FBI's James Comey: I Know All The Experts Insist Backdooring Encryption Is A Bad Idea, But Maybe It's Because They Haven't Really Tried
from the that's-the-spirit dept
As was widely expected, FBI Director James Comey appeared before two separate Senate Committees yesterday -- the Judiciary and the Intelligence Committees -- to talk about the "risks" of "going dark" if the government is not allowed to backdoor encryption. You can watch the Judiciary Committee hearing and the Intelligence Committee hearing at those two links. I'd embed the videos here on Techdirt as well, but I can't because (guess what?) neither offers an encrypted HTTPS version, so they wouldn't appear on our site, since we force HTTPS connections.Most of Comey's comments were pretty much what you'd expect him to say, with a few clear themes repeated over and over again:
- American ingenuity is great, so I don't really believe all these computer science experts who say that it's "too hard" to give the government access. I think they haven't really tried.
- I don't have a proposal myself (which experts would ridicule for the problems it would create), but rather I'm just trying to "start a conversation" on this.
- We have no data to actually support the fact that encrypted communication has become a real problem, but I can tell you scary stories about (boo!) ISIS.
"Maybe the scientists are right. But, I’m not willing to give up on that yet."Earlier in that same hearing, he said:
"A whole lot of good people have said it’s too hard … maybe that's so.... But my reaction to that is: I’m not sure they’ve really tried."There are a few problems with all of this. First, he keeps claiming that people are saying it's "too hard." But they're not. They're saying it's impossible to give him what he wants without seriously undermining the basic foundations of private communications online. And that's not just private communications in the form of messaging, but also financial transactions, medical records, business dealings and the like. In short, the "solution" the FBI wants puts everyone at risk.
The second big problem is that it's fairly stunning that Comey keeps insisting that those bright minds in Silicon Valley can sprinkle some magic pixie dust and give him what he wants, but at the same time claims it's too difficult for the FBI to actually quantify how big a problem encryption is for its investigations. Furthermore, he can't even provide a single real world example for where encryption has been a real problem. Even when pushed on this, he noted that when the FBI comes across encrypted communications, they move on to other avenues to investigate those individuals. Which sounds a lot like encryption really isn't that big of a problem.
The lack of an actual proposal, and the idea that he's just "starting a conversation" is equally ridiculous, since this conversation was conducted twenty years ago and it was shown what a bad idea it was to backdoor encryption. The idea that we need to do this all over again is just stupid.
Two other quick comments: A few times Comey noted that some big companies are able to encrypt data, but still get access to the underlying content. He used this to argue that it's "possible." But he leaves out the fact that those are not end-to-end encryption, but something different entirely which is much less secure than end-to-end encryption. He's comparing two very different things without recognizing the massive trade off in security associated with what he's talking about. His technical ignorance -- which he underlined multiple times, is kind of bizarre. If he admits he's so ignorant, why does he brush off the arguments from people who have been in this field working on these issues for decades.
The other comment: multiple times he and some of the Senators hinted that the FBI actually stopped some sort of nefarious plot that was supposed to happen on July 4th weekend. As we noted, despite lots of hype on cable news, the FBI has been making these kinds of failed predictions ever since 9/11 without a single one turning out to be accurate. So it seemed curious that he and others kept hinting at the idea that the FBI had to work overtime last week to actually stop an attack. If true, then you'd think there would be an arrest somewhere, but nothing appears to have been announced. It seems likely that this was just more FUD, but we'll be curious to see if the FBI ever explains something that it actually did to prevent a real attack.
We'll likely have a few more posts about some of what was discussed at the hearing a little later. But it's not just troubling that Director Comey is pushing for efforts to backdoor encryption, he's wasting the time of lots and lots of smart people who should be focusing on making our communications more secure, rather than proving to Comey and elected officials how ridiculously short-sighted it is to make communications less secure.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, encryption, experts, james comey, security, senate intelligence committee, senate judiciary committee
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Response to: Anonymous Coward on Jul 9th, 2015 @ 4:21am
Why can't cryptographers just do that. Where is the sarc mark when you need one.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
You laugh at trying to make 2+2=5 by fiat.
