FBI: Bring Us A Unicorn. Techies: They Don't Exist. Senator: Stop Complaining & Tell Us Where The Unicorn Is
from the wait...-what? dept
We've already discussed the ridiculousness of yesterday's Senate hearings with Jim Comey on "going dark" and the desire to backdoor encryption. But one thing that came out in the discussions that deserves further scrutiny is the fact that Comey repeatedly admitted that he had no proposed solution to the question of how to do this. He admits that computer scientists say it's not possible, but he insists it's because they're "not trying hard enough" to figure it out. And whenever Senators suggested different possible legislative fixes, Comey would sort of throw up his hands and say "well, we're not making any proposals here, we just want a conversation."And there's a good reason for this, which was actually admitted after the hearings by former NSA top lawyer (and proud Techdirt disliker) Stewart Baker (who recently argued that Blackberry failed because it had too much encryption) when he went on PBS Newshour to say that the government won't put forth a proposal, knowing that it will immediately get shot full of holes by actual experts.
SUSAN LANDAU: The issue is that the government is saying exceptional access, without explaining how they want this done, and all security matters in the details.And, immediately, Baker shoots back the admission that no one else has been willing to make that, of course the government won't come up with a plan, because then all the experts can give details for why that plan would be a disaster:
STEWART BAKER: So, I think one of the things that's clear is the government isn’t trying to say this is exactly how we want you to do it, because I’m sure that Susan Landau would be saying, well, that won’t work and we have got these objections to being told how to do it.The amazing thing is that Baker doesn't even seem to realize what he's admitting, as he then immediately shifts to saying that the government just wants the industry to solve this problem. But the whole point is that there is no solution that doesn't make lots of other things much worse.
The fact that the government refuses to put forth any solution should be seen as a massive problem. But, incredibly, during the Senate Intelligence Committee hearing yesterday, Senator Barbara Mikulski blamed privacy advocates for not offering up a solution to the impossible (starting around the 58 minute mark).
In our briefing materials I read letters from the ACLU, whose views we so value, the Software Alliance, and I saw a lot of criticism of what we're pursuing here for some type of opportunity to not go dark. But I didn't see any solutions. I saw a lot of criticisms. I saw a lot of critiques. But I didn't see solutions. Now I believe, as Senator Heinrich said and others, we have tremendous technical know-how, and I believe that the people in Silicon Valley are indeed very patriotic people, and they don't want drug dealers and international traffickers and child pornographers to be able to get away with nefarious things. So, if we could perhaps actually get from those as well as the civil liberties community how we could start working to a solution that would actually be great.This is the point at which you should be banging your head on whatever wall or desk is closest. All of those patriotic folks in Silicon Valley have been going into great detail about how there is no good way to backdoor encryption, highlighting many explanations of how it actually makes online security much, much worse. To then say that the people pointing out how there are no good solutions should be the ones responsible for offering up a solution, rather than the government, which is insisting that something must be done, is ridiculous.
It takes quite an incredible train of thought to argue that the people telling you that magic fairy dust doesn't exist need to be the ones to tell you how to make magic fairy dust, rather than the naive folks who believe in magic fairy dust. And yet, that's exactly what Senator Mikulski did. And that's because, as Stewart Baker rightfully points out, if the government actually produced a plan for magic fairy dust, actual experts would quickly point out that it's not magical fairy dust, and actually makes people ill.
How is it that these people are in positions of power and influence?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: aclue, barbara mikulski, details, encryption, jim comey, proposals, security, stewart baker, susan laundau
Reader Comments
The First Word
“Not surprised....
I'm personally not surprised that Baker and Mikulski both are digging their collective heels in. There's that belief out there that a person shouldn't ever complain about a problem with out having a solution in the back pocket to fix it.But that's stupid.
A janitor can say "Hey, that pipe's busted. We need to fix it" and not know what to actually do. OR as is in this case, there _isn't_ a solution and the experts know it. Sometimes things can't be compromised on.
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
How is it that these people are in positions of power and influence?
[ link to this | view in chronology ]
Re: How is it that these people are in positions of power and influence?
[ link to this | view in chronology ]
These hearings will go quiet at some point and then three or five years later we'll find out that the result was some tech company caved to pressure and broke their own products for the government.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
In answer to your last question.
The reason is that their skill set is that they're very good at being elected. And that skill set has nothing to do with being competent in technology. Frankly, in my opinion, anyone who actually wants to be elected into a political office has demonstrated that they should never be in that office. It might be better to treat political office in the same fashion as we treat jury duty. Have someone selected and if they can demonstrate why they can't/shouldn't be in that office, then select someone else. Compensate them appropriately for their service and at the end of that service, select some other poor fool as a replacement.
