FBI Director: The Internet Is The Most Dangerous Parking Lot Imagineable
from the james-comey:-bad-at-analogies dept
FBI Director James Comey was on 60 Minutes on Sunday, in a segment that will continue next week as well. Apparently next week is when we'll find out his views on mobile encryption and whether or not the FBI is spying on all of us, but this week, he gave us a tiny hint towards the end of the segment, in which he discusses why the internet is so dangerous. As far as I can tell, the summary is "don't open attachments" (i.e., the same advice that you've been hearing for a decade, and which has little to do with many internet threats today):Scott Pelley: Do people understand, in your estimation, the dangers posed by cybercrime and cyber espionage?About the only thing I get from all this is that FBI Director James Comey is bad at analogies. Yes, you shouldn't click on attachments from unknown people, and you should even be careful about attachments from known folks. But that makes the internet the "most dangerous parking lot imaginable"? Perhaps the other thing I've learned is that James Comey doesn't have a very strong imagination.
James Comey: I don't think so. I think there's something about sitting in front of your own computer working on your own banking, your own health care, your own social life that makes it hard to understand the danger. I mean, the Internet is the most dangerous parking lot imaginable. But if you were crossing a mall parking lot late at night, your entire sense of danger would be heightened. You would stand straight. You'd walk quickly. You'd know where you were going. You would look for light. Folks are wandering around that proverbial parking lot of the Internet all day long, without giving it a thought to whose attachments they're opening, what sites they're visiting. And that makes it easy for the bad guys.
Scott Pelley: So tell folks at home what they need to know.
James Comey: When someone sends you an email, they are knocking on your door. And when you open the attachment, without looking through the peephole to see who it is, you just opened the door and let a stranger into your life, where everything you care about is.
Scott Pelley: And what might that attachment do?
James Comey: Well, take over the computer, lock the computer, and then demand a ransom payment before it would unlock. Steal images from your system of your children or your, you know, or steal your banking information, take your entire life.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: attachments, cybersecurity, internet, james comey
Reader Comments
Subscribe: RSS
View by: Time | Thread
How am I even alive?
[ link to this | view in chronology ]
Re: How am I even alive?
[screeech...boing...boing...click...screeech....ping...dong]
Welcome. You've been DDOSed
[ link to this | view in chronology ]
Re: How am I even alive?
[ link to this | view in chronology ]
Re: Re: How am I even alive?
[ link to this | view in chronology ]
Re: Re: How am I even alive?
Especially since he's always hanging out around the pool telling everyone the pool is closed because AIDS. Wish he would get a job already.
[ link to this | view in chronology ]
Re: How am I even alive?
Wrong parking lot?
[ link to this | view in chronology ]
It's just metadata.
[ link to this | view in chronology ]
Be afraid! fresh from the FUD factory
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Let's extend the metaphor!
Except when it's the secret police. They don't need to knock on your door, because they routinely come into your house without you noticing. Sometimes they go through your things, sometimes they install cameras to watch you shower, sometimes they might even install a secret door into your basement. They might take pictures of you or your children sleeping, try on your underclothes, or look for evidence that the non-secret police can use to get a warrant.
Letting a stranger into your house without knowing them is, indeed, a bad idea. Having that stranger sneak into and out of your house without your knowledge or consent is an even worse idea. Having government agents do it without a warrant is also problematic.
[ link to this | view in chronology ]
Re: Let's extend the metaphor!
Problematic? Not for us! Not a problem at all!
- James Comey
[ link to this | view in chronology ]
Hacktivists
Like, people who organize online sit-ins are just as dangerous as ISIL and child rapists.
[ link to this | view in chronology ]
Re: Hacktivists
Finally someone admits what we all knew already! (Well, those of us who work in "security" and have an IQ below **Canadian** room temperature...)
[ link to this | view in chronology ]
If the internet is a dangerous parking lot, then you and your fellow agencies are the groups who roam the parking lot spying and detaining EVERYONE they run into, whether they are "bad guys" or people minding their own business.
Yes, this analogy is substandard, but your analogy is fundamentally worse, given your position.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
http://www.theguardian.com/uk-news/2014/oct/06/digital-freedoms-terrorism-crime-uk
(Sample: "Britons must accept a greater loss of digital freedoms in return for greater safety from serious criminals and terrorists in the internet age, according to the country’s top law enforcement officer." )
and I find more of the same. Is there a concerted PR campaign or there a concerted PR campaign ? That's what I think too.
[ link to this | view in chronology ]
True only if you've made bad choices
First, if attachments from anyone are dangerous to you, then they're dangerous from everyone. There are a kazillion compromised email accounts today, there will be more tomorrow, and heck, attackers don't even need to compromise an email account to plausibly impersonate "someone you know": a random email address at a random freemail provider with the right name attached to it will probably work.
Second, if attachments are dangerous to you, that's because you've chosen a poor email client, a poor application set, a poor operating system, or some combination of the three. The canonical example of this is course Outlook on Windows, but there are others. If you've made a set of poor choices like this, then you've set yourself up to fail, and it's only a matter of time until you do.
Oh, you can layer on anti-virus software (which won't work) and you can set up filters (which won't work) and you can tweak the settings on the server side (which won't work) and you can try to be hyper-vigilant (which won't work). If you actually want to address the problem rather than merely (futilely) try to wallpaper over it and hope it won't surface, then you need to make better choices up front...which isn't that hard.
Unfortunately, few people do that, which is why the "attachments are dangerous" concept persists. (Now...some attachments are annoying, because they chew up bandwidth and space and serve no useful purpose, but that's a different problem.)
[ link to this | view in chronology ]
I don't know, I can imagine some pretty scary parking lots. Like the FBI lot with Mr. Comey trying to drive a Google self-drive car...