Wow! All of a sudden circles are so much easier to understand!
Now I get how mathematicians may look at that and feel such a notion is ridiculous. That's why we need a magical mathematics fairy, some kind of mechanism that allows pi to be 3.
Seriously, I think we have a conversation about this.
[ link to this | view in chronology ]
Re: You laugh at trying to make 2+2=5 by fiat.
[ link to this | view in chronology ]
American ingenuity is great, so I don't really believe all these FBI directors who say that it's "too hard" to catch all the bad guys. I think they haven't really tried.
[ link to this | view in chronology ]
Re:
Actually, we know for a fact that they aren't trying. There are several well-known ways to bypass encryption no matter how strong it is (plant hardware or software bugs to directly intercept keystrokes and display output, intercept EM noise emissions to remotely reconstruct keystrokes and display output). The FBI prefers to pretend that these alternatives don't exist because they're too much work and effectively limit them to individual targeted surveillance (i.e. what they're supposed to be doing) rather than mass surveillance (i.e. what they want to do, laws to the contrary be damned).
[ link to this | view in chronology ]
If they're able to stop these nefarious plots without backdoors...then why do they insist they need backdoors?
[ link to this | view in chronology ]
Otherwise, just keep encrypting everything...
[ link to this | view in chronology ]
Yea, because human beings are well known for their flawless creations and the later flawless working with those creations. Combine that with the kindness humans show fellow humans and the guidance under the Rule of Law and it is no wonder the position of 'didn't really try' was taken.
[ link to this | view in chronology ]
RSA?
[ link to this | view in chronology ]
Re: RSA?
Talk about friendly fire.
Anyone know what grade Comey got in first year Calculus, assuming he qualified to even take it?
Suggestion: ALL public officials whose jobs involve making decisions on computer security issues be required to get at least a 2 year degree in computer science. If they can't cut it then they're disqualified from participating in those decisions. Not really that much to ask, given how many of them have gone out an earned an MBA on the public's dime to prepare for a future career in the private sector.
[ link to this | view in chronology ]
Tanks
[ link to this | view in chronology ]
I think you've hit his _actual_ agenda
You see he knows that what he wants isn't possible, he's just trying to slow things down by keeping all of the worlds top crypto minds tied up in this debate instead of focusing on making cryptography, stronger, more secure, easier to use, and by extension, more ubiquitous.
He's not stupid, quite the opposite, he's being very very devious. It's a good thing for us that you have seen through his ruse.
[ link to this | view in chronology ]
Why?
[ link to this | view in chronology ]
In their mind, laws and privacy don't exist. They are at the point now where they truly believe that it would be better to sink all the ships coming to port rather than let them dock not knowing whats inside of them.
They won't ever stop, even if it means destroying the internet.
[ link to this | view in chronology ]
We havent all tried murder yet.......shall we all try it tomorrow and see if we like it or not?!
There are just somethings you KNOW Mr Comey.........the fact that you dont makes me question your morality, your agenda and ponder whether it is fucking wise to have you hold the position you have
[ link to this | view in chronology ]
fun with words
[ link to this | view in chronology ]
Handing over keys to the government defeats that purpose.
Even if I somehow lost my mind and trusted the thieving, torturers and killers with my information - I wouldn't trust them to keep it safe.
[ link to this | view in chronology ]
Jurisdictional issue
[ link to this | view in chronology ]
It is not "too hard" ... it is hugely stupid.
[ link to this | view in chronology ]
Criteria for Testimony
Under those conditions, he is NOT qualified to testify. His testimony should be stricken for cause.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
D'oh!!
Sheesh.
[ link to this | view in chronology ]
Drinking
Advise would be helpful.
[ link to this | view in chronology ]
Methinks Mr. Comey is a moron.
[ link to this | view in chronology ]
I thought there was a quantum solution
I know the current quantum computers on the market can't do this fast large-number factorization yet but we have a quantum algorithm -- Shor's Algorithm -- to do it once we can make such a computer.
...And guess who wants the first one off the block...
">Here we go. Tick tock tick tock tick tock...
To be fair, I think perfect forward secrecy serves as a workaround for the problem, but still miles to go before the internet sleeps.
