Slashdot Mirror
FBI Director: Without Compromise on Encryption, Legislation May Be the 'Remedy' (cyberscoop.com)
An anonymous reader shares a report: FBI Director Christopher Wray said Wednesday that unless the U.S. government and private industry are able to come to a compromise on the issue of default encryption on consumer devices, legislation may be how the debate is ultimately decided. "I think there should be [room for compromise]," Wray said Wednesday night at a national security conference in Aspen, Colorado. "I don't want to characterize private conversations we're having with people in the industry. We're not there yet for sure. And if we can't get there, there may be other remedies, like legislation, that would have to come to bear." Wray described the issue of "Going Dark" because of encryption as a "significant" and "growing" problem for federal, state and local law enforcement as well as foreign law enforcement and intelligence agencies. He claims strong encryption on mobile phones keeps law enforcement from gaining access to key evidence as it relates to active criminal investigations. "People are less safe as a result of it," he said.
More like the government institutions are less safe from the people.
This guy sounds like one of those out of touch eurotrash politicians. STFU and be better at your job asshat.
Either private companies give up our privacy by allowing the government access to our communications...... or laws will be passed FORCING them to give up our privacy.
And we wonder why the United States Government won't pass a law protecting our personal data.
When encryption is outlawed, only outlaws will
-----BEGIN GPG MESSAGE-----
Charset: utf-8
qANQR1DDDQQJAwKQIuGxR9ku8L/SQgH6kXzdtVHv9IwDWcZVsGX5G2UZje9L8VoC
Y6faoCNMAg+Zq8S92arz+DV/yEsZo3jBoCFZBsOPqXOO8ATiMmoSQA==
=7Ce4
-----END GPG MESSAGE-----
Math doesn't have it. If there's a shared key to all our communications, it will sooner or later leak and it will render all encrypted data wide open. Also, I presume that for some reasons Christopher Wray doesn't keep a copy of the keys to his house at some government agency, no?
Governments and often unrelated companies are less privy to our private lives as a result of it. FTFY.
before smartphones came along? Why do they not get that the people don't want them to be able to utilize new technology to make solving crimes any easier than before?
Everyone is guilty of something. The only way the system works is if the balance between cost of prosecution and magnitude of the crime worth prosecuting remains stable (or given that we already incarcerate far more than most, shifts a bit in favor of crime). If prosecution becomes cheaper and easier, we can quickly become a police state without changing any laws.
When encryption has backdoors, then NO ONE will have encryption at all
You CANNOT have 'backdoors' in an encyption algorithm and still have effective encryption, goddamnit!
Clearly the FBI and Congress doesn't give a rat's ass whether or not anyone has secure systems or not, so long as they can stick their little brown noses into everyones business. Who cares if every computer in the country is easily hacked by even script kiddies, everyones identity is stolen, and everyones bank accounts drained and credit cards charged up? The Feds will have 'unbreakable' encryption, as will all elected officials and of course The Rich, they'll all be exempt from it, while the rest of us are wide open to whoever wants to victimize us.
Them, them, FUCK THEM.
They just read your mail illegally, instead.
"People are less safe as a result of it." People are less safe by leaving their room every day. Some things are just expected to be "less safe" but we do them because we want to be more than prisoners.
They keep talking about "compromise" as if Tim Cook and Larry Page have everyone's encryption keys in a file on their laptops that they refuse to hand over for convicted mobsters. That sort of mindset just does not reflect the nature of the situation.
Here is what it ultimately boils down to:
1. The user - and only the user - has the encryption key.
2. Companies are compelled to sell devices that cannot be secured at all, because a 'master key' lives somewhere.
That's it. Those are the two options. There is no way for the phone to verify if there is a warrant, or if the person inputting the master key is truly a law enforcement agent or not, or any other way to ensure the individual using the master key is justified in doing so, or any means of discriminating between a hack and a court order.
If Wray would like to come up with a third option that doesn't ultimately fall into the category of one of the other two, he's welcome to try. Smarter people have failed.
It is not the job of the security services to prevent crime/terrorism/kiddie porn/copyright infringement/whatever. It is their job to investigate after the fact in order to convict those responsible. That's how our justice system works. The only justification for the ability to decrypt all encryption is for (attempted - in reality it will never work) prevention.
After a crime has been committed, in order to obtain evidence, the authorities can always obtain a warrant to compel a device owner to decrypt/unlock a device. If the owner refuses, that's what contempt of court is for. If the device owner is dead, who gives a fuck what's on the phone? If the owner (presumed criminal) is willing to sit in jail indefinitely for refusing to unlock/decrypt, that is an acceptable outcome.
