Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Director: Without Compromise on Encryption, Legislation May Be the 'Remedy' (cyberscoop.com)

Posted by msmash on from the where-things-are-going dept.

An anonymous reader shares a report: FBI Director Christopher Wray said Wednesday that unless the U.S. government and private industry are able to come to a compromise on the issue of default encryption on consumer devices, legislation may be how the debate is ultimately decided. "I think there should be [room for compromise]," Wray said Wednesday night at a national security conference in Aspen, Colorado. "I don't want to characterize private conversations we're having with people in the industry. We're not there yet for sure. And if we can't get there, there may be other remedies, like legislation, that would have to come to bear." Wray described the issue of "Going Dark" because of encryption as a "significant" and "growing" problem for federal, state and local law enforcement as well as foreign law enforcement and intelligence agencies. He claims strong encryption on mobile phones keeps law enforcement from gaining access to key evidence as it relates to active criminal investigations. "People are less safe as a result of it," he said.

15 of 393 comments (clear)

  1. "People are less" by Loon911 · · Score: 5, Insightful

    More like the government institutions are less safe from the people.

    1. Re:"People are less" by saloomy · · Score: 5, Insightful

      This is stupid. Even if legislation came to bear, there is still open source, free and openly available encryption. The cat is out of the bag. Further more, there are phones moving across political boundaries. Are you going to mandate foreigners disable encryption when they enter the country?

    2. Re:"People are less" by Anonymous Coward · · Score: 5, Insightful

      People are less safe because we wear non-transparent clothes. We are less safe because are houses aren't made of glass.

    3. Re:"People are less" by Chas · · Score: 5, Insightful

      Sorry, but less safe than WHAT?

      Sure, some people might have their safety compromised by encryption stopping law enforcement.
      But how many people's safety is going to be endangered by mandating lack of encryption or that encryption violate MATH and back doors be put in "just for the good guys"? Because those back doors WILL be found and WILL be used! And not just by the "good guys". If there IS any such thing.

      There is NO such thing as perfect safety. And anyone selling you that is blowing smoke up your ass. With a leaf blower.

      Given the choice between freedom and safety, I'll take freedom. Thanks.

      --


      Chas - The one, the only.
      THANK GOD!!!
  2. So either way..... we don't have privacy. by Puls4r · · Score: 5, Insightful

    Either private companies give up our privacy by allowing the government access to our communications...... or laws will be passed FORCING them to give up our privacy.

    And we wonder why the United States Government won't pass a law protecting our personal data.

    1. Re:So either way..... we don't have privacy. by mrclmn · · Score: 5, Insightful

      Compromise is an interesting word choice. Indeed everything will be compromised.

    2. Re:So either way..... we don't have privacy. by AHuxley · · Score: 5, Insightful

      The phone and any devices in a dwelling will be used to collect it all.
      The level of encryption US brands had the staff to work on is not of good quality.
      So the FBI can get into it all as it always did.

      The legal side is the real question for the FBI.
      Collect it all and then never tell lawyers, press, other police, experts?
      That fully protects FBI crypto methods from human rights lawyers, political activist media, cults, faith groups, police who give information to criminals, gov/mil staff with a split loyalty to the USA.
      The down side is the risk then needed to create another way to start an investigation. To get a plea bargain, create an informant.

      The other way is to go full NSA and DEA. Let the USA know everyone is getting collected on domestically and with public/private partnerships.
      Two very different methods that have the US gov totally in all communications.
      One will see a person confronted with their cell phone use.
      Another method will see full parallel construction, the use of informants to hide the collect it all US crypto ability.

      A huge internal struggle in the FBI. To collect and collect on every hop of communications for years and always win.
      To get human rights lawyers looking over sensitive US domestic collection methods, collection results and ensuring such methods are talked about.

