FBI Director: Without Compromise on Encryption, Legislation May Be the 'Remedy'

An anonymous reader shares a report: FBI Director Christopher Wray said Wednesday that unless the U.S. government and private industry are able to come to a compromise on the issue of default encryption on consumer devices, legislation may be how the debate is ultimately decided. "I think there should be [room for compromise]," Wray said Wednesday night at a national security conference in Aspen, Colorado. "I don't want to characterize private conversations we're having with people in the industry. We're not there yet for sure. And if we can't get there, there may be other remedies, like legislation, that would have to come to bear." Wray described the issue of "Going Dark" because of encryption as a "significant" and "growing" problem for federal, state and local law enforcement as well as foreign law enforcement and intelligence agencies. He claims strong encryption on mobile phones keeps law enforcement from gaining access to key evidence as it relates to active criminal investigations. "People are less safe as a result of it," he said.

"People are less"

[Loon911]

More like the government institutions are less safe from the people.

Re:"People are less"

[saloomy]

This is stupid. Even if legislation came to bear, there is still open source, free and openly available encryption. The cat is out of the bag. Further more, there are phones moving across political boundaries. Are you going to mandate foreigners disable encryption when they enter the country?

Re:"People are less"

The little bitch is saying "do what we want or we'll make a law forcing you to do what we want".

Christopher Wray is a weak-ass piece of shit who is trying to make a power grab. Someone ought to beat the shit out of that wimp.

Re:"People are less"

People are less safe because we wear non-transparent clothes. We are less safe because are houses aren't made of glass.

Re:"People are less"

[Chas]

Sorry, but less safe than WHAT?

Sure, some people might have their safety compromised by encryption stopping law enforcement.
But how many people's safety is going to be endangered by mandating lack of encryption or that encryption violate MATH and back doors be put in "just for the good guys"? Because those back doors WILL be found and WILL be used! And not just by the "good guys". If there IS any such thing.

There is NO such thing as perfect safety. And anyone selling you that is blowing smoke up your ass. With a leaf blower.

Given the choice between freedom and safety, I'll take freedom. Thanks.

Re:"People are less"

[jpaine619]

No. The 2nd Amendment is a right enjoyed by citizens. Banning the export of any weapon doesn't affect anyone's 2nd Amendment rights... Banning the importation... well, you could make an argument there...But not the other way around

(disclaimer: I am pro 2nd amendment)

Re:"People are less"

When the government fear the people, there is democracy... the other way around, there is tyranny.

20 years ago there where no phones which contained "mother-loads of evidence". Yet criminals were caught.
"Finding" this self-incriminating evidence should be banned altogether, just as you can use the 5th amendment. Anything you say to law enforcement _will_ be used against you, anything in your favor is just "hearsay" and non-admissible. Governments have no intrinsic right to know everything about you.
There are plenty of crooked politicians and corporations to keep law enforcement busy for years. They are not interested in justice, just statistics and fat pensions.

Re:"People are less"

[Opportunist]

Have you considered the impact on your economy? Why, tell me, should I store my data in your insecure country? Why should I do business in your country when I have to pretty much assume that anyone can intercept my communication? Furthermore, how easy do you intentionally make it for foreign competitors to spy on sensitive data and communication of your companies?

And that's just the tip of the ice berg.

You are crippling your economy in this time and age if you disallow encryption. Communication via the internet cannot be beat in terms of speed and price. Yes, it is possible to establish mostly secure communication without opening your communication to eavesdropping, but the cost alone would ruin your chance to be competitive internationally.

If you think the Chinese are stealing your trade secrets now already that you CAN encrypt, you ain't seen nothing yet.

how many times does this have to be debunked?

This guy sounds like one of those out of touch eurotrash politicians. STFU and be better at your job asshat.

Re:how many times does this have to be debunked?

[Aighearach]

He might just be admitting that if they can't convince the companies to do what they want, Congress will have to pass a law ordering them to stop trying, which will totally solve the problem.

He's not in Congress, he's in the Executive Branch, so there is no reason to think that he thinks he'd be choosing which type of legislation is needed to fix the problem. And anyways, according to the Constitution there might be only one direction that Congress can even move to settle it! They're certainly not going to pass a law telling us what content can be produced on a press.

So either way..... we don't have privacy.

[Puls4r]

Either private companies give up our privacy by allowing the government access to our communications...... or laws will be passed FORCING them to give up our privacy.

And we wonder why the United States Government won't pass a law protecting our personal data.

Re:So either way..... we don't have privacy.

[mrclmn]

Compromise is an interesting word choice. Indeed everything will be compromised.

Re:So either way..... we don't have privacy.

