry them open

I prefer a less.. unusual example. A search warrant grants them the right to seize my physical, paper, spiral-bound notebook. It does not grant them the right to force me to teach them how to read it.

Re:Legal authority to pry them open

[Rick+Schumann]

It's not a matter of whether they understand the technology or not. They just don't give a damn. They want access to EVERYTHING, ALL THE TIME, and Constitional rights be damned. This is the true nature of the mind of your average law-enforcement type. Your 'rights', to them, are more like 'privileges, which can be granted and revoked at their will and whim, because they have guns.' This is why we're supposed to have checks and balances built into our criminal legal system, and this is why it's important to preserve and enforce those checks and balances, to preserve our Constitutional rights. Otherwise we're no better than some country like Russia or North Korea. We must always be vigilant against the rise of the Police State.

Re:Legal authority to pry them open

[nctritech]

Revealing an encryption password in your head is testimony and forcing that disclosure violates the Fifth Amendment; never mind other issues such as if the person legitimately forgot the password and so has no password to hand over. So yes, for encryption it works that way. I have yet to see anything to the contrary in the US.

Also, there is absolutely nothing I have ever seen anywhere that says you must hand over the keys to your house if someone has a search warrant. You may choose to do so instead of having them bust down your door, but a search warrant cannot be used to force you to assist the police in executing it, nor should it be. Note that you even said "the police can do what they want with a warrant" which is not the same thing as the police forcibly conscripting the subject whose effects are being searched to assist in the search in any way.

Are you in the legal profession? If so, and I'm wrong, I'd like some citations that point to the case law or statutory language that makes it so. It would be appreciated.

'Urgent Public Safety Issue'

It is an 'Urgent Public Safety Issue', but not in the way they are suggesting...

Another encryption ...

[CaptainDork]

... is our fucking brains.

"Our inability to get inside people's heads is an "urgent public safety issue."

The FBI Chief

[cmaurand]

Apparently doesn't know what the first, fourth and fourteenth amendments are or that they are supposed to protect us from him.

Sure

[HornyBastard]

I will use any encryption that you want me to use.
As long as you can prove to me that you use the same encryption for everything at the FBI.
If you are not willing to do that. GO FUCK YOURSELF

Why Not Try?

[bartle]

What puzzles me is, with all of the resources that the US federal government has at their disposal, why aren't they actually trying to crack encrypted phones?

As I understand it, the older iPhones could likely be cracked by desoldering a chio and interrogating it. The newer ones have their entire security apparatus encased in a single chip but I don't see why the chip couldn't be removed, disassembled, and its partial private key extracted. It's probably not something that could be done by hand and would probably involve contracting with a chip-fabricating outfit. The outlay costs would be enormous but once a "Federal Bureau of Device Recovery" was established and operational, they could make back money by cracking phones for state and local law enforcement.

It's just so strange because it seems likely that eventually other countries will have this capability, if they don't already. My guess is that if the FBI hasn't figured out how to crack encrypted iPhones themselves in the next 5 years, they'll be a company in Israel that will be happy to do it for them.

Re:Why Not Try?

[ledow]

Decapping a chip is difficult, expensive and not guaranteed. Most TPMs and security-chips are almost impossible to open without damage.

Go look at the arcade-ROM decapping efforts. Even 30-year-old ROMs have protections that mean some games are now permanently lost forever, and the ones that are successful rely on "seeing" (via X-Ray etc.) the data as a visible effect on the image. That doesn't work for anything modern at all, you'd need new kinds of instruments or something to measure the individual charge on an individual transistor from billions of them on a tiny sliver of silicon.

Modern chips, especially those designed to be secure and avoid tampering? Not a chance. Nobody has yet demonstrated an attack on a modern TPM chip like that, and the private keys aren't exactly just sitting there in plain-text even if you could.

And then updating for EVERY technology change, nm-advancement, etc.? Cost would not just be prohibitive but astronomical.