[ link to this | view in chronology ]
Re: I thought there was a quantum solution
[ link to this | view in chronology ]
Re: I thought there was a quantum solution
[ link to this | view in chronology ]
Re: I thought there was a quantum solution
This sort of thing has been going on for the thousands of years of crypto history. It's always a back-and-forth where strong crypto is developed, then a stronger way of breaking it is developed, then even stronger crypto, and so forth and so on.
[ link to this | view in chronology ]
Re: Re: I thought there was a quantum solution
Some of the time of the Google / NASA D-Wave is made accessible to students worldwide who have jobs that require quantum computing, so it's possible for the public to get some access to the quantum machines we have.
It's going to be a while before our phones or personal data are encrypted with technology that requires quantum manipulation, however we may find non-quantum encryption that still can stump quantum cryptanalysis.
But the current asymmetrical encryption that we rely upon for secure data exchange on the internet is going to fold once we develop a device that can quickly factor large numbers. And we don't have another asymmetrical scheme yet in place to replace it when that happens.
[ link to this | view in chronology ]
"A whole lot of good people have said it’s too hard … maybe that's so.... But my reaction to that is: I’m not sure they’ve really tried."
[ link to this | view in chronology ]
Proof, or it didn't happen!
They have released information about cases that were disproven, they have lied and they have told scary stories.
I very much suspect that is the only things they have at all. If they had anything more, at all, they would have released it to hold over our heads every single time anyone tried to oppose them.
The single greatest proof is the very lack of proof.
[ link to this | view in chronology ]
All the medical experts seem to agree that self inflicted gunshot wounds to the head are a bad idea. Comey needs to put a gun to his head and see if those experts are right, before ignoring those other experts on backdoors.
Is there no one out there who will rid us of this troublesome director?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
what about this idea?
[ link to this | view in chronology ]
Then why?
Then why is Comey so obsessed about it?
- he's just stupid (simple answer but probably too simple)
- this is a smokescreen (for what?)
- encryption makes bulk collection useless
- he wants everyone to think the FBI can't deal with encryption so they feel safe using it
Put on your foil hats and come up with some other reasons!
[ link to this | view in chronology ]
Re: Then why?
But, in contrast to Mr Vance, FBI Director Comey has a counterintelligence mission for his agency. In addition, Mr Comey's agency is also tasked with intellectual property cases, and with corporate espionage case, so that his brief includes some matters of economic affairs.
If one really starts speculating why Mr Comey would advocate destroying American technology's competiveness in the world market...
[ link to this | view in chronology ]
Re: Re: Then why?
If one really starts speculating why Mr Comey would advocate destroying American technology's competiveness in the world market...
Go on...
[ link to this | view in chronology ]
Re: Re: Re: Then why?
• A means of communication with the foreign power or individuals.
• A motive: money, ideology, compromise, or ego.
[ link to this | view in chronology ]
Re: Then why?
Because he is a politician, and anything that limits what he can do is abhorrent.
[ link to this | view in chronology ]
FBI wants to backdoor all shredders, as well
[ link to this | view in chronology ]
He's a "privacy denier"
[ link to this | view in chronology ]
I hate dumbth.
Sigh. Hasn't every high tech startup geek heard that from his (nominal) superiors? "Boss: I have this brilliant idea! All we need to do is $Something_Magical_Happens_Here, and we'll all be rich and famous!"
Oh, and I (tech geek) need to figure out what $Something_Magical_Happens_Here means.
Comey's a twit.
[ link to this | view in chronology ]
It's a kind of magic
He doesn't want to do work, as he (more or less) proved that he can arrest terrorists without backdoors. He just has to actually do work and he doesn't like it.
What he wants is a magical button on his computer "press here to arrest terrorists" and the terrorists get magically teleported in prison.
On second thoughts, no, he doesn't want that. He wants a magical button "press here to arrest terrorists" and FBI agents are teleported to the terrorists (along with a TV crew) to show how much the FBI is needed.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Have you tried making it grow wings?
"I just want to start a conversation", isn't that how you get shanked or is it just before you start shanking people.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Not chemists, but I think maybe nuclear physicists could do it.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]