[youngone]

I'm not sure that's really what the FBI want.
It may be that they just want a law that they can use to charge people even if they have no real evidence of any other crimes, like the "Lying to the FBI" laws.

Re:So either way..... we don't have privacy.

[AHuxley]

The phone and any devices in a dwelling will be used to collect it all.
The level of encryption US brands had the staff to work on is not of good quality.
So the FBI can get into it all as it always did.

The legal side is the real question for the FBI.
Collect it all and then never tell lawyers, press, other police, experts?
That fully protects FBI crypto methods from human rights lawyers, political activist media, cults, faith groups, police who give information to criminals, gov/mil staff with a split loyalty to the USA.
The down side is the risk then needed to create another way to start an investigation. To get a plea bargain, create an informant.

The other way is to go full NSA and DEA. Let the USA know everyone is getting collected on domestically and with public/private partnerships.
Two very different methods that have the US gov totally in all communications.
One will see a person confronted with their cell phone use.
Another method will see full parallel construction, the use of informants to hide the collect it all US crypto ability.

A huge internal struggle in the FBI. To collect and collect on every hop of communications for years and always win.
To get human rights lawyers looking over sensitive US domestic collection methods, collection results and ensuring such methods are talked about.

Does the FBI want to be as skilled as the GCHQ was at keeping methods hidden for decades? Total winning but nobody will ever know.
Have key evidence and active criminal investigation methods sold and given away by lawyers, cult members, criminals, police working with criminals?
To have US ISP and big brand staff know how the FBI breaks crypto and sell such methods to criminals, other nations?
To have police and city workers under watch by any criminal groups, cults able to buy the same crypto collection methods?
Once junk US crypto is broken for police, everyone interesting can afford a key.

Re:Legislation can't stop open source

Actually it can. The solution: give us the key or go to jail. Or even better, give us the key or we'll hit you with this $5 wrench. https://xkcd.com/538/

Nope

[Artem+S.+Tashkinov]

room for compromise

Math doesn't have it. If there's a shared key to all our communications, it will sooner or later leak and it will render all encrypted data wide open. Also, I presume that for some reasons Christopher Wray doesn't keep a copy of the keys to his house at some government agency, no?

People are less safe as a result of it,

Governments and often unrelated companies are less privy to our private lives as a result of it. FTFY.

How did they ever solve a case

[RhettLivingston]

before smartphones came along? Why do they not get that the people don't want them to be able to utilize new technology to make solving crimes any easier than before?

Everyone is guilty of something. The only way the system works is if the balance between cost of prosecution and magnitude of the crime worth prosecuting remains stable (or given that we already incarcerate far more than most, shifts a bit in favor of crime). If prosecution becomes cheaper and easier, we can quickly become a police state without changing any laws.

Re: How did they ever solve a case

[tinkerghost]

Before smart phones, your entire life wasn't on a single, easy to read device - a device that happens to keep things you delete so that even years later that document you deleted can often be retrieved - not something that could happen with that letter you shredded and tossed in the trash a year ago.

SAY IT ALL WITH ME, NOW:

[Rick+Schumann]

When encryption has backdoors, then NO ONE will have encryption at all

You CANNOT have 'backdoors' in an encyption algorithm and still have effective encryption, goddamnit!

Clearly the FBI and Congress doesn't give a rat's ass whether or not anyone has secure systems or not, so long as they can stick their little brown noses into everyones business. Who cares if every computer in the country is easily hacked by even script kiddies, everyones identity is stolen, and everyones bank accounts drained and credit cards charged up? The Feds will have 'unbreakable' encryption, as will all elected officials and of course The Rich, they'll all be exempt from it, while the rest of us are wide open to whoever wants to victimize us.

Them, them, FUCK THEM.

Re:SAY IT ALL WITH ME, NOW:

[gweihir]

The thing is that people like this guy have no clue what a "fact" is. He thinks it all comes down to power and that, given enough power, a certain "reality" can be enforced. It is a typical mental defect found in basically any fanatics. A still very instructive example of that is when the catholic church tried to force the world to be flat. They had absolutely no understanding that the shape of the planet did not care about them one bit and that all their power had zero influence on reality.

Still, people like that in position of power is a sign of a sick society. It is a severe problem.

Re:SAY IT ALL WITH ME, NOW:

[drinkypoo]

It's not about brown noses, it's about brown shirts.

It's not about the rich, it's about the Reich.

Less safe.. great argument....

[SmaryJerry]

"People are less safe as a result of it." People are less safe by leaving their room every day. Some things are just expected to be "less safe" but we do them because we want to be more than prisoners.

A very binary issue

[Voyager529]

They keep talking about "compromise" as if Tim Cook and Larry Page have everyone's encryption keys in a file on their laptops that they refuse to hand over for convicted mobsters. That sort of mindset just does not reflect the nature of the situation.