But you have to remember, currently, the only required skill in being in a position of political power is the ability to get elected and that skill set has absolutely nothing with being technically competent in making decisions and evaluations of technology. And in fact, given the way our system works, being technically competent can actually be detrimental. A case in point was President Carter. Frankly, he was extremely intelligent and competent. In fact, it's highly likely that he was better at most of the issues he had to decide on than anyone else in his immediate circle. But that led to him micromanaging things and not delegating the work to those around him who were supposed to actually do the work. As a result, he was pretty much a complete failure since he got overloaded and did a half-ass job on those tasks he micromanaged.
On the other end of the spectrum, was President Reagan. Frankly, he didn't know much at all about technology. But he was a master at delegation. So he selected good people, gave them an overview of his objective and got out of their way.
[ link to this | view in chronology ]
Re: In answer to your last question.
[ link to this | view in chronology ]
Re: Re: In answer to your last question.
"You have to give concessions. That is how it works. I don't give a flying beep about your objections. The fact that you are still arguing against any deal is a sign of you acting in bad faith!"
[ link to this | view in chronology ]
Re: In answer to your last question.
< And that skill set has nothing to do with being competent in technology.
---
> And that skill set has nothing to do with being competent.
The list of areas in which most of them are blatantly incompetent (as opposed to merely ignorant) is too long to list, e.g., finance, foreign relations, defense, etc. It's far easier to leave it at "good at being elected" and call it done.
[ link to this | view in chronology ]
Re: Re: In answer to your last question.
Both can be said to not be particularly moral, but that is a big part of the game.
[ link to this | view in chronology ]
Not surprised....
But that's stupid.
A janitor can say "Hey, that pipe's busted. We need to fix it" and not know what to actually do. OR as is in this case, there _isn't_ a solution and the experts know it. Sometimes things can't be compromised on.
[ link to this | view in chronology ]
Re: Not surprised....
Which provides a disincentive for reporting on a problem that you don't know how to or don't want to solve. As you said, really stupid.
[ link to this | view in chronology ]
Existing encryption methods
[ link to this | view in chronology ]
There already is an encryption solution for law enforcement
[ link to this | view in chronology ]
Re: There already is an encryption solution for law enforcement
[ link to this | view in chronology ]
Re: Re: There already is an encryption solution for law enforcement
NatSec investigations of potential insider threats may proceed with the subject's written consent.
[ link to this | view in chronology ]
Re: Re: There already is an encryption solution for law enforcement
[ link to this | view in chronology ]
Re: Re: Re: There already is an encryption solution for law enforcement
[ link to this | view in chronology ]
Re: Re: Re: There already is an encryption solution for law enforcement
If you're the FBI they are.
[ link to this | view in chronology ]
Re: Re: There already is an encryption solution for law enforcement
[ link to this | view in chronology ]
Re: Re: Re: There already is an encryption solution for law enforcement
Those who are what?
[ link to this | view in chronology ]
Re: Re: There already is an encryption solution for law enforcement
[ link to this | view in chronology ]
Re: Re: There already is an encryption solution for law enforcement
[ link to this | view in chronology ]
Re: Re: There already is an encryption solution for law enforcement
Universal surveillance + prosecutorial discretion = nightmares.
http://columbialawreview.org/ham-sandwich-nation_reynolds/
[ link to this | view in chronology ]
< /facepalm >
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
http://www.smbc-comics.com/?id=2429
[ link to this | view in chronology ]
Re: Re: Re:
Yeah, that's one of my favorite webcomics. I check it out every morning.
[ link to this | view in chronology ]
Clueless Politicians
First why should privacy advocates be expected offer up a "solution" which would DIMINISH privacy? One might well expect DARPA to produce a weapon which would weaken US defences.
Secondly, which government spends hundreds of billions of dollars on defence and related national security matters each year every year?
If the US national security juggernaut, with all its money and all its resources, cannot come up with a workable solution itself how can lesser mortals be expected to succeed?
[ link to this | view in chronology ]
Just to summarize
2. Private industry says there's no solution to the problem.
3. Private industry must defer to the government when it says there is.
Circular reasoning doesn't work because circular reasoning doesn't work.
[ link to this | view in chronology ]
Its illegal
[ link to this | view in chronology ]
Legality doesn't matter.
They're not only happy to violate your constitutional rights, they're panicked because technology exists that prevents them from doing so.
[ link to this | view in chronology ]
If a solution exists, shouldn't the NSA already know that?
More likely, given that the NSA hasn't put forth a proposal, their cryptographers have instead a mathematical proof that this is impossible. Of course politicians, presented with incontrovertible evidence that their position is unsupportable, tell the experts to shut up, and possibly destroy the evidence.