Please, I don't give a rat's ass about what evidence you can or can't gather from devices. It isn't pertinent to the discussion. People should be able to have private conversations that you don't get access to under ANY circumstances for whatever damn reason they please. Go F yourself. You anti-american, anti-democratic, nazi, communist, dick-weed. YOU are the enemy of the people. The "criminals" and "terrorists" are the least of our problems. You are and your ilk are to be feared and removed from office. You are the danger. You are not the solution. You are the problem.
For over two hundred years we didn't have cellphone encryption so there is no reason to start now! If we had a right to encrypted communications the founding fathers would have put it into the Bill of Rights. Just think of all the crimes that would never have been solved if people could have used encrypted cell phones. History has proven one thing the only way to solve crimes is by getting access to personal cell phone data.
Anytime any political type of any stripe says they just want compromise, what they mean is they want capitulation.
that is some weapons grade trolling -- kudos.
Remember when all of those people screamed we should give up our firearms. They're screaming we need to give up our privacy and all other rights as well. Republicans and Democrats are a danger to all of us. Hopefully Trump will destroy the deep state before they destroy him.
Spies and soldiers (especially on the spy side) need as good or better security than I need to talk to my bank. The CIA, military and (Canadian) CSE know it's a trade-off. The FBI and RCMP pitch it as a trivial question with an obvious answer.
For every hard problem there is always one clear, obvious and simple answer.. and it's wrong .
davecb@spamcop.net
Good comments:
"... there is still open source, free and openly available encryption."
"... there are phones moving across political boundaries."
Many people in government and in management of private companies have NO knowledge of technical issues. That doesn't prevent them from having what they consider to be a strong and sensible opinion. They don't recognize they are ignorant.
ALSO: Back doors are not an answer. They will ALWAYS eventually be compromised.
I believe strong encryption protects me against both criminals and my government. We all know criminals are, well criminals! But the bureaucratic leadership of the NSA, DOJ and FBI IS corrupt. And at the moment, FBI Director Christopher Wray and his corrupt partners running the DOJ and NSA are the greatest cyber threat in America.
;)
FBI Director Christopher Wray's statement that "strong encryption on mobile phones keeps law enforcement from gaining access to key evidence" is in my case falling on deaf ears. I do not see a problem here. Things are just as they should be.
And FBI Director Christopher Wray can pound sand. And he IS the weasel I suspected he was.
Just my 2 cents
I'll get modded to hell for this, but I kind of agree with him?
Most people I know have no qualms about the way old-school wire-taps worked.
Law enforcement got a warrant from a judge, and only if the judge thought that there's enough reason to suspect the target is on to something, only THEN could they hook into a user's phone lines or open their mail. (or at least that's how it was supposed to work).
This, IMHO, seems like a good balance between the right to privacy and law enforcement needs, and has enough judicial oversight to not be easily abused.
I have no idea how one could implement a similar scheme nowadays. Backdoors are dangerous, and the oversight mechanisms have been broken for quite a while (just say "it's for national security!"). But having some means for the 'good' guys, with sufficient oversight, to be able to use surveillance to catch the baddies doesn't seem too bad to me?
Like the old export restrictions on strong cryptography, is USA going to ban imports of strong cryptography?
"I'm sorry, you can enter USA with your phone, it's too secure. Dispose of it or get back on the plane home"
Correction - they want the ability to illegally invade our privacy *back* - they've been invading it at will for many decades, and for the last couple decades have been doing it at a scale and invasiveness to dwarf anything ever before seen in all but the most dystopian fantasies. The rise of encryption has been a direct response to that unbridled power grab, and now they're trying to cast off those unwelcome limits on their unsupervised power. I mean hell, when they flat out lie to Congress about their activities, repeatedly, you've got to realize that they are no longer in any way a legitimate government agency.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Back before the days of cell phones, judges could give prosecutors the ability to (1) break into someone's house, (2) install a device like these and then collect data.
You could also take someone's smart phone, root it, and install a surveillance software (with the same due process above). Even with encryption, if I have access to your phone (and it's unlocked -- figuring out a 6 key pass-code by spying isn't exactly James Bond's hardest mission) I would have access to your private key to decrypt said messages.
What law enforcement wants here are not the old rights they've always had -- but new ones. As the late Antonin Scalia wrote for the unanimous court regarding the unconstitutionality of planting a GPS device without a warrant:
“What we apply is an 18th century guarantee against unreasonable searches, which we believe must provide at a minimum the degree of protection it afforded when it was adopted,”
-- Political fascism requires a Fuhrer.