Here is what it ultimately boils down to:

1. The user - and only the user - has the encryption key.
2. Companies are compelled to sell devices that cannot be secured at all, because a 'master key' lives somewhere.

That's it. Those are the two options. There is no way for the phone to verify if there is a warrant, or if the person inputting the master key is truly a law enforcement agent or not, or any other way to ensure the individual using the master key is justified in doing so, or any means of discriminating between a hack and a court order.

If Wray would like to come up with a third option that doesn't ultimately fall into the category of one of the other two, he's welcome to try. Smarter people have failed.

Re:A very binary issue

[gweihir]

They keep talking about "compromise" as if Tim Cook and Larry Page have everyone's encryption keys in a file on their laptops that they refuse to hand over for convicted mobsters. That sort of mindset just does not reflect the nature of the situation.

These people have no understanding of reality. They are fanatics. They live in a fantasy-world where the powerful dictate reality and reality complies. They have no understanding of what a "fact" is and think they can just threaten it long enough and it will change.

Re:Legislation can't stop open source

Problem with "give us the key or go to jail" is...what if you don't have the key?

What's to stop someone sending me some encrypted communication with a public key that I don't have access to?

Compromise my ass.

[catsRus]

Anytime any political type of any stripe says they just want compromise, what they mean is they want capitulation.

Keep voting for "tough on crime" politicians

[rsilvergun]

and he'll get his legislation.

Re:Legislation can't stop open source

[youngone]

There's nothing to stop you doing just that A/C, just like there will be nothing stopping the FBI charging you with using unlawful encryption if you do.
Your choice.

FBI vs the NSA and Armed Forces

[davecb]

Spies and soldiers (especially on the spy side) need as good or better security than I need to talk to my bank. The CIA, military and (Canadian) CSE know it's a trade-off. The FBI and RCMP pitch it as a trivial question with an obvious answer.

For every hard problem there is always one clear, obvious and simple answer.. and it's wrong .

Encryption is ALWAYS available.

[Futurepower(R)]

Good comments:

"... there is still open source, free and openly available encryption."

"... there are phones moving across political boundaries."

Many people in government and in management of private companies have NO knowledge of technical issues. That doesn't prevent them from having what they consider to be a strong and sensible opinion. They don't recognize they are ignorant.

ALSO: Back doors are not an answer. They will ALWAYS eventually be compromised.

I can understand where he's coming from..

[schweini]

I'll get modded to hell for this, but I kind of agree with him?

Most people I know have no qualms about the way old-school wire-taps worked.
Law enforcement got a warrant from a judge, and only if the judge thought that there's enough reason to suspect the target is on to something, only THEN could they hook into a user's phone lines or open their mail. (or at least that's how it was supposed to work).
This, IMHO, seems like a good balance between the right to privacy and law enforcement needs, and has enough judicial oversight to not be easily abused.

I have no idea how one could implement a similar scheme nowadays. Backdoors are dangerous, and the oversight mechanisms have been broken for quite a while (just say "it's for national security!"). But having some means for the 'good' guys, with sufficient oversight, to be able to use surveillance to catch the baddies doesn't seem too bad to me?

Re:I can understand where he's coming from..

[drinkypoo]

There is no way to let the government read your secure files without making it easier for other parties to do the same. The government you have today may not be the government you have tomorrow. That's two reasons why it is too bad. One should suffice...

Re: settled

[Immerman]

Correction - they want the ability to illegally invade our privacy *back* - they've been invading it at will for many decades, and for the last couple decades have been doing it at a scale and invasiveness to dwarf anything ever before seen in all but the most dystopian fantasies. The rise of encryption has been a direct response to that unbridled power grab, and now they're trying to cast off those unwelcome limits on their unsupervised power. I mean hell, when they flat out lie to Congress about their activities, repeatedly, you've got to realize that they are no longer in any way a legitimate government agency.

Phone tapping the old fashioned way

[Prien715]

Back before the days of cell phones, judges could give prosecutors the ability to (1) break into someone's house, (2) install a device like these and then collect data.

You could also take someone's smart phone, root it, and install a surveillance software (with the same due process above). Even with encryption, if I have access to your phone (and it's unlocked -- figuring out a 6 key pass-code by spying isn't exactly James Bond's hardest mission) I would have access to your private key to decrypt said messages.

What law enforcement wants here are not the old rights they've always had -- but new ones. As the late Antonin Scalia wrote for the unanimous court regarding the unconstitutionality of planting a GPS device without a warrant:
“What we apply is an 18th century guarantee against unreasonable searches, which we believe must provide at a minimum the degree of protection it afforded when it was adopted,”