[ link to this | view in chronology ]
Re: If a solution exists, shouldn't the NSA already know that?
https://bitcoinmagazine.com/7781/satoshis-genius-unexpected-ways-in-which-bitcoin-dodged-some -cryptographic-bullet/
The NSA bakes these values into a certain encryption protocol:
p = 115792089210356248762697446949407573530086143415290314195533631308867097853951
a = 115792089210356248762697446949407573530086143415290314195533631308867097853948
b = 41058363725152142129326129780047268409114441015993725554835256314039467401291
Bitcoin uses the much simpler:
p = 115792089237316195423570985008687907853269984665640564039457584007908834671663
a = 0
b = 7
p = 2^256 – 2^32 – 977
Many people believe the NSA's values are chosen precisely because they have found a hack for encryption using those seeds.
[ link to this | view in chronology ]
One clear presumption in the PBS article...
a. Use their decryption methods (or any other tools fairly and judiciously with utmost respect for suspect privacy, and...
b. Keep this data, once attained, secure from other interests, whether internal agents sharing cheesecake pics for their own prurient enjoyment or foreign or corporate interests seeking to utilize the data to their own ends.
So far, our agencies have demonstrated they cannot be trusted to do either.
[ link to this | view in chronology ]
"Terrorists and Pedophiles"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Enhanced Securitization
It's really the best way to get what they want; for security professionals to say what the government wants to hear despite the fact that it's not true and the torturees don't believe it. Why else do people keep starting the same "conversations" about things that things that can't be done?
[ link to this | view in chronology ]
Re: Enhanced Securitization
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
I'm a native English speaker, and Wikipedia doesn't have a page for “horn duck”.
Oh, I should have known it was that kind of horn. ;-)
[ link to this | view in chronology ]
Re: Re: Re:
Duck is the most famous producer of duck tape, hence the name. It's generic now for any kind of strong tape with a dark canvas backing. You'll sometimes see people write "duct" instead of "duck", but that's incorrect.
[ link to this | view in chronology ]
Re: Re: Re: Re:
But now I don't understand how to tape that kind of horn on.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
No, Duck is not the most famous producer of duct tape, and "duck" is not generic. It's "duct tape". Duck chose the brand name as an intentional pun on "duct".
[ link to this | view in chronology ]
Horn Ducks
I believe we have tremendous technical horn duck know-how. I believe that our horn duck experts are indeed very patriotic people, and they don't want duck dealers and duck traffickers and duck pornographers to get all the horn ducks. So, if we could perhaps actually start working towards a horn duck solution that would actually be great.
[ link to this | view in chronology ]
Re: Re:
US Military personnel refer to it as "100 mph tape".
http://www.urbandictionary.com/define.php?term=100+mile+an+hour+tape
[ link to this | view in chronology ]
If the US gets 'exceptional access'
Another point, they talk about 'the company has the keys'. Actually, in many cases, the company wouldn't have the keys, just the individuals. For instance, when I get my SSL cert, the Certificate Authority does not know my private key, just myself.
[ link to this | view in chronology ]
Reminds me of the movie Sneakers, where there was a code breaker. However, it would only work on US-based codes. So it does nothing to protect you from your enemies, just your citizens.
[ link to this | view in chronology ]
Here's a guy who can't even protect his own networks asking for special access to others. The stupidity is so extreme he doesn't even realize the danger of what he is asking. He just wants what he wants and everyone and everything else be damned.
Let's talk about removing your ability to use Stringray's and hacking people's computers and flying spy flights inside the US instead. The FBI needs to be reigned in not let loose.
[ link to this | view in chronology ]
Techies: They Don't Exist.
Senator: Stop Complaining & Tell Us Where The Unicorn Is
Kim Jong Il: I've got plenty of them, you want to make a purchase?
[ link to this | view in chronology ]
The government has experts in security -- why don't they suggest something?
Who don't these senators ask for input from the NSA? Because they know that it is impossible. What they are doing now is grandstanding. Washington has developed a hatred for Silicon Valley and this is just more bile from Washington.
[ link to this | view in chronology ]
Re: The government has experts in security -- why don't they suggest something?
[ link to this | view in chronology ]
"do what I say, or off with your head"
[ link to this | view in chronology ]
Why should I bang my head against something?
[ link to this | view in chronology ]
Government asking the civilian sector...........
[ link to this | view in chronology ]
[ link to this | view in chronology ]
pi=3
That is because there is not one... DA
[ link to this | view in chronology ]
Encryption smercryption
Surely even if they manage to get some kind of backdoor for online encryption through - the terrorists will just go back to the old practise of one time pads, book codes and number stations (which exist on twitter of all things) and other traditional methods used to securely encrypt data that have been used since the last century? yeah there has to be key exchange but that's not quite as onerous as it once was.