Comment removed based on user account deletion
Any claims by the government that they can keep their hacking tools / backdoors secure were disproved by the Snowden data theft. Whatever the excuse, someone was able to steal extremely sensitive data from the NSA. Is there any real reason to think that other intelligence or law enforcement agencies would do a better job? So any tools the government has are likely to end up in the hands of other (possibly enemy) governments, and in the hands of organized crime.
The government has lost its credibility on this for a very long time.
So no, I do not believe the world will be a better place when no American's information is secure.
In addition, even if the government could be trusted to secure the information, I do not want to give them the power that that information represents. Governments can go bad, and open access to everyone secrets in the country is not a weapon that I trust in anyone's hands. I accept that the result of this is a higher rate of ordinary crime and terrorism. As things sit in the US now, that is a bargain that I am happy to accept.
Hehehehe, I know enough to know how difficult it is to actually get right as it comes very much down to the details. Just throwing a few s-boxes that look good into a Feistel-network will _not_ cut it. Puts me far ahead of you, apparently. But I also have enough understanding to see how even absolute experts can fail at it. As examples, the AES competition or the password hashing challenge were quite instructive.
At this time, rolling your own crypto (unless you are one of maybe 100 people on the planet that really know how to do it) is a pretty sure way to failure. Recommending to people to do it is active sabotage and can only be called malicious. The other thing is that it is useless to do so anyways, because what are you going to use it for? For communication it has no worth, because others would need to use it as well. That would automatically make it a target for those that want to break it. For file/disk-encryption, if you are concerned, just layer a few algorithms with independent keys. If you actually knew how this works, you would know that there is no way in hell to break into something like this (done right of course).
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
This is untrue. Scholars in the middle ages were mistaken about many aspects of cosmology, to be sure, but the whole flat Earth business is a myth in more ways than one. First, it's important to understand that there were no official dogmas on these matters. But setting that fact aside (which requires a discussion of how dogma, canons, and councils work), there's a more directly relevant fact. The major Christian teachers during the middle ages treated the world as spherical. Hell, even the guys who objected to Galileo in later years thought of the world as spherical.
The reasons for this have to with the Aristotelian physics to which the objectors to Galileo were regrettably too committed. To oversimplify their position: earth (dirt, minerals, etc.) and water goes down; air and fire go up. If the former go down from all directions and the latter go up, you cannot but have a spherical planet with airy, firey (and quintessential!) things above it. Indeed, the objection to Galileo is based partly on this Aristotelian understanding of the elements (How can the Earth be moving in a circular fashion if the natural motion of its primary constituent--earth--is simply down?). To be sure, we have a better understanding of physics today than did the scholastic disciples of Aristotle, but I hope you can see that even in their view a flat Earth is incoherent.
TL;DR: Neither the Church nor educated medieval folk in general bought into any flat Earth nonsense. This is merely a popular myth. Modern flat Earthers are even behind Aristotle (d. 322 B.C.) on this one. Now, whether the spherical Earth was thought of as moving or fixed in the center of the universe is another story altogether...
P.s. I only offer this lengthy correction because sometimes I fear we give modern flat Earthers the appearance of having even more credit than they deserve. Conspiratorial minds can dismiss claims of what we can discover with government funded rockets and satellites. "No one believed this round earth stuff until the government forced it on us all and fabricated the evidence!" My response is something along the lines of, "Come on. Medieval people knew the Earth was round. Eratosthenes had a pretty good estimation of its size, given the limited tools he was working with. Come join the third century B.C., will you? Grab a pocket calculator and look down a well."
It was Indiana and a bit more than ten years. It was proposed by Indiana physician and amateur mathematician Dr. Edwin J. Goodwin, Bill #246.....in 1897. It became known as the Indiana Pi Bill.
I had never heard of this, so this thread got me curious.
https://en.wikipedia.org/wiki/Indiana_Pi_Bill
Donald Trump, on a crusade to make Nixon look respectable
His statement that there's room for compromise is correct. The compromise is that law enforcement accepts that default encryption is in place, it's going to keep getting better, and they're not going to get to dictate or legislate anything about it.
The lame "it makes it harder to do our jobs" doesn't fly. The numbers are against them. The total number of people using devices with default encryption vs the number of devices they want to encrypt makes their sample statistically insignificant.
People want secure encryption. Not "secure except for anyone who has the keys to decrypt it under dubious circumstances" encryption. Companies know that and they're going with what their customers want.
There's an entire division of government dedicated to doing things like breaking encryption. Let them earn their paychecks by working on ways to break encryption. If they can't then that's not the consumer's problem.
Demanding less secure encryption is a slippery slope. If they can force it to happen then they've got precedent for other kinds of default access. Key locks? Need a master key for those so we can enter without constraint. Vehicles? Master key. Email? Master key/default access.
You can't give up one kind of security without putting every other one at risk.