[ link to this | view in chronology ]
It's not a series of tubes
But the Internet is not a car. It's a big truck.
[ link to this | view in chronology ]
And that's what "Democracy" means.
[ link to this | view in chronology ]
the fbi lol
[ link to this | view in chronology ]
Block the FBI
Shame on you Mr. Comey for not being completely honest.
[ link to this | view in chronology ]
-James Comey
*shovels more American data into datacenter
[ link to this | view in chronology ]
re: True only if you've made bad choices
> you need to make better choices up front...which isn't that hard.
I beg to differ:
1) if one has, as you say, "made a poor choice", it is because of the available choices and risk information. There are very few people who, given a set of options, will deliberately choose "poorly". Some poor choices are avoidable. Some are not.
Telling someone, for instance, that "they've chosen a poor operating system" (one of your choices, above) is asinine: changing an operating system is not an option for most of the devices of most of the world. I probably don't need to enumerate the obstacles. Just let me say that running your own private patched mail server with SpamAssassin (et al) is not feasible for most people.
Telling someone they've made a poor choice may make you feel superior, but it is unlikely to improve the case for your victim. Telling someone "look here for information about..." - before they've made that choice - is much more productive.
2) You make the assumption that all the risks are known - or knowable - beforehand. This is not true.
Case in point: Heartbleed. "Well, son, it looks like you've chosen a poor SSL implementation..." Yeah.
[ link to this | view in chronology ]
Re: re: True only if you've made bad choices
As to informing people of better choices, some of us have been doing exactly that for years, in varying ways, with varying recommendations. I don't see that as the problem: I see the stubborn unwillingness to learn something that's mildly different as a much larger obstacle. (e.g. I've actually had people tell me, with a straight face, that switching from Outlook to Thunderbird was "too hard".)
2. No, I don't assume that all the risks are known/knowable: that's exactly why I attempt to minimize exposure to the set of risks that aren't present known and may not be known until some indefinite time in the future. Your point about Heartbleed is well taken -- BUT that still wouldn't excuse making known-bad choices today.
Hmmm. Didn't say that well. Let me rephrase: if we have in front of us choices that we know today are good, mediocre and horrible, we should choose "good" NOT because we believe it will still be the best choice two years in the future -- we have no way to know that -- but because it's the best choice today, based on the evidence in front of us. (Of course we should revisit that decision periodically: things change. And we should be prepared to change again should it become necessary.)
[ link to this | view in chronology ]
Re: Re: re: True only if you've made bad choices
And you think people like that might decide to switch operating systems?
[ link to this | view in chronology ]
I am Comey
[ link to this | view in chronology ]
Nor do you if your best criticism is that he's bad at analogies. Journalism!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Bawk! Careful though, if you challenge Mike too much, he'll go to great lengths to censor you while denying that he's doing so. 'Tis the TD way.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Mike admit, well, anything? You're kidding, right?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Keep in mind that free speech means you can say what you like, it doesn't protect you from looking like an idiot, nor does it force anyone to read what you said.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Which is why people will continue to flag all his posts without wasting time to actually see what he wrote.
[ link to this | view in chronology ]
Re: Re: Re:
Clicks *report *
You're welcome, keep it up, dude.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Didn't take long before you started showing your feathers again.
Anyone can tell there's no point in having an honest discussion with you, because your first instinct is to call everyone who doesn't agree with you a filthy pirate.
Seriously, fuck off the wife's laptop. You're not fooling anyone.
[ link to this | view in chronology ]
James Comey is the most dangerous man in America
This is the man that organized crime figures want to be when they grow up.
[ link to this | view in chronology ]
He is not bad at analogies...
He even mixes metaphors. Saying that the internet is the most dangerous parking lot imaginable and then saying that receiving an e-mail is somehow like getting a knock on your door is just confusing and betrays the kind of confused and non-analytical thinking that gets undergraduates F's in logic and English composition.
[ link to this | view in chronology ]
Re: He is not bad at analogies...
[ link to this | view in chronology ]
In other words anything that a free society would support is dangerous for those that are trying to turn America into a totalitarian run nightmare.
[ link to this | view in chronology ]
one question....
[ link to this | view in chronology ]
Re: one question....
[ link to this | view in chronology ]
If the internet is the parking lot I have the best alarm system
[ link to this | view in chronology ]
[ link to this | view in chronology ]
dangerous
Quick, close down all parking lots......(or at least only have parking lots approved by the government, monitored at all times, and only for those who can afford to pay for the 'improvements'.
[ link to this | view in chronology ]
You know, he's so right about the danger of parking lots. I was considering going to the mall the other day, then I thought "wait, that parking lot is sure treacherous...I better stay home instead."
So many people underestimate the dangers that lurk in parking lots:
- Poor lighting
- Renegade carts
- Cars that are parked crooked
- No available spaces (GASP!)
- Stop signs
- Arrows
- Cart corrals
- Cars not in "Park"
ALL of these things are potential boondoggles that can totally DESTROY someone's life, given the perfect storm of circumstances.
And here we are - sitting in the comfort of our own homes, shielded from these realities that exist in parking lots all over America.
Here we are, smugly making fun of a man WHO CLEARLY UNDERSTANDS the dangers that lurk around us, and more importantly can protect us from said dangers.
I say we take the fight to the parking lots before they bring it to us!
[ link to this | view in chronology ]
But. I. Don't. Do. That!
So where is the danger? Why can't I see it? I think it is hiding under your computer
[ link to this | view in chronology ]
Can anyone imagine Mike Wallace asking a government official a puffball question like "Do people understand, in your estimation, the dangers posed by cybercrime and cyber espionage?"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]