Do you believe that those 7800 devices a year are all just one read away from stopping a terrorist attack each? Highly unlikely. If anything one arrest could result in 20-30 devices, not even worrying about whether it was a drug-deal or a telecoms violation or whatever else the FBI might deal with.

The value just isn't there, even if the technology could exist.

To my knowledge, literally NO-ONE in the world has read a key from a physical iPhone security chip, for instance. There have been software flaws, and things found in publicly available firmware that are quickly patched out but even those don't cause the processor to magically give up all its private keys. That's not how those chips work. Even Apple themselves may not be able to do it (only replace the device in question and reset it, not bring across the private keys).

This is part of the "problem". The system is secure. And that means secure from all attackers, including the people who want access to the devices for legitimate reasons (e.g. the owners in some cases!). If it wasn't, it would be insecure, against both those categories of people, and thus not be fit for purpose.

Sure, at some point, someone will find a hole. And then the next round will devices will counter that. But the FBI expecting to have something that nobody else in the world has, possibly even the manufacturer, which can only be given by weakening the whole purpose of the system for everyone, and for it to be cost-effective, to handle a boat load of enquiries that they presumably have NO OTHER evidence for? That's just silly.

I'm sure if it was "go to war or not" territory, someone would find a way. But there, no expense is spared. As a run of the mill "let's see what this terrorist suspect texted via WhatsApp" enquiry? Not a chance.

If they COULD do this, they would be. And they'd be keeping very quiet about it. Because the second it was public, every new phone, chip and computer would be redesigned to stop it in the future.

Re:Why Not Try?

[DickBreath]

Because. What they REALLY want is different. They want unsupervised, unmonitored, warrantless access to all your data, any time. All the time. That is what this is actually about. Even if they need secret gag orders imposed upon tech companies. They want unmonitored access.

We now have:
Secret Laws
Secret Interpretations of Laws
Secret Courts
Secret Warrants
Secret Court Orders
Secret Arrests
Secret Trials
Secret Evidence (not made available to the defense)
Secret Convictions
Secret Prisons
Secret "enhanced interrogation" programs


Gee, it sounds like we've become everything we were fighting against in the previous century.

Meanwhile at the NSA

[Hal_Porter]

The director paged through the packet logs from the FBI director's machine and smiled to himself.

Crooks...of what magnitude?

[Impy+the+Impiuos+Imp]

They want to catch crooks. Meanwhile, billions in dictatorships are kept down with the assistance of breaking crypto.

Are we to sacrifice them so a prosecutor can get a notch or two on his belt once in a great while?

And what are those hundreds of millions of children living with a boot on their face...forever...worth?

Torture and murder some, you are a nasty criminal. Torture and murder hundreds of thousands, and people in free countries say you are practicing self-rule.

And what happened?

[PPH]

7800 terrorists went free? 7800 deals for pot were consummated? Or 7800 sets of hot nude pics were not drooled over by FBI agents?

Hey, nobody said...

[dark.nebulae]

Nobody said your job was going to be easy.

No one has granted you carte blanche to access our data, our lives, our thoughts.

The big problem here is the effort to prevent a crime vs solving a crime.

The government, the police, the feds, etc. want access to prevent a crime, but that in itself is quite fluid because, as Trump is demonstrating, it can be a "crime" just to say he is a foolish, petulant child. So they want access to everything to "prevent" this kind of thing.

While I might support cracking something open for additional evidence to solve a crime, where at least one or more judges agree that a crime has been committed and where the courts can be used to argue whether or not to force the opening, I would never consent to allowing any so-called authority a pass key to dig around in my stuff in a preventative fishing expedition.

Down with the Fourth Amendment!

[mi]

this idea that some authority should have all the keys to the encryption kingdom

Much as I don't like this idea myself, it is not new.

The Fourth Amendment explicitly allows the Executive Branch — after securiing Judicial Branch's approval — to access all of our possessions and "effects". They have a right to do that, which no one seems to seriously dispute.

The strong encryption has given us the means to lock things up so that even the government can't get them — this part is new. Although they still have the right to read your data, they no longer have the ability to do it.

