Everybody Knows FBI Director James Comey Is Wrong About Encryption, Even The FBI
from the this-is-your-best-shot? dept
FBI Director James Comey is apparently a likable guy, but if he's going to attack encryption, it might help if he actually understood it better than, say, the editorial board of the Washington Post, who recently argued against "backdoors" in technology, and for a magical "golden key" -- as if the two were somehow different. We wrote a quick take on Comey's Brooking's talk last week, but the deeper you dive into his talk the more and more evident it is that he not only doesn't quite understand the issues he's talking about, but that he doesn't even seem to understand when his own statements conflict with each other.Just two days earlier, in a 60 Minutes interview, Comey had insisted, incorrectly, that the FBI can never read your email without a court order. This was simply false, and Comey had to 'fess up to that at the Brookings event when called on it. But if he needed to "clarify" that, it seems like he needs to do much more clarifying as well. Because much of his speech presented scenarios for why the phone encryption now being put in place by Apple and Google would have harmed investigations -- and after digging into those examples, it appears that his explanations were, once again, incorrect. Here are his examples:
In Louisiana, a known sex offender posed as a teenage girl to entice a 12-year-old boy to sneak out of his house to meet the supposed young girl. This predator, posing as a taxi driver, murdered the young boy and tried to alter and delete evidence on both his and the victim’s cell phones to cover up his crime. Both phones were instrumental in showing that the suspect enticed this child into his taxi. He was sentenced to death in April of this year.Powerful stories, right? Just imagine if the data on those phones were locked up and unavailable to law enforcement? Well, imagine-no-more, because people have been looking into these stories, and Comey's fear mongering doesn't check out. First up, The Intercept looked into these cases and their results can be summed up in the URL slug which includes "FBI Dude Dumb Dumb."
In Los Angeles, police investigated the death of a 2-year-old girl from blunt force trauma to her head. There were no witnesses. Text messages stored on her parents’ cell phones to one another and to their family members proved the mother caused this young girl’s death and that the father knew what was happening and failed to stop it. Text messages stored on these devices also proved that the defendants failed to seek medical attention for hours while their daughter convulsed in her crib. They even went so far as to paint her tiny body with blue paint—to cover her bruises—before calling 911. Confronted with this evidence, both parents pled guilty.
In Kansas City, the DEA investigated a drug trafficking organization tied to heroin distribution, homicides, and robberies. The DEA obtained search warrants for several phones used by the group. Text messages found on the phones outlined the group’s distribution chain and tied the group to a supply of lethal heroin that had caused 12 overdoses—and five deaths—including several high school students.
In Sacramento, a young couple and their four dogs were walking down the street at night when a car ran a red light and struck them—killing their four dogs, severing the young man’s leg, and leaving the young woman in critical condition. The driver left the scene, and the young man died days later. Using “red light cameras” near the scene of the accident, the California Highway Patrol identified and arrested a suspect and seized his smartphone. GPS data on his phone placed the suspect at the scene of the accident and revealed that he had fled California shortly thereafter. He was convicted of second-degree murder and is serving a sentence of 25 years to life.
The evidence we find also helps exonerate innocent people. In Kansas, data from a cell phone was used to prove the innocence of several teens accused of rape. Without access to this phone, or the ability to recover a deleted video, several innocent young men could have been wrongly convicted.
In the three cases The Intercept was able to examine, cell-phone evidence had nothing to do with the identification or capture of the culprits, and encryption would not remotely have been a factor.The link provides a lot more details about each of those cases, suggesting phones had little to nothing to do with any of those stories, and if there were encryption on those phones it wouldn't have made the slightest difference. And it's not just the folks over at The Intercept recognizing this. The Associated Press called bullshit on most of the examples as well.
In the most dramatic case that Comey invoked — the death of a 2-year-old Los Angeles girl — not only was cellphone data a non-issue, but records show the girl’s death could actually have been avoided had government agencies involved in overseeing her and her parents acted on the extensive record they already had before them.
In another case, of a Lousiana sex offender who enticed and then killed a 12-year-old boy, the big break had nothing to do with a phone: The murderer left behind his keys and a trail of muddy footprints, and was stopped nearby after his car ran out of gas.
And in the case of a Sacramento hit-and-run that killed a man and his girlfriend’s four dogs, the driver was arrested a few hours later in a traffic stop because his car was smashed up, and immediately confessed to involvement in the incident.
And, remember, these were the hand-picked examples the FBI came up with after weeks of time to prepare its case for not allowing such encryption. And they don't hold up under scrutiny.