It's a totally pointless exercise, for the problem its trying to solve.
*naive mode off*
[ link to this | view in chronology ]
stop supporting your own destroyers"
[ link to this | view in chronology ]
Bypassing the judicial system is the only thing they are trying to argue in favor of here. Calling out others for not being completely unpatriotic like they already are.
[ link to this | view in chronology ]
But if you're smarter, you can break the protocol. If you're even smarter than that, you can figure out how to make sure that the smartest guys are only ever good guys, like in the war. So you can't break the protocol.
Wait a minute, forget this red queen stuff. It's much simpler than that. It converges in one step.
You don't need to store keys at all. Just wait till you've got some bad guy messages and give it to the maximally smart guys. That solves it. Because super smart guys can break unbreakable encryption. Because they're smart and because they try hard. Right?
[ link to this | view in chronology ]
is it just me?
[ link to this | view in chronology ]
Re: is it just me?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
There are things that can't be negotiated
[ link to this | view in chronology ]
Re: There are things that can't be negotiated
[ link to this | view in chronology ]
Should have asked an expert
[ link to this | view in chronology ]
The moon...bring it to me
Government Officials - "We need to get the stuff on the moon. Bring us the moon!"
Rocket Scientists - "Well, you know...that is not possible. We could send someone TO the moon....on many, many rocket ships, with a lot, lot of stuff and machines, and get some of the stuff and bring it back."
Officials - "Listen. I don't want to hear about your rocket ships, and stuff. Bring us the MOON! It'll be so much EASIER if it's just here. Why aren't you sciencing me a solution. I know that you have some experts. Have them propose a solution!"
Scientists - "We ARE the experts. We are telling you that even if we COULD science up a solution, if the moon comes here, we ALL DIE."
Congresspeople - "Just you try HARDER. We don't really believe all your experts about the whole dying thing."
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Dilbert Cartoon
*Pointy Haired Boss* This thing you're making costs to much money. We need to make it cost half as much.
*Dilbert* But.. I'm already working on a quarter of the budget I told you would be minimally neccessary to complete the project!
*Pointy Haired Boss* I'm hearing excuses! What I want to hear is solutions!
*Pointy Haired Boss in his own head* I'm a great manager. What I need is less whiney employees.
Government
*Senator* We need to be able to see all the things all the time!
*Experts* But... if we give you the ability to see all the things all the time.. ANYBODY could figure out how to see all the things all the time. Even if we get away from not wanting YOU to see all the things all the time, we want other people to do it even less!
*Senator* Stop giving me problems! I came to you for solutions! Now get to it!
*Senator in his own head* I'm a great senator. What I need is less whiney experts!
[ link to this | view in chronology ]
The problem is that politicians live completely immersed in a world of lies and deceit. So when someone, even an expert, tells them something other than what they want to hear they automatically consider it to be untrue.
In this case it's reasonable to assume that Mikulski simply doesn't believe what the experts are saying, that it is impossible to safely and securely backdoor encryption.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Rather than admit that people are trying to take away their favorite toy because they've shown they can't be trusted with it, they instead choose to place the blame anywhere but where it belongs, them.
[ link to this | view in chronology ]
I was going to suggest that they could also try to invent bullets that kill only bad people.
And I realized by the same logic, we just need to make an encryption algorithm that cannot encrypt evidence of crime. Only legal, crime-free data can be encrypted by it. Then the police don't need access to encrypted data at all.
[ link to this | view in chronology ]
Keep Forced Unicorn Rides Illegal
[ link to this | view in chronology ]
Don't tell me its impossible - just make it happen!
Remember, he's a G-Man, not a thinker, or educated, or even remotely brighter than your average five year old.
What he's saying is that he knows the techies have said its impossible, and that any "plan" the government might offer the techies will only make the techies respond in a way that proves their point - that its impossible.
What Steward wants is for the techies to stop wasting his time proving the idea is impossible and start working out a way to make it possible.
He feels that techies are like a magic lamp - you just rub money on it and tell it your wish and it magically appears.
His complaint is simply that all the magical energy the techies need to make the Unicorn appear, are being wasted on working out explanations why its not possible to make the Unicorn appear, and as soon as the techies stop doing that, they will have all that magical energy available for creating the government's wish.
Its really quite simple, as it Stewart Baker.
---
[ link to this | view in chronology ]
Then the Imperial Outfitting solution is the way to go.
[ link to this | view in chronology ]
Re: Then the Imperial Outfitting solution is the way to go.
---
[ link to this | view in chronology ]
Re: Re: Then the Imperial Outfitting solution is the way to go.
[ link to this | view in chronology ]