While this is something we individually celebrate, you can not denounce police complaints about this situation without also denouncing their well-established — and generally accepted — power to search all your other stuff.

Re:Down with the Fourth Amendment!

[hierofalcon]

While correct, you're missing the point. Ciphers have been around for a very, very long time. They weren't used as extensively in the past as they are today. But they've been around throughout history. A quick wikipedia search references Egyptian hieroglyphs for example. The technology progressed over time and the cost to break the encrypted text increased over time to what we have today.

Nonetheless, encrypted communications were available when the constitution was written and they were in use. Yet the constitution makes no mention of preventing the citizens from using encrypted communications or in forcing the users to decrypt the documents on demand.

The federal government gave itself the rights mentioned, but did not choose to worry about the technology of the day providing documents that they could see, but couldn't decrypt without a lot of work or the help of one of the parties on either end of the transmission. They had just fought a revolution against a government that employed big brother tactics (like garrisoning soldiers in people's homes). They didn't want the government doing any of that type of crap anymore.

The FBI and others might really wish today that the writers had considered encryption, but they didn't choose to. The writer's generation relied on spies and good old footwork to figure things out. They didn't rely solely on documents. Good for them.

Re:Down with the Fourth Amendment!

[hierofalcon]

You're still missing my point. An encrypted document in and of itself didn't make you a criminal in those days. The government may or may not have been able to decrypt it eventually, but the most it could do if intercepted was mark you as a person of interest for more resources to be allocated to. Then, if you actually broke the law, they could handle that within the limits of the rest of the amendments. The existence and contents of the original document weren't directly actionable.

With a master key, this changes. The government can read the document (and every document in an automated environment) and then decide whether or not you are of interest. This falls much closer to the garrisoned soldier situation than just having solidiers near the town. The contempt citation is accurate if you actually do end up breaking a law, but the whole due process is different now that what was originally intended, and I believe the founding fathers would be against what is being proposed. Personal privacy won out in that day. I think it still would in their minds, regardless of what all is going on.

Re:Down with the Fourth Amendment!

[anegg]

The Fourth Amendment explicitly allows the Executive Branch â" after securiing Judicial Branch's approval â" to access all of our possessions and "effects". They have a right to do that, which no one seems to seriously dispute. The strong encryption has given us the means to lock things up so that even the government can't get them â" this part is new. Although they still have the right to read your data, they no longer have the ability to do it.

I'm not of the opinion that the U.S. Constitution's Fourth Amendment explicitly allows the Executive Branch to access all of a citizen's possessions and "effects", nor does that confer upon them a "right" to do so. It establishes that no search can take place or things be seized without a warrant that specifies what is to be searched/what is to be seized, nothing more. I supposed there is an implicit assumption there that if they find what they are searching for they can seize it, and use it as evidence, but that is a far cry from a right "to access all possessions and "effects."" For example, if they don't know where to look for something (or even whether it exists) because it has been hidden it/all knowledge of it has been hidden, they obviously can't search/seize it. Strong encryption can be viewed as giving one the ability to hide data so that it can't be seen rather than the ability to lock it up so that it can't be accessed.

So I don't agree that the police have the well-established or generally accepted power to search all of a citizen's stuff; just that which they can find. And encryption lets one hide it well.

Re:Down with the Fourth Amendment!

[Bob+the+Super+Hamste]

At least one of the founding fathers was well aware of strong cryptography and at the time made a cipher that was thought to be unbreakable by some. By today's standards it is pretty weak but versions of it saw use into WWII where it was used for securely transmitting near real-time info that if cracked a few hours or a day later by the enemy would be of no value.

Accountable Anonymity is Possible

[Slicker]

While we want privacy and anonymity, we don't want it used for nefarious purposes. Such things tend to serve people generally but also terrorists, pedophiles, drug cartels, etc. I strongly believe we need a system that provides accountable anonymity, such as a Reputational Identity Service.