      Does the FBI want to be as skilled as the GCHQ was at keeping methods hidden for decades? Total winning but nobody will ever know.
      Have key evidence and active criminal investigation methods sold and given away by lawyers, cult members, criminals, police working with criminals?
      To have US ISP and big brand staff know how the FBI breaks crypto and sell such methods to criminals, other nations?
      To have police and city workers under watch by any criminal groups, cults able to buy the same crypto collection methods?
      Once junk US crypto is broken for police, everyone interesting can afford a key.

      --
      Domestic spying is now "Benign Information Gathering"
  3. Nope by Artem+S.+Tashkinov · · Score: 5, Insightful

    room for compromise

    Math doesn't have it. If there's a shared key to all our communications, it will sooner or later leak and it will render all encrypted data wide open. Also, I presume that for some reasons Christopher Wray doesn't keep a copy of the keys to his house at some government agency, no?

    People are less safe as a result of it,

    Governments and often unrelated companies are less privy to our private lives as a result of it. FTFY.

  4. SAY IT ALL WITH ME, NOW: by Rick+Schumann · · Score: 5, Insightful

    When encryption has backdoors, then NO ONE will have encryption at all

    You CANNOT have 'backdoors' in an encyption algorithm and still have effective encryption, goddamnit!

    Clearly the FBI and Congress doesn't give a rat's ass whether or not anyone has secure systems or not, so long as they can stick their little brown noses into everyones business. Who cares if every computer in the country is easily hacked by even script kiddies, everyones identity is stolen, and everyones bank accounts drained and credit cards charged up? The Feds will have 'unbreakable' encryption, as will all elected officials and of course The Rich, they'll all be exempt from it, while the rest of us are wide open to whoever wants to victimize us.

    Them, them, FUCK THEM.

    1. Re:SAY IT ALL WITH ME, NOW: by gweihir · · Score: 5, Insightful

      The thing is that people like this guy have no clue what a "fact" is. He thinks it all comes down to power and that, given enough power, a certain "reality" can be enforced. It is a typical mental defect found in basically any fanatics. A still very instructive example of that is when the catholic church tried to force the world to be flat. They had absolutely no understanding that the shape of the planet did not care about them one bit and that all their power had zero influence on reality.

      Still, people like that in position of power is a sign of a sick society. It is a severe problem.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  5. Less safe.. great argument.... by SmaryJerry · · Score: 5, Insightful

    "People are less safe as a result of it." People are less safe by leaving their room every day. Some things are just expected to be "less safe" but we do them because we want to be more than prisoners.

  6. A very binary issue by Voyager529 · · Score: 5, Insightful

    They keep talking about "compromise" as if Tim Cook and Larry Page have everyone's encryption keys in a file on their laptops that they refuse to hand over for convicted mobsters. That sort of mindset just does not reflect the nature of the situation.

    Here is what it ultimately boils down to:

    1. The user - and only the user - has the encryption key.
    2. Companies are compelled to sell devices that cannot be secured at all, because a 'master key' lives somewhere.

    That's it. Those are the two options. There is no way for the phone to verify if there is a warrant, or if the person inputting the master key is truly a law enforcement agent or not, or any other way to ensure the individual using the master key is justified in doing so, or any means of discriminating between a hack and a court order.

    If Wray would like to come up with a third option that doesn't ultimately fall into the category of one of the other two, he's welcome to try. Smarter people have failed.

  7. Re:Legislation can't stop open source by Anonymous Coward · · Score: 5, Insightful

    Problem with "give us the key or go to jail" is...what if you don't have the key?

    What's to stop someone sending me some encrypted communication with a public key that I don't have access to?

  8. Compromise my ass. by catsRus · · Score: 5, Insightful

    Anytime any political type of any stripe says they just want compromise, what they mean is they want capitulation.

  9. Encryption is ALWAYS available. by Futurepower(R) · · Score: 5, Insightful

    Good comments:

    "... there is still open source, free and openly available encryption."

    "... there are phones moving across political boundaries."

    Many people in government and in management of private companies have NO knowledge of technical issues. That doesn't prevent them from having what they consider to be a strong and sensible opinion. They don't recognize they are ignorant.

    ALSO: Back doors are not an answer. They will ALWAYS eventually be compromised.