During the Q&A, Comey was again challenged on these and asked for "real live examples" where encryption would be an issue and his answer did not inspire confidence that Comey has any idea what he's talking about:
Rescuing someone before they’re harmed? Someone in the trunk of a car or something? I don’t think I know – yet? I’ve asked my folks just to canvas – I’ve asked our state and local partners are there some examples where this – I think I see enough, but I don’t think I’ve found that one yet. I’m not looking. Here’s the thing. When I was preparing the speech, one of the things I was inclined to talk about was — to avoid those kids of sort of ‘edge’ cases because I’m not looking to frighten people. Logic tells me there’re going to be cases just like that, but the theory of the case is the main bulk of law enforcement activity. But that said I don’t know the answer. I haven’t found one yet.In the talk, Comey also disputed the notion of a "back door," but rather claimed he wanted a "front door."
We aren’t seeking a back-door approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law. We are completely comfortable with court orders and legal process—front doors that provide the evidence and information we need to investigate crime and prevent terrorist attacks.Right. So, just like the question of what's the difference between a back door and a magic golden key, Comey was asked about the difference between a front door and a back door, and his answer was... he doesn't know.
When asked technical questions about the solution he was suggesting, Comey didn’t have the answers. At one point, the host, Benjamin Wittes, a senior fellow at the Brooking Institution, asked Comey to explain his “front door” distinction, to which he responded, “I don’t think I am smart enough to tell you what 'front door' means.”Yup. You're the director of the FBI and you just gave a key speech -- pushing for legislation -- which focuses on the idea of wanting a "front door" into technology, and when questioned on what the hell that means your answer is "I don't think I'm smart enough to tell you what 'front door' means"? This isn't making me feel any safer.
You know what would make me feel safer? A hell of a lot more encryption. And you know who agrees? the FBI. This is from the FBI's own website for "safety tips to protect your mobile device"
Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.It also recommends passcode protecting your phone (which is how these default encryption systems now work). So, um, here we have the FBI telling people to encrypt their phones... and complaining that such things will lead to the end of the world, though it's unable to actually give an example, or even explain what its new proposal is really about. As Marcy Wheeler pointed out before the speech, this sort of clueless dichotomy seems to follow Comey around. In that 60 Minutes interview, he both talked about how dangerous the internet is, and why people need to protect themselves... and then attacked one of the most important tools for people to protect themselves.
It's almost as if Comey has absolutely no idea what he's talking about.
And that's because he almost certainly does not. He may understand other issues related to crime and law enforcement, but when it comes to encryption, it appears he's reading the hastily prepared script of someone else. The simple fact is that he's wrong. Strong encryption is in the public interest and not only protects people from questionable surveillance, but from bad actors as well. It's the best way to make us all safer -- much better than relying on FBI agents running around trying to snoop on phones.
Thankfully, so far, the folks in Congress don't sound particularly impressed by Comey's demand for "front doors" that he's not smart enough to understand. Hopefully it stays that way.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, fbi, fear mongering, fud, james comey, privacy, safety
Reader Comments
Subscribe: RSS
View by: Time | Thread
For the FBI to have a way in by the front door would mean they have my password and/or private key.
[ link to this | view in chronology ]
Re:
... Which perhaps they they got from the NSA. I think a properly constitued warrant signed by a suspicious judge is the front door he's forgotten he already has access to.
I'm beginning to smell a happy ending to this ridiculous story. Hopefully, the snickers of incredulity he hears going on behind his back as he walks the halls of the Hoover building can help to reinforce his understanding.
I'm a little surprised Congress isn't falling for his Chicken Little routine. Sudden outbreak of common sense in 21st Century USA?
[ link to this | view in chronology ]
Re: Re:
Not an outbreak, nor sudden. When someone starts spying on committees and destroying elected people's privacy, and then when a lack of privacy is demonstrably shown to derail what they've spent the last few years working on, it's purely a defensive measure to make sure that doesn't happen to you too. In other words, Congress is looking at what the CIA did to the Senate, and is becoming careful to ensure the FBI doesn't do the same thing to Congress.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
If this was meant to rebuild public trust after the Snowden revelations, it's having the opposite effect on me. Don't even get me started about the 'frontdoor' bullshit. Yeah let's build 'frontdoors' with 'magic keys' so China can hack the crap out of us even more!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
This is the real irony. As damaging as the proof of intelligence agencies wrongdoing was, the most damaging thing of all was how they reacted to it: by lying their asses off at every opportunity.
If they had just come out and honestly talked with people, they would still have (rightfully) taken a big hit to their credibility. But that damage would have been much less than what they caused by being liars.
[ link to this | view in chronology ]
Um
Mike, you and I have vastly different ideas of what "almost" means.
[ link to this | view in chronology ]
No, It's exactly as if Comey has absolutely no idea what he's talking about.
[ link to this | view in chronology ]
We all need this
What, you mean it will protect me from Keanu Reeves?
[ link to this | view in chronology ]
Push those buttons. Go on, push them. And again.