That is, create an identity that enables others it interacts with to rank its reputations along a rubric. This could be used for determining if the identity is a good citizen on comment boards, doesn't cheat people in business, etc. It could act as a form of credit check... Does the entity have a strong reputation for dependability in paying what it owes? Just like with ordinary credit, an identity would begin with no reputation and slowly build one over time. If the identity has a long history of being a certain way then the risk is low that that will change any time soon. This is true, even if the same person holds two identities--one for good and one for evil. You will know which one is safe to deal with, and how much it is..

Each person's must have a limit as to how much he/she can give to others, to prevent undue reputation inflation or deflation. So each time you score another, you have a percentage of your total to give and that takes away proportionally from those you have already given to. So one's reputation can build but it will also fade over time. One's reputation score is measured by its average over time... This is LIKES++.

On message boards, filter and allow privileges based on reputations. Do business based on reputations. Deny certain information based on reputation. Reputation may always be earned or lost.

Breakable encryption != no encryption

[davidwr]

If encryption is breakable with a large amount of effort, then it does several useful things:

* It prevents people without the resources from accessing your mail.
* It may provide short-term security, which may be sufficient.
* It makes those who do have the resources be selective in whose encryption they break.

For example, if it takes a minimum of a week to break the encryption on an encrypted web connection that discusses an embargoed news item that will be published in 6 days, that's good enough.

Another example: If a government wants to crack down on encrypted communications among drug traffickers, but it costs them $10,000,000 for each decryption effort, they will need to pick and choose who they go after.

There are encryption systems that are provably unbreakable without a key, such as a one-time pad. Unfortunately, they are usually not practical to implement correctly.

Re:Breakable encryption != no encryption

[gnick]

If encryption is breakable with a large amount of effort, then it does several useful things...

The definition of a "large amount of effort" regarding computing resources is neither static nor simple. "Large" for LAPD? "Large" for a Chinese bitcoin mine? "Large" for the FBI? "Large" after 5 years of advancements?

Re:Breakable encryption != no encryption

[Bob+the+Super+Hamste]

Strong encryption is usually measured by the energy requirements on an ideal computer. If those energy requirements are on the order of the total energy released from a star over its entire life then it is strong. If it is something that is a sizeable portion of a nation state's total annual energy usage then it isn't strong. Very smart people are figuring out better ways to crack codes so the energy requirement for any cipher do decrease over time until they are so low that DES was cracked in under a day on a $200,000 machine in 2002.

Here is a nice little excerpt from Bruce Schneier's book Applied Cryptography that puts things in perspective on how to think about it. As an added bonus there is the phrase "orgy of computation" included:

One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

Given that k = 1.38×10-16 erg/Kelvin, and that the ambient temperature of the universe is 3.2 Kelvin, an ideal computer running at 3.2 K would consume 4.4×10^-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

Now, the annual energy output of our sun is about 1.21×10^41 ergs. This is enough to power about 2.7×10^56 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2^192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.

But that's just one star, and a measly one at that. A typical supernova releases something like 10^51 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

Re: Breakable encryption != no encryption

[davidwr]

There is no such thing as unbreakable encryption.

A one-time pad, properly implemented, is by definition unbreakable.

Why? Because any given encrypted text, say,
DUOvi3daf6234%#GVYdasf

can be created from any arbitrary same-length input given a specifically crafted key.

In other words, if I'm a prosecutor trying to convince a naive jury that the message above is "KillPresident..." I can come up with a key that will "prove" my point. Likewise, the defense can come up with a key that makes the same encrypted message say "PrezIsGreat!..."

Re:Notice the Arrogance in the Statement?

[MachineShedFred]

I guess I just wonder how the FBI made any other case, ever, without the ability to post-facto dig through any and all communication from the accused. It's not like secure communications are some new concept - it literally goes back many hundreds of years.

What did the FBI forget about investigation since the smartphone era began? And why?

What issue?

[jwhyche]

Since there is no such thing as unbreakable encryption, I fail to see the problem here. Sure, it might take you a trillion years but all encryption can eventually be broken. Just takes time.