But interestingly, he forgot to throw in an example (real or imagined) of the even rarer crime of international terrorism, since it's the other trump card the authorities like to play whenever people complain about losing their rights and freedoms to the ever-expanding police state.
[ link to this | view in chronology ]
Re: Push those buttons. Go on, push them. And again.
[ link to this | view in chronology ]
https://www.techdirt.com/articles/20140106/01471125770/nsa-more-less-admits-to-spying-congress .shtml
[ link to this | view in chronology ]
Transparency
Nothing the US government does these days will hold up under scrutiny.
Unless of course you view the US governments actions through the eyes of traitors, criminals and petty-authoritarians.
[ link to this | view in chronology ]
MEMO to all employees
We know that this is very confusing to almost all employees due to it's complexity, but we must uphold certain security standards.
With regards
Your overlords.
[ link to this | view in chronology ]
Re: MEMO to all employees
Jim DeMintt and Cass Ballenger are as good as SHIT SMELLS right along with Energy Party for the Vice Presidents friends. Gov. Operated Quize
[ link to this | view in chronology ]
Only AFTER the fact
Now, if we could get the phone companies to stop allowing them to spy on us, and/or somebody implements an effective method of encrypting the call while the conversation is on the wire, then they would start having a real problem to complain about.
Can you imagine the outcry that is going to happen when the equivalent of HTTPS is available on phones. Each phone will have its own certificate for encrypting the conversation and the entire conversation will be transmitted in an encrypted form to be decrypted by the phone on the other end. They will still be able to track who called whom, but will not be able to listen in on the conversation unless they manage to acquire the decryption keys. Won't that be a hoot.
[ link to this | view in chronology ]
This is missinformation
[ link to this | view in chronology ]
Comey is a joke
What the FBI basically has going for it, is they have a huge budget which allows them to continuously stick around whoever they are investigating. They figure that sticking around allows them to stumble onto something meaningful if the person they are investigating slips up. Just don't slip up.
The FBI are parasitic leaches and Comey has the intelligence of a disabled leach.
[ link to this | view in chronology ]
Re: Comey is a joke
[ link to this | view in chronology ]
Re: Re: Comey is a joke
His office is known as Comey central.
Light some candles during dinner with him, and you get a romantic Comey.
Comey crazy, but I kinda like the guy.
[ link to this | view in chronology ]
No. No you don't, Jim. Neither the word 'crime' nor the word 'terrorism' appear, even once, in the oath that members of your organization swear.
You and your minions swear.....TO PROTECT THE CONSTITUTION.
DO YOUR DAMNED JOB.
[ link to this | view in chronology ]
Warrants
has access to."
No, not if the individual pleads the Fifth Amendment, and even Professor Kerr concedes that there may be a viable Fifth Amendment claim.
Only if the government can prove from an independent source that there is encrypted data, and the individual to whom the subpoena is directed knows the password can the Fifth Amendment be overcome.
If the existence of encrypted data apart from random data can't be proven like in the 11th circuit grand jury subpoena case, the individual can't be compelled.
[ link to this | view in chronology ]
Re: Warrants
has access to."
>
> No, not if the individual pleads the Fifth Amendment, and even Professor Kerr concedes that there may be a viable Fifth Amendment claim.
I'm not talking USA legal minutia or Fifth Amendment or rights of the accused (I'm not even there, and I think your legal system is nuts/perverted).
I'm just saying, GET A WARRANT, ffs,. It's not that difficult, and won't much slow down / constrain your investigation!
Comey ought to understand this!!! Or, he should bow out before making even more of a fool of himself.
[ link to this | view in chronology ]
Re: Re: Warrants
We are talking about vastly automated dragnet surveillance. You'd need judges having mastered shorthand just for putting down their signature, and they would still cause the searches to screech down to a crawl while getting writing cramps. And not getting anything else done.
Warrants are not an option at the surveillance scale we are talking about. Which is pretty much the reason that the Constitution demands them.
[ link to this | view in chronology ]
Re: Warrants
Got it, but the recognition of the privilege against self incrimination is universal, and any system compelling the individual to divulge the contents of his mind thereby incriminating himself is evil.
If you aren't American and even don't like the Fifth Amendment Comey's remarks don't concern you.
What makes the American system unique is the exclusionary rule -- allowing even criminals to walk free if the police has violated the Fourth or Fifth Amendment.
Warrants without an exclusionary rule are useless.
[ link to this | view in chronology ]
“I don’t think I am smart enough to tell you what 'front door' means.”
[ link to this | view in chronology ]
Re: “I don’t think I am smart enough to tell you what 'front door' means.”
[ link to this | view in chronology ]
Opposite.
[ link to this | view in chronology ]
Request of Appology
[ link to this | view in chronology ]